Installing the machine
For client machines as well, we have an unattended install, which preinstalls the Samba client. These substeps list only some Samba-specific parts of the installation.
Making the user mount the right Samba server as their homedir
Mounting the homedirectory is done through pam_mount.
/etc/pam.d/common-auth
(or its replacement), should contain:
auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=ignore] pam_exec.so expose_authtok /usr/sbin/smbpasswdsync.py auth [default=ignore] pam_mount.so auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update
The second line temporarily syncs the Samba password hash to the LDAP server, the third mounts the home directory.
The pam_ccreds
lines are for caching of password hashes in case of network downtime.
The mount is configured in /etc/security/pam_mount.conf.xml
:
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> <pam_mount> <!-- Volume definitions --> <!-- pam_mount parameters: General tunables --> <debug enable="0" /> <volume fstype="cifs" server="smbtest.my.domain.com" path="%(USER)" mountpoint="/home/%(USER)" options="serve\ rino"/> <!-- <luserconf name=".pam_mount.conf.xml" /> --> <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /> <mntoptions require="nosuid,nodev" /> <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path> <logout wait="0" hup="0" term="0" kill="0" /> <!-- pam_mount parameters: Volume-related --> <mkmountpoint enable="0" remove="false" /> </pam_mount>