Hello Rowland thanks for the answers.
It is a very more complex implementation, we have a samba DC 4 AD, and
logon users on domain (kerberos ticket to).
We try to use pam_mount.conf.xml but it is a problem, this file is not
dynamic, if a share change/delete/or add new shares pam_mount does not
contemplate this.
Our users do not have access to this file to edit, and also they do not
know how to edit this file, and also do not shell commands.
So we need to update this file on the client on every logon on the domain
to be updated, with a copy from the file server.
Another solution that was implemented, on logon time, a script that uses
ldapsearch+memberOf property, find the users groups and finally mount
shares with gvfs-mount, but the same problem is not dynamic, need to be
updated.
So we need help to update a file (pam_mount.xml or a shell script) on the
client from the file server, on logon time but accessing the file server
without interacting with users.We think may be is a solution in a command
line way, or smbclient command.
regards.
El mar, 12 ene 2021 a las 16:03, Rowland penny via samba (<
samba at lists.samba.org>) escribi?:
> On 12/01/2021 15:52, Robert Marcano via samba wrote:
> > On 1/12/21 8:46 AM, jmpatagonia via samba wrote:
> >> Hello we have a samba 4 AD --> Version 4.11.13-Debian
> >>
> >> We have a netlogon share
> >> [netlogon]
> >> browseable = no
> >> read list = "+MIDOMINIO\Domain Users"
> >> path = /etc/samba/netlogon
> >> comment = Script de logueo en la red
> >> valid users = "+MIDOMINIO\Domain Users"
> >> public = yes
> >> writeable = no
> >>
> >> From a user logged on domain, we need access to the share
"netlogon"
> >> from
> >> command line "smbclient or similar" without introducing
user or
> >> password,
> >> just direct. like from file navigator
smb://domain-server2/netlogon
> >>
> >> And finally and the second time copy a file from the share
netlogon to a
> >> client folder.
> >>
> >> Regards.
> >>
> >
> >
> > You can try with Kerberos (-k), but that will require a proper
> > Kerberos enable user session", or doing kinit before it.
> >
> > If ehat you are trying is to script these actions, take a look at
> > smbclient documentation:
> >
> > =====================================> >
-A|--authentication-file=filename
> > This option allows you to specify a file from which to read
> > the username and password used in the connection. The format of the
> > file is
> >
> > username = <value>
> > password = <value>
> > domain = <value>
> >
> > Make certain that the permissions on the file restrict
> > access from unwanted users.
> > =====================================> >
> If you must do this and want to do something as the user logs into
> Linux, then I would investigate pam script, you can use the users name
> and password.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>