OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: pam_mount problem

From: Murray Trainer (mtrainercentral-data.net)
Date: Fri May 19 2006 - 06:28:27 CDT


On Fri, 2006-05-19 at 11:08 +0200, Martin Obermair wrote:
> thank you for your fast answer!
>
> manually mounting is working fine!
>
> debug is /etc/security/mount_pam.conf is on!
>
> i have a debug output in /var/log/auth.log (ubuntu)
>
> here is say: no volumes to mount!
>
> i guess it's not a problem with pam service or smbmount.
> i must be a problem with my mount_pam.conf but i can't see it :-(
>
> here is my log output:
>
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: path to luserconf set to
> /home/mobermair/.pam_mount.conf
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: reading options_allow...
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: back from global readconfig
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: going to readconfig user
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: ignoring volume record
> user... (not for me)
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: back from user readconfig
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: no volumes to mount
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: real and effective user ID
> are 0 and 0.
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: clean system authtok (0)
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: command:
> /usr/sbin/pmvarrun [-u] [mobermair] [-d] [-o] [1]
> May 19 08:59:17 ubuntu1 gdm[5795]: pam_mount: setting uid to 0
> May 19 08:59:17 ubuntu1 gdm[5795]: pam_mount: real user/group IDs are
> 0/1000, effective is 0/1000
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: error waiting for child
> May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: done opening session
>
> i don't want this feature via ssh. only for local logins!
> (/etc/pam.d/gdm)
>
> regards
>
> Murray Trainer wrote:
> > On Fri, 2006-05-19 at 09:46 +0200, Martin Obermair wrote:
> >
> >> hello together,
> >>
> >> i am to stupid to configure pam_mount correctly.
> >>
> >> i configurd /etc/pam.d/gdm to automount a smb share on gnome-login.
> >>
> >> the pam entries seems to be correct (i've got entries in /var/log/auth.log)
> >>
> >> her is my local user config ~/.pam_mount.conf:
> >>
> >> volume user smbfs samba POST /home/martin/POST - - -
> >>
> >> (samba = name of samber server in our network
> >> POST = name of samba share
> >> /home/martn/POST = mount point)
> >>
> >> on login in get an error message:
> >>
> >> no volumes to mount!
> >>
> >> both config files (local and /etc/security/pam_mount.conf) are chmod
> >> 777!!!!
> >>
> >> /etc/security/pam_mount.conf:
> >>
> >> debug 1
> >> mkmountpoint 1
> >> fsckloop /dev/loop7
> >> luserconf .pam_mount.conf
> >> options_allow nosuid,nodev,loop,encryption,fsck
> >>
> >> lsof /usr/sbin/lsof %(MNTPT)
> >> fsck /sbin/fsck -p %(FSCKTARGET)
> >> losetup /sbin/losetup -p0 "%(before=\"-e\" CIPHER)" "%(before=\"-k\" KEYBITS)" %(FSCKLOOP) %(VOLUME)
> >> unlosetup /sbin/losetup -d %(FSCKLOOP)
> >> cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
> >>
> >> smbmount /usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
> >> ncpmount /usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"
> >> smbumount /usr/bin/smbumount %(MNTPT)
> >> ncpumount /usr/bin/ncpumount %(MNTPT)
> >>
> >>
> >> umount /bin/umount %(MNTPT)
> >>
> >> lclmount /bin/mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
> >> cryptmount /bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT)
> >> nfsmount /bin/mount %(SERVER):%(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
> >> mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
> >>
> >> mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
> >> pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION)
> >>
> >> i've tried all kinds of configuration but i never mounted a file system
> >> (i think i am to stupid!)
> >>
> >> thanks
> >>
> >> greetinx from bavaria!
> >>
> >> martin
> >>
> >
> > Hi Martin,
> >
> > Try mounting the share manually first - eg.
> >
> > smbclient -U userid //server/sharename
> >
> > Have you added the required pam_mount lines to the appropriate service
> > file in /etc/pam.d. Use the login service and test it using a console
> > command line login with debug turned on in pam_mount.conf to see what is
> > happening. There is an unresolved bug with using pam_mount with ssh so
> > it probably wont work logging in via ssh.
> >
> > Regards
> >
> > Murray

Do you have something like the following at the end of the
pam_mount.conf to actually do the mounting?

# An example using spaces:
# volume * smb krueger 'Home\ Directories' /home/& - - -
volume * cifs ldap & /home/& username=& - -

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://www.redhat.com/mailman/listinfo/pam-list