Description of problem: I'm using pam_mount to automount some windows shares whenever a user logs in. I'm using winbind with "winbind use default domain = true", so users can log in using "user" as user name (in addition to "DOMAIN\user"). However, getgrent returns only "DOMAIN\user" as member names in gr_mem. The attached patch, which I'm using successfully, adds another method to determine user group membership in user_in_sgrp. Namely, it uses getgrouplist to enumerate the groups a user belongs to. This is the same method id(1) uses to list groups. Version-Release number of selected component (if applicable): pam_mount-0.32-3.fc9 How reproducible: always Steps to Reproduce: 1.set up winbind to authenticate against a windows domain server, and set winbind to use "winbind use default domain = yes" 2.set up pam_mount to mount some cifs/smb volume from the windows domain server, and use sgrp to constrain it to users which are member of some windows domain 3.log in, and watch pam_mount ignoring the volume mount.
Created attachment 306747 [details] Patch to teach pam_mount to use getgrouplist
I reported this to upstream: http://sourceforge.net/mailarchive/forum.php?forum_name=pam-mount-user
pam_mount-0.40-1.fc9 has been submitted as an update for Fedora 9
There will be an update of pam_mount be in updates-testing, soon. Please test it and report here whether this fixes your problem. According to upstream, it should already work without your patch.
pam_mount-0.40-1.fc9, libHX-1.18-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update pam_mount libHX'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5269
The original bug has indeed been fixed. Unfortunately, sgrp no longer works for me, neither using the simple nor the extended syntax. Upstream has confirmed this and a fix is apparently in upstream svn. So let's wait for 0.41, I guess... See: http://sourceforge.net/tracker/index.php?func=detail&aid=1974442&group_id=41452&http://sourceforge.net/tracker/index.php?func=detail&aid=1974442&group_id=41452&atid=430593
pam_mount-0.41-1.fc9 has been submitted as an update for Fedora 9
libHX-1.18-1.fc9, pam_mount-0.41-1.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libHX pam_mount'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-5398
I've tried 0.41, and sgrp="xx" now indeed works. I'm still having problems with <or><sgrp>XX</sgrp><sgrp>xx</sgrp></or>, as that still matches users who are not members of xx or XX.
pam_mount-0.41-2.fc9 has been submitted as an update for Fedora 9
libHX-1.18-1.fc9, pam_mount-0.41-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.