CIFS Homes

About

OIT is moving towards using CIFS for share user home directories.  Currently most user homes are in the AFS environment.  The article below describes how to add the CIFS home directories in to your existing login environment

Requirements

  • pam_cifs (available from Linux@Duke repos)
  • cifs-utils

How does the whole thing work?

  1. The user enters their password by the normal PAM methods
  2. pam_cifs takes their username, and does an ldap lookup to find where their CIFS home directory actually is (Ex: //homedirs.oit.duke.edu/users/u/username)
  3. pam_cifs passes your username and password to the mount.cifs program from cifs-utils and mounts the entry from ntUserHomedir to /winhomes/<username>

Installation

Install necessary tools

# yum -y install pam_cifs cifs-utils

Edit the file in your /etc/pam.d directory to allow for cifs lookups.  The specific file in this directory will differ depending on the way your server is set up.

Example PAM line:

session    optional       pam_cifs.so  debug prefix=/winhomes source=ldap:ntUserHomeDir ldapobjectclass=posixAccount options=sfu ldaploginattribute=uid ldapbinddn=duLDAPKey=7314a2e8-e22c-11e1-b1b3-f0ed5a3818a9,ou=Accounts,dc=duke,dc=edu ldapbindpw=a=2B@$CERFkZ3uQ ldap=ldaps://ldap.duke.edu ldapbasedn=ou=people,dc=duke,dc=edu debug max_uid=10000000 windomain=WIN.DUKE.EDU make_mount_point

* The ldapbinddn used in the line above is a special service account used for this sort of lookup.  Technically, the ldap entry ‘ntUserHomeDir’ can be looked up anonymously, but the pam_cifs module does not currently work with anonymous lookups.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>