windows domain membership 'Mount Server Directories'

English Network/Internet
1

Hello everybody

I cant get my linux box

NAME=“openSUSE Leap”
VERSION=“42.2”
Linux version 4.4.36-8-default (geeko@buildhost) (gcc version 4.8.5 (SUSE Linux) ) #1

working with windows network shares.

Configured via yast ‘windows domain membership’ (login in ad works correctly) - advanced options - ‘Mount Server Directories’

this way

servername= myserver
remote folder= /my folder/
mount point= /home/mydomain/myuser/_share
options= user=%(DOMAIN_USER) (as default)

after login /home/mydomain/myusername/_share is empty…

if i try to mount manually via sudo mount.cifs //myserver/myfolder/ -o username=myusername,domain=mydomain
i can successful mount the share.

whats wrong? can’t find logs for pam…
what to check to get pam_mount working?

2

I haven’t tried to do what you’re doing in a long time so can’t say for sure…

But what jumps out at me is that if you’re using the Microsoft syntax for defining a variable, you should enclose the variable with percent signs before and after… not just before.

TSU

3

Thank you for your answer, i try your suggestion but man 5 pam_mount.conf
show that:

Variables Within attributes and commands (see later section), specific
placeholders or variables, identified by %(name) may be used. These are
substituted at command invocation time.

   **%(USER)**
          Expands to the username of the user logging in.

   **%(DOMAIN_NAME)**, **%(DOMAIN_USER)**
          Winbind   has   special   UNIX   usernames   in   the   form  of
          "domain**\**username", and %(DOMAIN_NAME) and %(DOMAIN_USER) provide
          the  split  parts  of  it. This is useful when a sharename on an
          MSAD  server  is  the  same  as  the  username,   e.g.   <volume
          fstype="cifs" server="fsbox" path="%(DOMAIN_USER)" />.

   **%(USERUID)**, **%(USERGID)**
          The numeric UID and GID of the primary group of the user logging
          in.  This is obtained via getpw*(), not getuid(). It  is  useful
          in conjunction with the uid= or gid= mount options, e.g. <volume
          options="uid=%(USERUID)" />.  Note  that  you  **do**  **not**  need  to
          specify  uid=%(USERUID) for smbfs or cifs mounts because this is
          already done automatically by pam_mount.

   **%(GROUP)**
          The name of the group for %(USERGID).

   All other variables you might find in the source code are  internal  to
   pam_mount, and are likely not to be expanded when you would expect it.

furthermore %(DOMAIN_USER) is inserted automatically by yast… :frowning:

I even tried to delete user=blabla from option=
and
user=%(DOMAIN_NAME)**%(DOMAIN_USER)

**
tomorrow I’ll try to manually insert
**user=“username” or
uid=“number or **uid=“number-number

in pam_mount.conf

4

(I can’t edit my previous post so i post new one…)

edit
reading better the man, I think that **%(DOMAIN_USER) **is used not for providing credentials for the share but for mount user home that reside on server. But I don’t have a user home on server so this variable is unnecessaryfor me

5

Agreed,
When I first explore a configuration, I often use only fixed values to first understand what is happening,
Then only after I thoroughly understand what is being done, then I substitute or add variables.

TSU

6

Finally I found the solution to my problem:

  1. I deleted the configuration in yast and edited /etc/security/pam_mount.conf.xml by hand this way

<volume username="%(USER)" fstype=“cifs” server=“fileserver” path=“remote_path” mountpoint="/mountpoint_remote_path" options=“uid=%(USERUID),gid=%(USERGID),dir_mode=0700,file_mode=0700,nosuid,nodev” />

This way the share is mounted correctly.

2)edited manually /etc/pam.d/sddm
and added in proper order:
auth optional pam_mount.so
password optional pam_mount.so
session optional pam_mount.so

This way all is fine.

I can’t understand why this options (the second one specially) are not set by yast… Who cares, now all is right