{"id":520,"date":"2013-02-06T12:52:27","date_gmt":"2013-02-06T11:52:27","guid":{"rendered":"http:\/\/www.jbahillo.com\/?p=520"},"modified":"2013-07-29T12:38:22","modified_gmt":"2013-07-29T11:38:22","slug":"remote-identification-and-storage","status":"publish","type":"post","link":"https:\/\/www.jbahillo.com\/?p=520","title":{"rendered":"Remote identification and storage"},"content":{"rendered":"

Developing an environment of remote home folders under Linux with NFS and LDAP auth is a common task. But there are some cases in which this approach might not be the best one, as you might find some issue to workaround.<\/p>\n

I’m commenting here my experience with thiskind of environment,, using just samba. And… what about homes… We’ll use pam_mount for that<\/p>\n

In order for the remote auth a collegue had installed and configured sssd (thx bencer for let me know it, I just knew pam_ldap) I won’t come into details on configuration for this service, but if you are interested you can checkthe documentation<\/a> .<\/p>\n

Once solved the remote auth, only the remote homes issue remained. Pam_mount, for those that do not know, is a PAM module that allows you to configure automatic mounts through PAM, using the logged user credentials, without writing them in any file (avoiding this way any security issue)<\/p>\n

In order to install it just issue:<\/p>\n

\r\nsudo apt-get install libpam-mount cifs-utils\r\n<\/pre>\n
Once installed, we’ll have to edit file \/etc\/security\/pam_mount.conf.xml like this:<\/p>\n
\r\n<pam_mount>\r\n<!-- The <mntoptions> elements determine which options *may* be specified for <volume>. -->\r\n<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,workgroup,nosetuids,noexec,nosuid" \/>\r\n\r\n<!-- All options listed in require must appear in the option list of per-user mounts. -->\r\n<mntoptions require="nosuid,nodev" \/>\r\n\r\n<!-- Programs exist that do not terminate when the session is closed. pam_mount can be configured to kill\r\n\r\nthese processes and optionally wait before sending signals. -->\r\n<logout wait="2" hup="0" term="yes" kill="0" \/>\r\n<!-- Controls automatic creation and removal of mountpoints. -->\r\n<mkmountpoint enable="1" remove="true" \/>\r\n\r\n<volume fstype="cifs" server="server" path="share" mountpoint="~\/share\/" options="uid=%(USER),dir_mode=0700,file_mode=700,nosuid,nodev" \/>\r\n<\/pam_mount>\r\n<\/pre>\n
Just to keep you attention on this<\/p>\n
\r\n<volume fstype="cifs" server="server" path="homes" mountpoint="~\/" options="uid=%(USER),dir_mode=0700,file_mode=700,nosuid,nodev" \/>\r\n<\/pre>\n
which is the place where ‘magic’ takes place<\/p>\n
Logically fstype refers to the filesystem, although it can be used with other fs’s (not only cifs) like sshfs, cryptoluks, etc
\nserver refers as it may be guessed to the remote address where the files to mount are
\npath refers in our case to the share we want to mount
\nmountpoint refers to the folder where we will mount the resource<\/p>\n
Just a reboot and.. voil\u00e1 tutto listo!<\/p>\n
An easy and quick solution… don’t you think?<\/p>\n","protected":false},"excerpt":{"rendered":"
Developing an environment of remote home folders under Linux with NFS and LDAP auth is a common task. But there are some cases in which this approach might not be the best one, as you might find some issue to…<\/p>\n
Read more →<\/a><\/p>\n","protected":false},"author":21,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"ep_exclude_from_search":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[10,96],"tags":[98,100,99,97],"class_list":["post-520","post","type-post","status-publish","format-standard","hentry","category-gnulinux","category-zentyal","tag-nfs","tag-pam_mount","tag-samba","tag-zentyal-2"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p74T96-8o","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=\/wp\/v2\/posts\/520","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=520"}],"version-history":[{"count":20,"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=\/wp\/v2\/posts\/520\/revisions"}],"predecessor-version":[{"id":692,"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=\/wp\/v2\/posts\/520\/revisions\/692"}],"wp:attachment":[{"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jbahillo.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}