I am having an issue with our debian 8 laptops at work. We have them set up to automatically mount the end user's shares from the file server using pam_mount. It works AWESOME when the user is on site.
Unfortunately, when they are off site, pam_mount doesn't mount any drives on login (because the file server is unavailable). After logging in, they VPN in to our network. Is there a way to cause the pam_mount.so to fire x seconds after a VPN tunnel is established? or manually?
or is pam_mount not the best tool for mapping drives on login in an environment where users may need to travel/vpn in to the office.
I've been googling like crazy and haven't come up with a solution to this issue. I can't be the only one having it!
Thanks in advance for any help you can provide!
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
PAM_MOUNT and VPN issu
-
- Posts: 2
- Joined: 2017-03-30 12:52
Re: PAM_MOUNT and VPN issu
I wanted to update this post to let everyone know I have settled on a method of mounting shared folders in Debian8 on login.
It does not provide all my criteria (not SSO, requires users to enter their password after logging in to workstation) but
it does provide the flexibility I was looking for re: users being able to login to a computer that is not their own and get
the appropriate network shares mounted.
I am using a python login script located on our DCs to mount the shares. I use python rather than bash because it is cross platform,
and therefore can be used for both windows and linux devices. Single point of management and all.
In case anyone is interested in how we accomplished this, here is the info/steps.
please replace %realm% with your domain name if you are using this as a guide.
Assumptions -
you are running a samba4 or AD domain
your workstation os is Debian8
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
On your DCs, do these steps!
Create /var/lib/samba/sysvol/%realm%/scripts/login.py and fill it with this -
(This is a work in progress. Not finished as of 2017-03-31)
Ensure your /etc/samba/smb.conf [netlogon] section looks like this
Ensure that anyone can traverse to the login scripts by chmodding and chowning the appropriate folders and files by running the following -
On your Deb8 master image do the following
Ensure Python 2.7.X is installed.
create the following folder structure under /etc/skel/
./.config/autostart/
add in the file login.desktop in the autostart folder
fill login.desktop with the following
create /scripts/login.sh and fill it with
run chmod +x /scripts/login.sh
It does not provide all my criteria (not SSO, requires users to enter their password after logging in to workstation) but
it does provide the flexibility I was looking for re: users being able to login to a computer that is not their own and get
the appropriate network shares mounted.
I am using a python login script located on our DCs to mount the shares. I use python rather than bash because it is cross platform,
and therefore can be used for both windows and linux devices. Single point of management and all.
In case anyone is interested in how we accomplished this, here is the info/steps.
please replace %realm% with your domain name if you are using this as a guide.
Assumptions -
you are running a samba4 or AD domain
your workstation os is Debian8
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
On your DCs, do these steps!
Create /var/lib/samba/sysvol/%realm%/scripts/login.py and fill it with this -
(This is a work in progress. Not finished as of 2017-03-31)
Code: Select all
#!/usr/bin/python
import platform
import os
import subprocess
import getpass
from pwd import getpwnam
##############################################################################
## START: Subs and Functions
#############################################################################
def CheckFolder(dir):
#Checks if a folder exists and creates
#it if it doesn't
if not os.path.isdir(dir):
os.makedirs(dir)
def MountShare(remote, local):
#Mounts a share as the logged in user
#ensure the local folder exists
CheckFolder(local)
print 'Mounting ' + remote + ' to '
print ' ' + local
command = 'sudo mount -t cifs '+remote+' '+local+' -o uid='+uid+',username='+user+',password='+password+',domain=%realm%,rw,file_mode=0777,dir_mode=0777'
subprocess.call(command.split(),shell=False)
print
def RedirectHomeFolders(FolderName):
#Removes default folders in the user's local home directory
#replacing them with links to their network home directory
if os.path.isdir(localhome+'/'+FolderName):
command = 'rm -r ' + localhome + '/' + FolderName
subprocess.call(command.split(),shell=False)
CheckFolder(localhome+'/Home/'+FolderName)
if not os.path.exists(localhome+'/'+FolderName):
command = 'ln -s ' + localhome + '/Home/' + FolderName + ' ' + localhome + '/' + FolderName
subprocess.call(command.split(),shell=False)
##############################################################################
## END: Subs and Functions
#############################################################################
if platform.platform().find('Linux') != -1:
#The linux portion of the python login script could be
#used to mount the network shares, but we will have to
#collect the end user's password...
FS = '//fs1.%realm%'
localhome = os.path.expanduser('~')
user = getpass.getuser()
uid = str(getpwnam(user).pw_uid)
print 'This is totally Linux!'
print platform.platform()
print ''
print ''
print 'Attempting to mount network shares...'
print 'If you need to, please VPN in before entering your password...'
print ''
password = getpass.getpass(prompt='Please enter your password...')
print ''
#Mounting Network Shares
MountShare(FS+'/home/'+user, localhome+'/Home')
MountShare(FS+'/public', localhome+'/Public')
#Redirecting default home folders to the user's network Home share
RedirectHomeFolders('Desktop')
RedirectHomeFolders('Documents')
RedirectHomeFolders('Downloads')
RedirectHomeFolders('Music')
RedirectHomeFolders('Pictures')
RedirectHomeFolders('Templates')
RedirectHomeFolders('Videos')
print 'press any key to continue....'
os.system('read nullvar')
else:
#Windows computers will receive their drive mappings from this script
#using subrocess.call
print 'This is totally Windows!'
print platform.platform()
print ''
print 'Attempting to delete old mapped drives...'
subprocess.call(r'net use s: /delete /y',shell=False)
print ''
print 'Attempting to map network drives...'
subprocess.call(r'net use s: \\172.28.6.242\accounting',shell=False)
print ''
os.system('pause')
Ensure your /etc/samba/smb.conf [netlogon] section looks like this
Code: Select all
[netlogon]
path = /var/lib/samba/sysvol/%realm%/scripts
read only = No
public = Yes
browsable = Yes
guest ok = yes
force user = nobody
force group = nogroup
create mask = 777
Code: Select all
chown -R nobody.nogroup /var/lib/samba/sysvol/%realm%/scripts
chmod 771 /var/lib/samba/sysvol
chmod 771 /var/lib/samba/sysvol/%realm%
chmod 771 /var/lib/samba/sysvol/%realm%/scripts
chmod 771 /var/lib/samba/sysvol/%realm%/scripts/login.py
Ensure Python 2.7.X is installed.
create the following folder structure under /etc/skel/
./.config/autostart/
add in the file login.desktop in the autostart folder
fill login.desktop with the following
Code: Select all
[Desktop Entry]
Version=1.0
Encoding=UTF-8
Name=Script
Type=Application
Exec=/scripts/login.sh
Terminal=true
StartupNotify=false
Hidden=false
Code: Select all
if [ ! -d '/tmp/login' ]; then
mkdir /tmp/login
chmod 774 /tmp/login
fi
cd /tmp/login
smbclient -N //dc1/netlogon -c 'get login.py'
clear
/usr/bin/python ./login.py