This is probably something you get a lots of complaints about- but
this email is actually a contribution of real code I've written to get
Samba shares automounting. Knowing my luck, it's duplicated something
someone else has done, but hey, it was fun...
Anyway. My problem being that the smbmount script supplied in the
latest Samba didn't work with the existing mount_smbfs, and I had bad
luck getting lots of nested autofs mounts working anyway, I came up
with the idea of having a special lookup module to do Samba mounts.
The very simplest case is where the lookup is given a host name as a
map; the keys (directory entries) are always share names. So, if
/etc/auto.samba was a file map on /samba, it could say:
* -fstype=autofs samba:&
and then an access to /samba/servername/sharename would run the
command "smbmount //servername/sharename /samba/servername/sharename".
OK, this is the very simple and not-interesting case- you're getting
guest access, and the mounted dir will be owned by root. Most people
want users to be able to automount their shares as themselves, and
own the Unix view of their share. So we need to pass in the user name,
password information and other interesting bits and bobs.
The way I've done this is all via the map name. The map name is, well,
ugly:
[username[=uid][,password]@]hostname[,workgroup][;moremountoptions]
So, you can see that this goes from simple cases like "server",
"steve@server" all the way up to the hideous
"steve=shaslam,xyzzy@server,corpnet;ro".
Now, you see, I can access
/samba/shaslam,xyzzy@server/sharename
And it will connect as me. Of course, this advertises to everyone that
my Samba password on "server" is "xyzzy"- ungood. How can the autofs
daemon know my password though? Is it viable to ask for it
interactively?
The answer to that is "probably", but the way I've gone for now is
that it simply looks in ".auto-samba.passwd" for my password. So my
situation now is that I can do
echo "shaslam@server xyzzy" > ~/.auto-samba.passwd
and then go to /samba/shaslam@server/sharename, which is much better.
But, woe is me, things *still* aren't right. Because autofs runs as
root, the views of the Samba shares are owned by root. It might be a
Good Thing for lookup_samba to automatically set the mount options to
have them owned by me automatically, but it might not. I've veered
toward caution here and not put support for that in. But this is where
we start to make use of nested autofs mounts. Let's change
/etc/auto.samba to read:
* -fstype=autofs,-Duser=& file:/etc/auto.sambasub
and this introduces /etc/auto.sambasub, which reads:
* -fstype=autofs samba,${user}@&;uid=${user},gid=${user},fmask=0600,dmask=0700
And now I can access "/samba/shaslam/server/sharename", autofs will
give me ownership of this directory, automagically locking out anyone
else.
The main letdown here is that this doesn't cope with cases where the
UNIX user ID and the NetBIOS name mismatch- I can't look at
"/samba/steve=shaslam/server/sharename"- or rather, I can, but it will
try to run smbmount with options of
"uid=steve=shaslam,gid=steve=shaslam,fmask=.." etc. which won't
work. (Hence my consideration of automatically adding uid=/gid=
arguments when the username is specified).
Anyway, I hope you find this useful. Any feedback appreciated.
The code is at http://www.debian.org/~araqnid/lookup_samba.c
Config files I'm using atm:
/etc/auto.samba (on /samba) :
* -fstype=autofs,-Duser=& file:/etc/auto.sambasub
public -fstype=autofs
samba:guest,xyzzy@server1;uid=nobody,gid=nogroup,fmask=0444,dmask=0555
/etc/auto.sambasub:
* -fstype=autofs samba:${user}@&;uid=${user},gid=${user},fmask=0600,dmask=0700
~shaslam/.auto-samba.passwd:
shaslam@server1 xyzzy
SRH
--
Steve Haslam, Production Engineer, Excite UK [EMAIL PROTECTED]
i sit and stare at the gun pointed at my head
and think about all the possibilities
