Using Pam_Mount to Automatically Mount Windows Network Shares at Login

This explains how to automatically mount BU AD network shares upon logging into an openSUSE system. In order for this to work you must have already configured the computer to join the the BU AD domain as explained in the Authentication section, and you must login using a BU kerberos login and password. You will only have access to folders you have permission to view. openSUSE 11.1 has a graphical tool that allows you to do the same configuration more easily and with less risk to your system, so if you are using openSUSE 11.1 it is highly recommended that you follow the Samba guide instead of this guide.

Contents

  1. Installation
  2. PAM Authorization Settings
  3. PAM Session Settings
  4. Set the Mount Points
  5. Test the Settings
  6. Add a Link to Your User Directory (optional)

Installation

The first step is to install the pam_mount package. You can install it as described in Authentication.

PAM Authorization Settings

WARNING:

If you make a mistake in either of the next two steps, you can render your openSUSE installation unusable. Proceed at your own risk.

Open a terminal. Run the following commands to backup your existing configuration files:

sudo cp /etc/pam.d/common-auth /etc/pam.d/common-authback
sudo cp /etc/pam.d/common-session /etc/pam.d/common-sessionback

Open the following file as root with a text editor: /etc/pam.d/common-auth If you have not made any other changes to your system, it should look like this:

#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Authentication-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth    required        pam_env.so
auth    sufficient      pam_unix2.so
auth    sufficient      pam_krb5.so     use_first_pass
auth    required        pam_winbind.so  use_first_pass

You will want to add “use_first_pass” at the end of the line containing pam_unix2.so. Immediately above that line add the line:

auth    required        pam_mount.so

So if the file looked like the one above initially, it should now look like:

#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Authentication-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth    required        pam_env.so
auth    required        pam_mount.so
auth    sufficient      pam_unix2.so    use_first_pass
auth    sufficient      pam_krb5.so     use_first_pass
auth    required        pam_winbind.so  use_first_pass

Make sure there is a blank line at the end of the file when you are done. Save and close the file.

PAM Session Settings

Open the following file as root with a text editor: \xc2\xa0/etc/pam.d/common-session\xc2\xa0 If you haven\’t made any other changes it should look like:

#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive
#
session  optional       pam_mkhomedir.so
session required        pam_limits.so
session required        pam_unix2.so
session optional        pam_krb5.so
session required        pam_winbind.so
session optional        pam_umask.so

Whatever it looks like, add the following line at the end:

session optional        pam_mount.so

If it was originally like the one above, it should now look like:

#%PAM-1.0
#
# This file is autogenerated by pam-config. All changes
# will be overwritten.
#
# Session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive
#
session  optional       pam_mkhomedir.so
session required        pam_limits.so
session required        pam_unix2.so
session optional        pam_krb5.so
session required        pam_winbind.so
session optional        pam_umask.so
session optional        pam_mount.so

Once again make sure the file ends with a blank line, save, and close.

Set the Mount Points

Open the following file as root with a text editor: \xc2\xa0/etc/pam.d/common-session\xc2\xa0

If it won\’t accept your root password then you messed up the pam settings. You will have to use the opensuse installation CD or DVD to open a failsafe terminal and fix them.

If everything went smoothly and you can open the file, you will want to navigate to the section labeled:

<!--
Volumes that will be mounted when user triggers the pam_mount module
(usually at login).

Navigate down to the next {{ –>}. After this line is where you will add the shares you want to mount. Shares have the following form:

<volume user="*" fstype="cifs" server="yourserver"  path="yourpath"  mountpoint="yourmountpoint"/>

You can see some servers at Mounting Network Drives. They have the form \\\\yourserver\\yourshare or smb://yourserver/yourshare, depending on whether you are looking at the windows or mac instructions. So for \\\\eng-support\\support the server should be server=”eng-support” and the path should be path=”support”. If there are any backslashes in the path make sure you change them to forward slashes. So for \\\\eng-courses\\courses\\eng_courses you would have server=”eng-courses” and path=”courses/eng_courses”. This means it is mounting the folder eng_courses within the share courses. You can mount any specific folder you want on the network drive by specifying its path in that manner.

The mountpoint is where you want the folder placed on your local computer. I recommend using something recognizable in ~/ad/, so for example ~/ad/users for \\\\\\eng-home\\users\\ or ~/ad/courses for \\\\eng-courses\\courses\\eng_courses. This will mount the folder in a directory “ad” within your home directory, allowing easy access. Other possible places include /media (which is where removable drives go), /media/ad, or /ad. You can make mounts for any folder on a server that you want, assuming you have access to that folder. So to access the folder courses-all-Matlab you would set the path to be path=”courses/all/Matlab” and you could set the mountpoint to be, for instance, mountpoint=”~/ad/matlab_course_folder”. Clicking on the folder matlab_course_folder would open the share \\eng-courses\\courses\\eng_courses\\all\\Matlab.

The mountpoints do not have to already exist. In fact it is probably better if they don\’t. Pam_mount will automatically create them, and any other folders it needs, and will remove them again on logout. So in the examples above it will automatically generate the ~/ad directory once since that directory is needed to complete the mount, then it will remove that directory when you logout. It will not create the ~ directory (your home directory) since that directory already exists, nor will it delete the directory when you logout. This means you should not put in any files in an automatically generated folder. Also, make sure the mountpoints are not directories with files already in them, since these files might be deleted.

Test the Settings

Close all programs then restart your computer. Log in using your BU kerberos user name and password. Navigate to the place where you mounted the folders. You should be able to access them. If you mounted it, navigate to your own directory. Go to the folder where you mounted \\\\eng-home\\users. Select the folder that corresponds to the first letter of your BU kerberos user name, then the one that corresponds to the second letter, then the folder that matches your BU kerberos user name. make sure you can edit and save a file in it. If something doesn\’t work check your settings, reboot, and try again.

Add a Link to Your User Directory (optional)

This step will allow you to set up a Symbolic Link, or symlink, to your network home directory (the same one access on windows computers when you login using your BU kerberos user name and password). Linux treats symlinks almost identically to normal folders.

To do this open a terminal and navigate to the folder where you want to put the symlink. Run the following command:

ln -s userpath/firstletter/secondletter/username

Where userpath is the path to where you mounted\\\\eng-home\\users, firstletter is the first letter of your BU kerberos user name, secondletter is the second, and username is the full user name. “ln” is the link command, and the -s option specifies a symbolic link. There are also hardlinks but you can\’t hardlink a folder. There is no name specified for the link, so it will use the same name as the lowest-level folder (in this case your user name). If you want to call it something else put that name at the end of the line above. You can use this to allow easy access to any folder you want, but if it is a folder that other people who use that computer are likely to want it is probably better to put it in the pam_mount.conf.xml file instead.