Enviat: 30/Abr/2009 - 13:18
Tinc usuaris amb contrasenya
Mirant he vist que per alguna raó, el propietari de la carpeta Windows era un usuari determinat. He entrat com a root i he donat permisos per tothom. FUNCIONA.
Segueixo igual amb la contrasenya, que la demana dues vegades.
Detallo el contingut del fitxer pam_mount.conf i fitxer gdm
# -*- sh -*-
# Turn on if you want to debug why some volume cannot be mounted etc.
# This can be overriden by user's local configuration
#
# Format: debug [ 1 | 0 ]
# Local user configuration can override this.
debug 0
# pmvarrun's debug variable is dictated by the 'pmvarrun' setting below.
# to enable pmvarrun debugging, add the -d option to it.
# Create mountpoint if it does not exist yet. This is a good thing.
mkmountpoint 1
# Loopback device to use to run fsck on loopback filesystems.
fsckloop /dev/loop7
#------------------------------------------------------------------------------
# Users' local configuration file (if there is none, comment this
# parameter out). Will be read as ~/<file>
#
# Note: you must include either options_allow or options_deny to use
# this directive. I recommend also including options_require.
#
# Individual users may define additional volumes to mount if allowed
# by pam_mount.conf (usually ~/.pam_mount.conf). The volume keyword is
# the only valid keyword in these per-user configuration files. If the
# luserconf parameter is set in pam_mount.conf, allowing user-defined
# volumes, users may mount and unmount any volumes they specify.
# The mount operation is executed under the user account, not with
# root permissions.
#
# Format: luserconf <file>
#
#luserconf .pam_mount.conf
#------------------------------------------------------------------------------
# These directives determine which options may be specified in a user config
# file (luserconf). You must include one of these directives if you have a
# luserconf directive. You may not include both directives.
#
# If you have an options_allow directive, then the options listed in that
# directive wil be allowed, and all others rejected. If you have an
# options_deny directive, then the options listed will be denied, and all others
# permitted.
#
# You may use the wildcard '*' to match all options.
# I recommend not permitting the suid and dev options.
#
options_allow nosuid,nodev,loop,encryption,fsck
#options_deny suid,dev
#options_allow *
#options_deny *
# The options listed in this directive are required for all volumes from a
# user config file. That is, any volume specified in a user config file that
# does not include these options will be ignored.
#
# Note: you must make sure that a required option is permitted (either by
# including it in options_allow, or by not including it in options_deny).
#
# I recommend requiring at least nosuid and nodev.
#
# This is ignored completely if the volume is configured to get its options
# and mount point from /etc/fstab.
#
options_require nosuid,nodev
#------------------------------------------------------------------------------
# Commands to mount/unmount volumes. They can take parameters, as shown.
#
# If you change the -p0 argument for lclmount, you'll need to modify the
# source in mount.c (it sends the password to the stdin file descriptor
# of the child process -- look for STDIN_FILENO).
#
lsof /usr/bin/lsof %(MNTPT)
fsck /sbin/fsck -p %(FSCKTARGET)
losetup /sbin/losetup -p0 "%(before=\"-e\" CIPHER)" "%(before=\"-k\" KEYBITS)" %(FSCKLOOP) %(VOLUME)
unlosetup /sbin/losetup -d %(FSCKLOOP)
cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"
smbmount /usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"
ncpmount /usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"
smbumount /usr/bin/smbumount %(MNTPT)
ncpumount /usr/bin/ncpumount %(MNTPT)
fusemount /sbin/mount.fuse %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
fuseumount /usr/bin/fusermount -u %(MNTPT)
# Linux supports lazy unmounting (-l). May be dangerous for encrypted volumes.
# May also break loopback mounts because loopback devices are not freed.
# Need to unmount mount point not volume to support SMB mounts, etc.
umount /bin/umount %(MNTPT)
# On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount package).
lclmount /bin/mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
cryptmount /bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT)
nfsmount /bin/mount %(SERVER):%(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
# For BSD: mntagain mount_null %(PREVMNTPT) %(MNTPT)
# For Solaris: mntagain mount -F lofs %(PREVMNTPT) %(MNTPT)
mntcheck /bin/mount # For BSDs (don't have /etc/mtab)
pmvarrun /usr/sbin/pmvarrun -u %(USER) -o %(OPERATION)
#------------------------------------------------------------------------------
# Volumes that will be mounted when user triggers the pam_mount module
# (usually at login).
#
# Format (one line):
# volume <user> <type> <server> <volume> <mount point>
# <mount options> <fs key cipher> <fs key path>
#
# - <user> is a user for which a volume rule applies.
# - "*" selects all users,
# - "@xyz" selects all users who have xyz as their primary group
# - "@@xyz" selects all users who either have xyz as their primary
# or secondary group (/etc/group)
#
# - If such a wildcard (* or @) is used, the '&' wildcard becomes available
# for <volume>, <mount point>, <mount options> and <fs key path>, and
# expands to the username that was used for login.
# - '~' expands to the user's home directory as present in the passwd
# database, but ONLY if it is the first char. (Like in bash; /import/~ does
# not equal /import/home/jengelh!)
# Examples see below.
#
# <type> can be any filesystem type. If /bin/mount or the kernel does not
# support it, you will get an error. You can use the special keyword "auto"
# which automatically lets the kernel choose a matching filesystem. Note
# that you the kernel's auto feature only works with filesystems listed in
# /proc/filesystem, so you will have to load the necessary modules *first*
# for them to be recognized with "auto".
#
# The "cifs", "smbfs" and "ncpfs" types override the identically-named kernel
# filesystems and use the smbmount/ncpmount programs, as defined above,
# instead of `mount -t smbfs ...`.
#
# Note that if the mount command has specified an option, e.g. %(KEYBITS)
# and you don't specify a value, a warning is printed in the log. The
# warning can usually be ignored, except when the option is mandatory.
#
# SMB mounts require the `smbmount` and `smbumount` programs,
# NCP `ncpmount` and `ncpumount`. Both SMB and NCP work in ~/.pam_mount.conf.
#
# General examples:
# volume user smbfs krueger public /home/user/krueger - - -
# volume user ncpfs krueger public /home/user/krueger user=user.context - -
# volume * smbfs krueger homes /home/&/remote dmask=0711 - -
# Useful for pam_chroot:
# volume * auto - /bin /home/&/bin - - -
# For FUSE mounts, example sshfs:
# volume * fuse - "sshfs#&@fileserver:" /home/& - - -
# Or...
# volume * fuse - "sshfs#&@fileserver:" ~ - - -
# volume * nfs server /home/& ~ - - -
# Some more examples:
# volume * auto - /home/&.img ~ - aes-256-ecb /etc/ehd/&
# Windows 2000, which requires a domain specified, example (thanks John Knox):
# volume * smbfs viper & /home/& uid=&,gid=&,dmask=0751,workgroup=WINDOWS_DOMAIN - -
# An NCP example:
# volume user ncpfs SERVER /USERS/Department/user /home/user user=user.full.context,uid=user,gid=user,symlinks - -
# An example using spaces:
# volume * smbfs krueger 'Home Directories' /home/& - - -
# volume * smbfs krueger Home\ Directories /home/& - - -
#------------------------------------------------------------------------------
# Linux encrypted home directory examples, using dm_crypt:
#
# crypt mounts require a kernel with CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT
# enabled as well as all the used ciphers (e.g. CONFIG_CRYPTO_AES_586,
# CONFIG_CRYPTO_TWOFISH, etc.).
# crypt mounts must be in the global config file /etc/security/pam_mount.conf
# volume user crypt - /dev/sda2 /home/user cipher=aes,fsck aes-256-ecb /home/user.key
#
# Linux encrypted home directory examples, using dm_crypt:
# volume user crypt - /dev/sda2 /home/user cipher=aes aes-256-ecb /home/user.key
# cryptoloop mounts require a kernel with CONFIG_BLK_DEV_CRYPTOLOOP enabled.
# cryptoloop mounts must be in the global config /etc/security/pam_mount.conf
# Linux encrypted home directory examples, using cryptoloop:
#
# volume user auto - /dev/hda123 /home/user loop,encryption=aes - -
# volume user auto - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - -
# volume user auto - /home/user.img - - - -
# volume user auto - /home/user.img - - aes-256-ecb /home/user4.key
# The last two examples (^^) need a line like the following in
# /etc/fstab:
# /home/user4.img /home/user4 xfs user,loop,encryption=aes,keybits=256,noauto 0 0
# OpenBSD encrypted home directory example (see also lclmount above):
# volume user auto - /home/user.img /home/user svnd0 - -
# Volatile tmpfs mount with restricted size
# (thanks to Mike Hommey for this example)
# volume test tmpfs - /tmpfs/test /home/test "size=10M,uid=test,gid=users,mode=0700 -t tmpfs" - -
# Details:
# Local user configuration (~/.pam_mount.conf) can extend this.
#
# If there are no servers, mount options, fs key ciphers, etc. you must
# supply a lone dash, i.e. "-"
#
# See http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html
# to learn how to create a encrypted loopback filesystem.
#
# If the volume's password is different than the user's login password,
# the following technique may be used (see also README):
#
# {...} are placeholders, insert the proper value there!
#
# 1. Create a file containing the volume's password (FS key). If you are
# using pam_mount to mount an loopback encrypted volume, this password
# should be generated with /dev/urandom.
#
# Simple example:
# echo {volume password} | openssl enc -aes-256-ecb >/home/user.key
# Encrypt this file using the user's login password as the key.
#
# Verbose loopback encrypted volume example:
# a. dd if=/dev/urandom of=/home/user.img bs=1M count={image size in MB}
# b. dd if=/dev/urandom bs=1c count={keysize/8} | \
# openssl enc -{fs key cipher} >/home/user.key
# Encrypt this file using the user's login password as the key.
# c. modprobe -q cryptoloop
# d. openssl enc -d -{fs key cipher} -in /home/user.key | \
# losetup -e aes -k {keysize} -p0 /dev/loop0 /home/user.img
# e. mkfs -t ext2 /dev/loop0
# f. losetup -d /dev/loop0
#
# 3. In pam_mount.conf:
# a. Set the fs key cipher variable to the cipher used (ie: aes-256-ecb).
# b. Set the fs key path variable to the key's path (ie: /home/user.key)
# 4. If a user changes his login password, regenerate the efsk that
# was created in step 1b. A script named passwdehd is provided to do this.
#
# If fs_key_cipher is -, then the user's login password is also the volume's
# password.
volume * smbfs 192.168.0.100 s /windows/s uid=&,gid=&,dmask=0750,workgroup=AULA - -
volume * smbfs 192.168.0.100 t /windows/t uid=&,gid=&,dmask=0750,workgroup=AULA - -
volume * smbfs 192.168.0.100 p /windows/p uid=&,gid=&,dmask=0750,workgroup=AULA - -
volume * smbfs 192.168.0.100 ALUMNES /windows/ALUMNES uid=&,gid=&,dmask=0750,workgroup=AULA - -
________________________________________________________________________
Fitxer gdm:
#%PAM-1.0
auth include common-auth
auth optional pam_mount.so use_first_pas
account include common-account
password include common-password
session include common-session
session required pam_devperm.so
session required pam_resmgr.so
session optional pam_mount.so
Xavier Casado