OIT is moving towards using CIFS for share user home directories. Currently most user homes are in the AFS environment. The article below describes how to add the CIFS home directories in to your existing login environment
- pam_cifs (available from Linux@Duke repos)
How does the whole thing work?
- The user enters their password by the normal PAM methods
- pam_cifs takes their username, and does an ldap lookup to find where their CIFS home directory actually is (Ex: //homedirs.oit.duke.edu/users/u/username)
- pam_cifs passes your username and password to the mount.cifs program from cifs-utils and mounts the entry from ntUserHomedir to /winhomes/<username>
Install necessary tools
# yum -y install pam_cifs cifs-utils
Edit the file in your /etc/pam.d directory to allow for cifs lookups. The specific file in this directory will differ depending on the way your server is set up.
Example PAM line:
session optional pam_cifs.so debug prefix=/winhomes source=ldap:ntUserHomeDir ldapobjectclass=posixAccount options=sfu ldaploginattribute=uid ldapbinddn=duLDAPKey=7314a2e8-e22c-11e1-b1b3-f0ed5a3818a9,ou=Accounts,dc=duke,dc=edu ldapbindpw=a=2B@$CERFkZ3uQ ldap=ldaps://ldap.duke.edu ldapbasedn=ou=people,dc=duke,dc=edu debug max_uid=10000000 windomain=WIN.DUKE.EDU make_mount_point
* The ldapbinddn used in the line above is a special service account used for this sort of lookup. Technically, the ldap entry ‘ntUserHomeDir’ can be looked up anonymously, but the pam_cifs module does not currently work with anonymous lookups.