Several R Admins I met at the rstudio::conf in San Diego expressed interest in discussing Windows Active Directory authentication and Windows file share mounting, so I thought I would start a thread related to that topic. I hope to work with a couple of our internal R Admins to put together a more detailed, technical description as to what has worked for us, but in the meantime, maybe we can gather some specific questions others have about the process. I'm hoping we can post the scripts we run when users login, but I want to confirm there is no sensitive information contained within before doing so.
What roadblocks are you struggling with?
What is your current system configuration?
Some of this has already been discussed on this other thread, so please check that out. I think we all want to dive further into the technical nitty-gritty, so I thought a new thread was in order.
Also, be sure to read through the RSP Admin guide for background before diving into the thread below (many questions have been answered there).
I'm very interested in this topic, I'm not actually in the team with root
access to our RHEL 7 server hosting RStudio Server Pro so I would have to
relay information from them.
If you need to send a private message, it's probably best to click on my username or icon, and then click the "Message" button. However, whenever possible, it's to everyone's benefit if we keep conversations public, on the forum so that others can learn and contribute.
From an RStudio perspective, please reach out to us (via support@rstudio.com or by emailing your customer success rep) if you are working with RStudio Server Pro, Shiny Server Pro, or RStudio Connect and struggling with AD/file share mounting. We're happy to help get specific setups up and working.
It'd be great to capture some of the common questions/struggles here. This can help us identify areas to try to document more completely.
Hi all,
As long-ago promised, here is the script we used to mount home directories. Here it is. I didn't write this script, so I might not be very helpful at answering technical questions. However, I can try to relay them to my colleague who did write it. Or better yet, get him to sign up for the community himself
#!/bin/bash
# Purpose: Automatically create home directory and mount share.
# Date modified: 22 Mar 2017
# Auther: Al Ameen Anvar
DATE=`date +%d/%m/%Y_%H:%M:%S`
HMDIR=/home/NCIWIN/$PAM_USER
LOG=/var/log/rstudio/rstudio_share_nfs.log
GID='domain users'
if [ ! -f $LOG ]
then
mkdir -p /var/log/rstudio
touch $LOG
fi
function check_homedir {
if [ ! -d $HMDIR ]
then
mkdir -m 700 $HMDIR >> $LOG 2>&1
cp -r /etc/skel/. $HMDIR >> $LOG 2>&1
chown -R $PAM_USER. $HMDIR >> $LOG 2>&1
fi
}
function check_auth {
echo "$PAM_AUTHTOK" | kinit $PAM_USER >> $LOG 2>&1
if [ $? != 0 ]
then
echo "$DATE $PAM_USER: Invalid Credentials" >> $LOG 2>&1
exit
fi
}
function check_root_user {
if [ $PAM_USER == root ]
then
exit
fi
}
function unmount_share {
rsession=`ps -ef | grep $PAM_USER | grep -ie BxlServer -e Rcmd -e rsession | grep -v grep | wc -l`
if [ $rsession == 0 ]
then
while read mounts
do
umount -l $mounts >> $LOG 2>&1 && echo "unmounting the directory $mounts......" >> $LOG
done < <(mount|grep $PAM_USER|awk -F' ' '{print $3}')
fi
}
#CALLING FUNCTIONS
check_root_user
check_auth
check_homedir
#####For remount the share.
unmount_share
#Specify the share drive one by one to mount the user when logged in
#Example: "1ISLFLS01,ENERGY,$HMDIR/$PAM_USER/energy"
#Syntax: "SERVER NAME,SHARE NAME,MOUNT POINT"
SHARE_ARRAY=(
"1ISLFLS01,ENERGY,$HMDIR/energy"
"1FLS01,Shared,$HMDIR/w_drive"
"ENAPP04,Data1,$HMDIR/data1"
"ENAPP04,Data2,$HMDIR/data2"
"ENAPP05,Data3,$HMDIR/data3"
)
SLAVE_ARRAY=(
ENAPP22
enapp15
enapp16
ENSPK01
ENSPK02
)
function mount_share {
for i in "${SHARE_ARRAY[@]}"
do
SERVER=`echo "${i}" | cut -d',' -f1`
SMNTP=`echo "${i}" | cut -d',' -f2`
DMNTP=`echo "${i}" | cut -d',' -f3`
if grep -qs $DMNTP /proc/mounts
then
echo "$DATE $PAM_USER: $SMNTP is already mounted" >> $LOG
continue
else
mkdir $DMNTP >> $LOG 2>&1 && echo "Creating mount point $DMNTP" >> $LOG || echo "Mount point $DMNTP already exists" >> $LOG
echo "$DATE $PAM_USER: $SMNTP is not mounted. Mounting.... $SMNTP as $DMNTP" >> $LOG
case "$SERVER" in
1ISLFLS01|1FLS01)
mount.cifs //$SERVER/"$SMNTP" $DMNTP -o user=$PAM_USER,pass=$PAM_AUTHTOK,uid=$PAM_USER,gid="$GID",noserverino,vers=3.0 >> $LOG 2>&1
;;
ENAPP04|ENAPP05)
mount.cifs //$SERVER/"$SMNTP" $DMNTP -o user=$PAM_USER,pass=$PAM_AUTHTOK,uid=$PAM_USER,gid="$GID",noserverino,vers=2.1 >> $LOG 2>&1
;;
*)
mount.cifs //$SERVER/"$SMNTP" $DMNTP -o user=$PAM_USER,pass=$PAM_AUTHTOK,uid=$PAM_USER,gid="$GID",noserverino >> $LOG 2>&1
;;
esac
fi
done
}
mount_share
source_file=$HMDIR/.custom_mount.conf
echo "$DATE $PAM_USER: Checking custom mount configuration file" >> $LOG
if [ -f $source_file ]
then
echo "$DATE $PAM_USER: Custom mount configuration file found" >> $LOG
echo "$DATE $PAM_USER: Mounting custom share drives..." >> $LOG
source $source_file
dos2unix $source_file > /dev/null 2>&1
mount_share
else
echo "$DATE $PAM_USER: Custom mount configuration file not found for $PAM_USER" >> $LOG
fi
#executing the secondary server script for mount the share drives#
for slave in "${SLAVE_ARRAY[@]}"
do
ssh -o ConnectTimeout=2 -o ConnectionAttempts=1 root@$slave "/root/rstudio_files/scripts/mount_drives_from_app21 $PAM_USER '$PAM_AUTHTOK'" >> $LOG 2>&1 && echo "Executed the remote script for $slave" >> $LOG
sshpass -p"$PAM_AUTHTOK" ssh -o StrictHostKeyChecking=no -K $PAM_USER@$slave >> $LOG 2>&1
done
Update: I'm a colleague of @thomas. We no longer mount user shares via cifs, and instead have a NFS share that contains each user's home directory. That gets mounted on server boot, which has resolved mounting-on-the-fly issues. However, we still have to mount some windows CIFS shares when the user logs in because CIFS is not quite as magic as NFS when you're working on Linux.
