× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

Centrify + pam_mount

Showing results for 
Search instead for 
Do you mean 
Reply
rlt
Participant II
Posts: 9
Registered: ‎01-11-2017
#1 of 4 1,071

Centrify + pam_mount

Hi guys,

 

After a lot of test, i think that apparently centrify and pam_mount (PM) cant work together.

That a problem for me cause PM anebla me to acces some samba shared files at logon.

 

Problem is the follow :

 

When i installed PM, its working well, mounting the file has i request him to do with my user (same nickname/login has AD user)

 

When i install centrify, and then PM

Centrify work but PM dont mount at login. But it's working when i go to terminal and enter su (user) he ask me password and passwod for PM, and its work.

 

When i install PM, then centrify, i cant login with AD user. Only local AND no AD user (maining if i have a local user that have the same nick has AD user its fail). But PM and centrify working if i go to terminal and su (user)@(domain).

 

I think the problem may be in pam/* files. Maybe a specific order is needed ?

 

Did you have any idea ?

 

Thx for the help, tel me if you need more infos about this problem.

 

Centrify Guru I
Posts: 1,872
Registered: ‎07-26-2012
#2 of 4 1,065

Re: Centrify + pam_mount

[ Edited ]

@rlt,

 

The issue is most likely on your target.

Assuming SMB/CIFS, does the system (Windows, Filer) know how to correlate the Centrify-provided  identity with the user identity?

 

Remember:  In express mode, the identities aren't in AD but emulated on the agent.  You have to find a way to present this data to your target server.

 

Paying customers today use the LDAP proxy for these purposes.

 

Review this post since we've covered these types of projects several times:  http://community.centrify.com/t5/Centrify-Express/Fstab-mapping-drives-difficulty/m-p/19960#M4122

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
rlt
Participant II
Posts: 9
Registered: ‎01-11-2017
#3 of 4 1,059

Re: Centrify + pam_mount

pam_mount get the credential at logon. He take the user name and password. This two are the same on AD and samba, that why it is working.

 

The problem is that centrify and pam_mount dont share this information apparently.

 

The problem with fstab is that you need to save you credential when pam_mount just get them "on the fly" to mount the CIFS. Nothing is stored and when user log out its unmount.

 

I know that centrify and pam_mount both madofy pam.d/session-auth and other. And i may suspect the problem id from that.

 

Cause like i said, its working on the terminal but not on the "classic way" :(

 

 

 

Centrify Guru I
Posts: 1,872
Registered: ‎07-26-2012
#4 of 4 1,057

Re: Centrify + pam_mount

[ Edited ]

@rlt,

 

This is one of the most common asked questions in this forums.

The issue you're having is that your CIFS share cannot match the UNIX data for the user (or group) with the directory.

Your implementation answers are scattered in this forum.  

 

Note:  You also need to make sure the Centrify directories are in the pam_mount.  But that's not the right approach.

 

 

Perhaps other members of the forums would like to chime-in.

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify: