Re: Script su client per montare home directory presente su server
On 05/04/2012 08:02 PM, zingalo wrote:
On 05/04/2012 07:32 PM, Christian Surchi wrote:
Il giorno ven, 04/05/2012 alle 19.26 +0200, zingalo ha scritto:
Ciao,
ho bisogno di farmi uno script che permetta, in base all'utente che si
logga sul client, di montare la relativa home directory presente su
server squeeze samba-ldap. ho pochissima esperienza con lo scripting e
vi chiedo qualche consiglio.
Una volta che l'utente inserisce username e password verrà riconosciuto
da ldap e andrà a montare la cartella specifcata nell'attributo
homeDirectory dell'utente. Quindi la directory dovrà essere montata sul
client da qualche parte. La rete dispone di 30 macchine ubuntu e di
circa 200 utenti. Chiaramente ogni utente può loggarsi da qualsiasi
client, è quindi necessario che lo script, in base alle credenziali di
accesso, andrà a montare la corrispondente home.
...
libpam-mount non ti basta?
ciao
Christian
mmm, bella dritta. me lo vado a vedere.
grazie
Ciao,
vi chiedo aiuto. Scusate la mail lunga
Ho installato e configurato pam_mount:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="1" />
<!-- Volume definitions -->
<volume user="%(USER)" fstype="smbfs"
path="//192.168.5.219/users/%(USER)" noroot="1" server="amahoro"$
<!-- pam_mount parameters: General tunables -->
<luserconf name=".pam_mount.conf.xml" />
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions
allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
<smbmount> smbmount </smbmount>
<smbumount> smbmount </smbumount>
</pam_mount>
poi ho modifcato i file /etc/pam.d/common-*
common-session:
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote
sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_mount.so <---- modifica al precedente
session [success=ok default=ignore] pam_ldap.so minimum_uid=1000
session optional pam_ck_connector.so nox11
# end of pam-auth-update config
common-auth:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_ldap.so minimum_uid=1000
use_first_pass
auth required pam_mount.so <---- modifica al
precedente
# here's the fallback if no module succeeds
auth requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth required pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth optional pam_mount.so <---- modifica al precedente
auth optional pam_cap.so
# end of pam-auth-update config
Ho riavviato e al login non entrava con nessun utente, nemmeno con il
mio personale locale al computer.
In auth.log si vede un pò quello che è successo:
May 5 10:59:47 dello sudo: pam_mount(rdconf1.c:699): path to luserconf
set to /home/stefano/.pam_mount.conf.xml
May 5 10:59:47 dello sudo: pam_mount(pam_mount.c:364): pam_mount 2.10:
entering auth stage
May 5 10:59:47 dello sudo: stefano : TTY=pts/3 ; PWD=/home/stefano ;
USER=root ; COMMAND=/usr/bin/nano /etc/pam.d/common-auth
May 5 11:00:11 dello sudo: pam_mount(pam_mount.c:132): clean system
authtok=0x80e17a8 (1073741824)
May 5 11:00:15 dello sudo: stefano : TTY=pts/3 ; PWD=/home/stefano ;
USER=root ; COMMAND=/usr/bin/nano /etc/pam.d/common-session
May 5 11:01:47 dello polkitd(authority=local): Unregistered
Authentication Agent for
unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name
:1.52, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale
en_US.UTF-8) (di$
May 5 11:01:48 dello gdm-session-worker[1557]: pam_unix(gdm:session):
session closed for user stefano
May 5 11:03:03 dello gdm-session-worker[1591]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "zingalo"
May 5 11:03:07 dello gdm-session-worker[1591]: pam_unix(gdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
user=zingalo
May 5 11:03:16 dello gdm-session-worker[1613]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:03:25 dello gdm-session-worker[1614]: pam_nologin(gdm:auth):
cannot determine username
May 5 11:03:27 dello gdm-session-worker[1615]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:03:32 dello gdm-session-worker[1616]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:04:06 dello sshd[1617]: Failed password for root from
192.168.5.219 port 53223 ssh2
May 5 11:04:14 dello sshd[1617]: Failed password for root from
192.168.5.219 port 53223 ssh2
May 5 11:04:17 dello sshd[1617]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.5.219 user=root
May 5 11:04:17 dello sshd[1617]: pam_mount(rdconf1.c:699): path to
luserconf set to /root/.pam_mount.conf.xml
May 5 11:04:17 dello sshd[1617]: pam_mount(pam_mount.c:364): pam_mount
2.10: entering auth stage
May 5 11:04:20 dello sshd[1617]: Failed password for root from
192.168.5.219 port 53223 ssh2
May 5 11:04:20 dello sshd[1617]: pam_mount(pam_mount.c:132): clean
system authtok=0x2256bb30 (7)
May 5 11:04:25 dello gdm-session-worker[1616]: pam_unix(gdm:auth):
conversation failed
May 5 11:04:25 dello gdm-session-worker[1616]: pam_unix(gdm:auth): auth
could not identify password for [stefano]
May 5 11:04:25 dello gdm-session-worker[1616]: pam_ldap(gdm:auth):
failed to get password: Authentication failure
May 5 11:04:25 dello gdm-session-worker[1616]:
pam_mount(rdconf1.c:699): path to luserconf set to
/home/stefano/.pam_mount.conf.xml
May 5 11:04:25 dello gdm-session-worker[1616]:
pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
May 5 11:04:25 dello gdm-session-worker[1616]:
pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
May 5 11:04:26 dello gdm-session-worker[1619]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "zingalo"
May 5 11:04:29 dello gdm-session-worker[1619]: pam_unix(gdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
user=zingalo
May 5 11:04:29 dello gdm-session-worker[1619]: pam_ldap(gdm:auth):
Authentication failure; user=zingalo
May 5 11:04:29 dello gdm-session-worker[1619]:
pam_mount(rdconf1.c:699): path to luserconf set to
//192.168.5.219/users/zingalo/.pam_mount.conf.xml
May 5 11:04:29 dello gdm-session-worker[1619]:
pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
May 5 11:04:31 dello gdm-session-worker[1619]:
pam_mount(pam_mount.c:132): clean system authtok=0x8520380 (7)
May 5 11:04:31 dello gdm-session-worker[1620]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "zingalo"
May 5 11:04:34 dello gdm-session-worker[1620]: pam_unix(gdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
user=zingalo
May 5 11:04:34 dello gdm-session-worker[1620]: pam_ldap(gdm:auth):
Authentication failure; user=zingalo
May 5 11:04:34 dello gdm-session-worker[1620]:
pam_mount(rdconf1.c:699): path to luserconf set to
//192.168.5.219/users/zingalo/.pam_mount.conf.xml
May 5 11:04:34 dello gdm-session-worker[1620]:
pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
May 5 11:04:36 dello gdm-session-worker[1620]:
pam_mount(pam_mount.c:132): clean system authtok=0x95c9890 (7)
May 5 11:04:37 dello gdm-session-worker[1621]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "zingalo"
May 5 11:04:41 dello gdm-session-worker[1621]: pam_unix(gdm:auth):
authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
user=zingalo
May 5 11:04:41 dello gdm-session-worker[1621]: pam_ldap(gdm:auth):
Authentication failure; user=zingalo
May 5 11:04:41 dello gdm-session-worker[1621]:
pam_mount(rdconf1.c:699): path to luserconf set to
//192.168.5.219/users/zingalo/.pam_mount.conf.xml
May 5 11:04:41 dello gdm-session-worker[1621]:
pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
May 5 11:04:43 dello gdm-session-worker[1621]:
pam_mount(pam_mount.c:132): clean system authtok=0x9ac0978 (7)
May 5 11:04:47 dello gdm-session-worker[1622]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "root"
May 5 11:05:06 dello gdm-session-worker[1623]: pam_nologin(gdm:auth):
cannot determine username
May 5 11:05:10 dello gdm-session-worker[1694]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:05:14 dello gdm-session-worker[1700]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:10:53 dello gdm-session-worker[1848]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:10:57 dello gdm-session-worker[1881]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:11:10 dello login[1617]: FAILED LOGIN (1) on '/dev/tty1' FOR
'root', Authentication failure
May 5 11:11:32 dello login[1617]: FAILED LOGIN (2) on '/dev/tty1' FOR
'stefano', Authentication failure
May 5 11:11:37 dello login[1617]: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
user=leonidas
May 5 11:11:40 dello login[1617]: FAILED LOGIN (3) on '/dev/tty1' FOR
'leonidas', Authentication failure
May 5 11:11:45 dello login[1617]: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1 ruser= rhost=
user=zingalo
May 5 11:11:48 dello login[1617]: FAILED LOGIN (4) on '/dev/tty1' FOR
'zingalo', Authentication failure
May 5 11:13:02 dello gdm-session-worker[1881]: pam_unix(gdm:auth):
conversation failed
May 5 11:13:02 dello gdm-session-worker[1881]: pam_unix(gdm:auth): auth
could not identify password for [stefano]
May 5 11:13:02 dello gdm-session-worker[1881]: pam_ldap(gdm:auth):
failed to get password: Authentication failure
May 5 11:13:02 dello gdm-session-worker[1881]:
pam_mount(rdconf1.c:699): path to luserconf set to
/home/stefano/.pam_mount.conf.xml
May 5 11:13:02 dello gdm-session-worker[1881]:
pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
May 5 11:13:02 dello gdm-session-worker[1881]:
pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
May 5 11:13:12 dello gdm-session-worker[2029]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:13:16 dello gdm-session-worker[2033]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not
met by user "stefano"
May 5 11:13:31 dello gdm-session-worker[2033]: pam_unix(gdm:auth):
conversation failed
May 5 11:13:31 dello gdm-session-worker[2033]: pam_unix(gdm:auth): auth
could not identify password for [stefano]
May 5 11:13:31 dello gdm-session-worker[2033]: pam_ldap(gdm:auth):
failed to get password: Authentication failure
May 5 11:13:31 dello gdm-session-worker[2033]:
pam_mount(rdconf1.c:699): path to luserconf set to
/home/stefano/.pam_mount.conf.xml
May 5 11:13:31 dello gdm-session-worker[2033]:
pam_mount(pam_mount.c:364): pam_mount 2.10: entering auth stage
May 5 11:13:31 dello gdm-session-worker[2033]:
pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
Non capisco perchè non accetta nemmeno il mio utente.
Fatemi sapere se capite qualcosa
Grazie
Reply to: