You are not logged in.
I have a NAS with a samba share. I'm trying to mount this share on my arch linux system when the system boots. This can be done by putting the username and password in /etc/fstab. It can also be done by putting the username / password in a separate file that only root can read.
The problem with those approaches is that the username and password is stored in plain text. To solve this problem, I'm trying to get pam_mount [1] to mount my samba share.
I can manually mount the samba share without problems:
# mount -t cifs //192.168.31.145/series /home/cedric/series-nas/ -o username=cedric,workgroup=workgroup,iocharset=utf8,uid=1000,gid=1000
Password for cedric@//192.168.31.145/series:
[root@cedric cedric]# df -h
Filesystem Size Used Avail Use% Mounted on
dev 16G 0 16G 0% /dev
run 16G 1.2M 16G 1% /run
/dev/nvme0n1p2 932G 677G 255G 73% /
tmpfs 16G 12K 16G 1% /dev/shm
tmpfs 16G 8.0K 16G 1% /tmp
/dev/nvme0n1p2 932G 677G 255G 73% /home
/dev/nvme0n1p1 488M 130M 322M 29% /boot
tmpfs 3.2G 32K 3.2G 1% /run/user/1000
//192.168.31.145/series 1.9T 304G 1.6T 17% /home/cedric/series-nas
[root@cedric cedric]# umount /home/cedric/series-nasI've modified /etc/security/pam_mount.conf.xml and /etc/pam.d/system-login
# cat /etc/security/pam_mount.conf.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="0" />
<!-- Volume definitions -->
<!-- Example using CIFS -->
<!-- mount -t cifs //192.168.31.145/series /home/cedric/series-nas/ -o username=cedric,workgroup=workgroup,iocharset=utf8,uid=1000,gid=1000 -->
<volume
fstype="cifs"
server="192.168.31.145"
path="series"
mountpoint="~/series-nas"
uid="10000-19999"
options="sec=krb5i,vers=3.0,cruid=%(cedric)"
/>
<!-- pam_mount parameters: General tunables -->
<!--
<luserconf name=".pam_mount.conf.xml" />
-->
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
</pam_mount>
# cat /etc/pam.d/system-login
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth optional pam_mount.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password optional pam-mount.so
password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
session optional pam_mount.so
session include system-auth
session optional pam_motd.so
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_systemd.so
session required pam_env.soI don't use a window manager. After the system is booted, I login to the text console, and manually start X. Then I see the samba share is not mounted.
cedric login: cedric
password:
$ startxThen LXDE is started from .xinitrc:
$ cat ~/.xinitrc
numlockx &
exec startlxdeThe samba share is not mounted:
$ df -h
Filesystem Size Used Avail Use% Mounted on
dev 16G 0 16G 0% /dev
run 16G 1.3M 16G 1% /run
/dev/nvme0n1p2 932G 677G 255G 73% /
tmpfs 16G 12K 16G 1% /dev/shm
tmpfs 16G 8.0K 16G 1% /tmp
/dev/nvme0n1p2 932G 677G 255G 73% /home
/dev/nvme0n1p1 488M 130M 322M 29% /boot
tmpfs 3.2G 32K 3.2G 1% /run/user/1000[1] https://wiki.archlinux.org/title/Pam_mount
Is this the best solution for the samba credential problem?
How can I investigate this further? What log files are created?
Can this problem be avoided by using another file sharing protocol like NFS, or something else?
Offline