Larry’s Things .net

More pam_mount craziness - using pam_mount v 0.18 on Fedora 7

Situation:  Everything is ok in joining with the ADS, and authenticating with ADS works perfectly.    However, I have it so that depending on the user, it will mount to a different physical server, so my pam_mount.conf file looks something like this:

volume @groupa cifs serverdata8.ad.servergroup.com groupa /home/&/serverdata8 uid=& - -
volume @groupb cifs serverdata4.ad.servergroup.com groupb /home/&/serverdata4 uid=& - -
volume @groupc cifs serverdata1.ad.servergroup.com groupc /home/&/serverdata1 uid=& - -

So a user logging in and belonging to groupb will skip the first line , execute the second, and skip the third line.

This worked fine on my other linux machines of the same configuration.  However, on this one, I can log on fine, but it never matches the user to the correct groupX and ends up skipping everything.  Checking and double checking, recompiling pam_mount, was to no avail.   Removing the @groupa to a * so that it looks like this:

volume * cifs serverdata8.ad.servergroup.com groupa /home/&/serverdata8 uid=& - -

Works fine.

Finally, the solution was that the user I had already existed in /etc/passwd …  so when you log in to an ADS account that also matches exactly with an account in /etc/passwd , it will end up skipping any conditionals you defined for the @groupX . 

sigh…

This entry was posted on Thursday, April 2nd, 2009 at 02:42 and is filed under linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.