Ldap – OS X Mounting Samba shares using logon script – Using Open LDAP

ldapmac-osxmac-osx-serversamba

Is it possible to mount a Samba share at logon using a standard OS X logon script, when using an Open LDAP directory for authentication?

Obviously you can get the username from the $1 variable, but can we temporarily capture the password to mount the share?

The share is to be mounted as the user's home directory, which is stored on the Samba share.

To pre-empt the obvious questions:

No we can't use Kerberos
We do use network account information in the LDAP schema for certain accounts, but can't here for this machine.
Yes we have to use Samba, not AFP/NFS
Keychain is no use as it is stored in ~/Library, which is in the very directory (~/) that needs to be mounted.

Best Answer

I understand I'm someway "bypassing" the question, but I'm not sure you have already evaluated alternative approaches.

Alternative approach/suggestion:

you can create an alias to the share
D&D the alias into the System prefereces -> Accounts -> Login items
you can connect and flag the "remember password" option to store it in you login keyring

This way you'll have the share auto-mounted on login, that is what you wanted I hope :)

Note that this is aware of the authentication back-end you use, it is a general solution from this point of view.

Furthermore, I experimented that you can avoid alias creation (that is quite ugly to me) if you can announce your samba share via Bonjour; if it is you can D&D the share without having to create the alias.

Related Solutions

Linux – Provide Samba access based on LDAP info

I believe it will be necessary to at least have a domain admin on the LDAP server come over to type their password at least one time to accomplish what you want and join Samba to the domain.

Given that, the steps should be relatively simple. Taken from the Samba Wiki, set the following in your samba config:

* passdb backend = ldapsam:ldap://<your-hostname>
* ldap suffix = 
* ldap admin dn

Then run smbpasswd -w to let samba know the password for the admin dn.

There is also a nice writeup here.

Samba – OpenLDAP & Samba for Mac home drives

Can you re-edit and give a few more details? Are you setting up all authentication via Ubuntu? Is there a Windows Domain Controller involved, or is it all Ubuntu all the time? Will you have Windows clients (XP, Vista, 7) connecting? Is this an all-Mac-client shop? Just curious, why do you not want Kerberos?

Using SMB on OS X for home directories is troublesome; I know of one person that had all kinds of trouble getting the home directory to map properly when they logged in. The drive would show up, but no matter how they attempted to open it, they just couldn't access it.

If you're a 100% non-windows shop, I really recommend that you just go with NFS. I guarantee you'll cut out loads of heartache, it will mesh with your existing Unix(y) permissions schema, and you can generally get things done.

If you have Windows clients that need to attach, well, Samba is pretty much the only game in town.

If you have Windows Domain Controllers and you're setting up Ubuntu as a member server acting as a file server, then you want Kerberos in your life, it will simplify your authentication. If you're avoiding Kerberos because you fear you need a KDC, then have no fear, because the Windows Domain Controller will provide that for you.

Best Answer

Related Solutions

Linux – Provide Samba access based on LDAP info

Samba – OpenLDAP & Samba for Mac home drives

Related Topic