Heterogeneous environment "roaming" profiles
Solution 1:
We're doing this with our Active Directory domain joined (winbind) Debian boxes. We use pam_mkhomedir
to create a home folder under /home/EXAMPLE/$USER for AD users at logon. Then pam_mount
performs the mounting of the AD home directory. On Debian, we needed to install libpam-mount
, pam_mkhomedir
was installed by default
Once installed the following files are modified:
/etc/security/pam_mount.conf.xml:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,workgroup,nosetuids,noexec,nosuid" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
<!--
Replace "fs1.ad.example.com" with your Windows file server.
We mount our AD user homes under /home/EXAMPLE, change this to suit your needs.
Edit "workgroup=EXAMPLE" to use your domain/realm.
-->
<volume fstype="cifs" server="fs1.ad.example.com" path="home/%(USER)" mountpoint="/home/EXAMPLE/%(USER)" user="*" options="workgroup=EXAMPLE,uid=%(USER),dir_mode=0700,file_mode=0700,nosuid,nodev" />
/etc/pam.d/common-session:
# <snip>
# We use pam to create the AD user home drives
session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
session optional pam_mount.so nullok try_first_pass
For example when I (FCSD\jscott) logon to a Linux box, my AD home folder \\staff\home\jscott is mounted as /home/FCSD/jscott.
Solution 2:
I've never done what you're looking for, but I think the experimental CONFIG_CIFS_ACL if you want to do this with a single mount point. Otherwise, what @jscott is doing should work, albeit each user's home directory is a new mount point and ACLs within the home directory aren't going to work.