[TCLUG] Re: [TCLUG:23625] autofs + smbfs

Fri Nov 10 10:44:34 CST 2000

On Thu, Nov 09, 2000 at 03:09:06PM -0600, Andy Zbikowski wrote:
> Following up on the suggestion, I got autofs working for my samba shares.
> Unfourtanately, the documentation was a bit dated. 

Just a bit?

> Anyway, here's a quick rundown of what it actually took:
> # Sample /etc/auto.master file
> # Format of this file:
> # mountpoint map options
> # For details of the format look at autofs(8).
> #/var/autofs/misc       /etc/auto.misc
> /mnt/NTDomain           /etc/auto.ltiflex

OK.  This looks fine.

> # auto.ltiflex
> # This is an automounter map and it has the following format
> # key [ -mount-options-separated-by-comma ] location
> # Details may be found in the autofs(5) manpage
> username       
> -fstype=smbfs,username=username,password=null,netbiosname=wsname,uid=1000,gid=1000,fmask=600,workgroup=NTDOMAIN   

..[snip]..

> The good:
> I don't have to keep remounting my NT home share.
> 
> The bad:
> The automounter doesn't recongize the $, so I had to add a share names to
> the NT servers that didn't have dollar signs.
> NT Password is outputted in plain text to /var/log/debug, /var/log/auth.log,
> /var/log/syslog, and /var/log/daemon.log every time a share is mounted.
> NT Password is kept in plain text in /etc/auto.NTDOMAIN.

OK.  Zibby.  You've almost got the answer, although you overlooked the
smbclient and related manpages.  In particular, you forgot about the
PASSWD environment variable.  By providing this environment variable
in the /etc/init.d/autofs script, you effectively remove it from all
log files.  The disadvantage is that you can only mount with the given
uid/gid.  IOW, it's not a true representation as to who mounted the
files.  If you're trying to roll this out to everyone, and you want to
preserve the uid/gid of the person accessing the files, it won't
scale.  The line I added was:

test -f /etc/auto.NTDOMAIN.passwd && source /etc/auto.NTDOMAIN.passwd

Of course, auto.NTDOMAIN.passwd would have the plain text password.
Change user permissions to the file to 700.

Personally, I would mount the RO filesystems in the manner described
above, then use smbclient for user-specific RW access to the shares.
Or, if you're hosting these shares with NFS as well, connect via NFS
instead.  

If that's not a problem for you, no biggie.  Consider creating a user
for your machine name for these mounts so you could at least track
WHERE the changes were made from.  Also, remember that automount uses
NFS wildcards and aliases.  Included in these are the '*', the '&',
and yes, the '$'.  Pick up the "Managing NFS and NIS" by O'Reily
publishing for more details.

-- 
Chad "^chewie, gunnarr" Walstrom <chewie at wookimus.net>
             http://www.wookimus.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20001110/ab091779/attachment.pgp