Centrify + pam_mount
01-19-2017 08:35 AM
After a lot of test, i think that apparently centrify and pam_mount (PM) cant work together.
That a problem for me cause PM anebla me to acces some samba shared files at logon.
Problem is the follow :
When i installed PM, its working well, mounting the file has i request him to do with my user (same nickname/login has AD user)
When i install centrify, and then PM
Centrify work but PM dont mount at login. But it's working when i go to terminal and enter su (user) he ask me password and passwod for PM, and its work.
When i install PM, then centrify, i cant login with AD user. Only local AND no AD user (maining if i have a local user that have the same nick has AD user its fail). But PM and centrify working if i go to terminal and su (user)@(domain).
I think the problem may be in pam/* files. Maybe a specific order is needed ?
Did you have any idea ?
Thx for the help, tel me if you need more infos about this problem.
01-19-2017 08:53 AM
The issue is most likely on your target.
Assuming SMB/CIFS, does the system (Windows, Filer) know how to correlate the Centrify-provided identity with the user identity?
Remember: In express mode, the identities aren't in AD but emulated on the agent. You have to find a way to present this data to your target server.
Paying customers today use the LDAP proxy for these purposes.
Review this post since we've covered these types of projects several times: http://community.centrify.com/t5/Centrify-Express/
01-19-2017 09:04 AM
pam_mount get the credential at logon. He take the user name and password. This two are the same on AD and samba, that why it is working.
The problem is that centrify and pam_mount dont share this information apparently.
The problem with fstab is that you need to save you credential when pam_mount just get them "on the fly" to mount the CIFS. Nothing is stored and when user log out its unmount.
I know that centrify and pam_mount both madofy pam.d/session-auth and other. And i may suspect the problem id from that.
Cause like i said, its working on the terminal but not on the "classic way" :(
01-19-2017 09:06 AM
This is one of the most common asked questions in this forums.
The issue you're having is that your CIFS share cannot match the UNIX data for the user (or group) with the directory.
Your implementation answers are scattered in this forum.
Note: You also need to make sure the Centrify directories are in the pam_mount. But that's not the right approach.
Perhaps other members of the forums would like to chime-in.