dnl
2014-Nov-03 22:40 UTC
[Samba] Mounting redirected My Documents on a linux member of the domain
On my test domain, I have the My Documents folder redirected by a group
policy to \\SERVER\home\%USERNAME%\Documents, so is available on any
machine on the network. I have added a Linux machine (ubuntu) to the
domain, and would like users to be able to access their My Documents
folder on that machine. I am struggling to work out how to do this, and
have not found any adequate resources on the web which answer all the
problems. I am aware of the following hazards:
1) mount.cifs by default is restricted to root, possible work rounds are
a) mount \\SERVER\home as root, use a script to add a link to the
correct subdirectory - would this be secure, and give the right acccess
for the user?
b) Might be possible to use autofs
c) sudo mount.cifs - but then how do you user the kerberos ticket
of the genuine user, as root is then doing the mounting
2) Any method will almost certainly need a logon script, to allow for
the different usernames, so a level of variable substitution will be
needed - no hard coded user names, and needs to use the kerberos ticket.
3) Mounting can be read only by default.
I am surprised at the difficulty of finding information on this, as I
would have expected many others to have done this. Please share your
solutions.
--
Regards
David Lee
===========================Flore, UK
John Yocum
2014-Nov-04 19:08 UTC
[Samba] Mounting redirected My Documents on a linux member of the domain
On 11/03/2014 02:40 PM, dnl wrote:> On my test domain, I have the My Documents folder redirected by a group > policy to \\SERVER\home\%USERNAME%\Documents, so is available on any > machine on the network. I have added a Linux machine (ubuntu) to the > domain, and would like users to be able to access their My Documents > folder on that machine. I am struggling to work out how to do this, and > have not found any adequate resources on the web which answer all the > problems. I am aware of the following hazards: > 1) mount.cifs by default is restricted to root, possible work rounds are > a) mount \\SERVER\home as root, use a script to add a link to the > correct subdirectory - would this be secure, and give the right acccess > for the user? > b) Might be possible to use autofs > c) sudo mount.cifs - but then how do you user the kerberos ticket > of the genuine user, as root is then doing the mounting > 2) Any method will almost certainly need a logon script, to allow for > the different usernames, so a level of variable substitution will be > needed - no hard coded user names, and needs to use the kerberos ticket. > 3) Mounting can be read only by default. > I am surprised at the difficulty of finding information on this, as I > would have expected many others to have done this. Please share your > solutions. >pam_mount can do the mounting automatically. There are a number of guides floating around, here's one https://www.sit.auckland.ac.nz/How_to_automount_CIFS/NFS_share_on_Linux_upon_logon%3F -- John Yocum, Systems Administrator, DEOHS