pam_mount problem

Martin Obermair mobermair at albani.de
Mon May 22 16:57:39 UTC 2006


Murray Trainer schrieb:

>On Mon, 2006-05-22 at 11:27 +0200, Martin Obermair wrote:
>  
>
>>Murray Trainer schrieb:
>>
>>    
>>
>>>On Fri, 2006-05-19 at 13:47 +0200, Martin Obermair wrote:
>>> 
>>>
>>>      
>>>
>>>>Murray Trainer wrote:
>>>>   
>>>>
>>>>        
>>>>
>>>>>On Fri, 2006-05-19 at 11:08 +0200, Martin Obermair wrote:
>>>>> 
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>>>thank you for your fast answer!
>>>>>>
>>>>>>manually mounting is working fine!
>>>>>>
>>>>>>debug is /etc/security/mount_pam.conf is on!
>>>>>>
>>>>>>i have a debug output in /var/log/auth.log (ubuntu)
>>>>>>
>>>>>>here is say: no volumes to mount!
>>>>>>
>>>>>>i guess it's not a problem with pam service or smbmount.
>>>>>>i must be a problem with my mount_pam.conf but i can't see it :-(
>>>>>>
>>>>>>here is my log output:
>>>>>>
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: path to luserconf set to 
>>>>>>/home/mobermair/.pam_mount.conf
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: reading options_allow...
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: back from global readconfig
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: going to readconfig user
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: ignoring volume record 
>>>>>>user... (not for me)
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: back from user readconfig
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: no volumes to mount
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: real and effective user ID 
>>>>>>are 0 and 0.
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: clean system authtok (0)
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: command: 
>>>>>>/usr/sbin/pmvarrun [-u] [mobermair] [-d] [-o] [1]
>>>>>>May 19 08:59:17 ubuntu1 gdm[5795]: pam_mount: setting uid to 0
>>>>>>May 19 08:59:17 ubuntu1 gdm[5795]: pam_mount: real user/group IDs are 
>>>>>>0/1000, effective is 0/1000
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: error waiting for child
>>>>>>May 19 08:59:17 ubuntu1 gdm[5773]: pam_mount: done opening session
>>>>>>
>>>>>>i don't want this feature via ssh. only for local logins!
>>>>>>(/etc/pam.d/gdm)
>>>>>>
>>>>>>regards
>>>>>>
>>>>>>Murray Trainer wrote:
>>>>>>   
>>>>>>       
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>On Fri, 2006-05-19 at 09:46 +0200, Martin Obermair wrote:
>>>>>>> 
>>>>>>>     
>>>>>>>         
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>>>>hello together,
>>>>>>>>
>>>>>>>>i am to stupid to configure pam_mount correctly.
>>>>>>>>
>>>>>>>>i configurd /etc/pam.d/gdm to automount a smb share on gnome-login.
>>>>>>>>
>>>>>>>>the pam entries seems to be correct (i've got entries in /var/log/auth.log)
>>>>>>>>
>>>>>>>>her is my local user config ~/.pam_mount.conf:
>>>>>>>>
>>>>>>>>volume user smbfs samba POST /home/martin/POST - - -
>>>>>>>>
>>>>>>>>(samba = name of samber server in our network
>>>>>>>>POST = name of samba share
>>>>>>>>/home/martn/POST = mount point)
>>>>>>>>
>>>>>>>>on login in get an error message:
>>>>>>>>
>>>>>>>>no volumes to mount!
>>>>>>>>
>>>>>>>>both config files (local and /etc/security/pam_mount.conf) are chmod 
>>>>>>>>777!!!!
>>>>>>>>
>>>>>>>>/etc/security/pam_mount.conf:
>>>>>>>>
>>>>>>>>debug 1
>>>>>>>>mkmountpoint 1
>>>>>>>>fsckloop /dev/loop7
>>>>>>>>luserconf .pam_mount.conf
>>>>>>>>options_allow	nosuid,nodev,loop,encryption,fsck
>>>>>>>>
>>>>>>>>lsof /usr/sbin/lsof %(MNTPT)
>>>>>>>>fsck /sbin/fsck -p %(FSCKTARGET)
>>>>>>>>losetup /sbin/losetup -p0 "%(before=\"-e\" CIPHER)" "%(before=\"-k\" KEYBITS)" %(FSCKLOOP) %(VOLUME)
>>>>>>>>unlosetup /sbin/losetup -d %(FSCKLOOP)
>>>>>>>>cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
>>>>>>>>
>>>>>>>>smbmount /usr/bin/smbmount   //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
>>>>>>>>ncpmount /usr/bin/ncpmount   %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"
>>>>>>>>smbumount /usr/bin/smbumount %(MNTPT)
>>>>>>>>ncpumount /usr/bin/ncpumount %(MNTPT)
>>>>>>>>
>>>>>>>>
>>>>>>>>umount /bin/umount %(MNTPT)
>>>>>>>>
>>>>>>>>lclmount /bin/mount -p0 -t %(FSTYPE) %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
>>>>>>>>cryptmount /bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT)
>>>>>>>>nfsmount /bin/mount %(SERVER):%(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
>>>>>>>>mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
>>>>>>>>
>>>>>>>>mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
>>>>>>>>pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION)
>>>>>>>>
>>>>>>>>i've tried all kinds of configuration but i never mounted a file system 
>>>>>>>>(i think i am to stupid!)
>>>>>>>>
>>>>>>>>thanks
>>>>>>>>
>>>>>>>>greetinx from bavaria!
>>>>>>>>
>>>>>>>>martin
>>>>>>>>   
>>>>>>>>       
>>>>>>>>           
>>>>>>>>
>>>>>>>>                
>>>>>>>>
>>>>>>>Hi Martin,
>>>>>>>
>>>>>>>Try mounting the share manually first - eg.
>>>>>>>
>>>>>>>smbclient -U userid //server/sharename
>>>>>>>
>>>>>>>Have you added the required pam_mount lines to the appropriate service
>>>>>>>file in /etc/pam.d.  Use the login service and test it using a console
>>>>>>>command line login with debug turned on in pam_mount.conf to see what is
>>>>>>>happening. There is an unresolved bug with using pam_mount with ssh so
>>>>>>>it probably wont work logging in via ssh.
>>>>>>>
>>>>>>>Regards
>>>>>>>
>>>>>>>Murray
>>>>>>>     
>>>>>>>         
>>>>>>>
>>>>>>>              
>>>>>>>
>>>>>Do you have something like the following at the end of the
>>>>>pam_mount.conf to actually do the mounting?
>>>>>
>>>>># An example using spaces:
>>>>># volume * smb krueger 'Home\ Directories' /home/& - - -
>>>>>volume * cifs ldap & /home/&         username=&  - -
>>>>>
>>>>>
>>>>>_______________________________________________
>>>>>Pam-list mailing list
>>>>>Pam-list at redhat.com
>>>>>https://www.redhat.com/mailman/listinfo/pam-list
>>>>> 
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>hi
>>>>
>>>>i will a user specific mounting so the 'mounting rule' are in 
>>>>$HOME/.pam_mount.conf
>>>>
>>>>i tried also the mounting in /etc/security/pam_mounting.conf and 
>>>>disabled the local user file (luserconf .pam_mount.conf) and put 'volume 
>>>>user smbfs samba POST /home/martin/POST - - -' into 
>>>>/etc/security/pam_mounting.conf
>>>>
>>>>i have no idea why it isn't working!
>>>>
>>>>thanks a lot!
>>>>
>>>>regards
>>>>
>>>>martin
>>>>   
>>>>
>>>>        
>>>>
>>>The file in /etc/security should be pam_mount.conf not
>>>pam_mounting.conf.  You should see some logging on the command line or
>>>in /var/log/messages when the user logs in to tell you what is
>>>happening.  If not check you have both the required entries in the file
>>>for the service you are logging in with in /etc/pam.d.
>>>
>>>Murray
>>>
>>>
>>>_______________________________________________
>>>Pam-list mailing list
>>>Pam-list at redhat.com
>>>https://www.redhat.com/mailman/listinfo/pam-list
>>> 
>>>
>>>      
>>>
>>hi
>>
>>thank you for answer!
>>
>>the file is pam_mount.conf not pam_mountig.conf
>>
>>i only want to use pammount with gdm!
>>
>>i changed to a global config and tried a local mount only
>>
>>the output in /var/log/auth.log is the same
>>
>>May 22 10:55:27 localhost gdm[8747]: (pam_unix) session opened for user 
>>mobermair by (uid=0)
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: reading options_allow...
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: ignoring volume record 
>>(not for me)
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: ignoring volume record 
>>(not for me)
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: back from global readconfig
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: per-user configurations 
>>not allowed by pam_mount.conf
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: no volumes to mount
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: real and effective user 
>>ID are 0 and 0.
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: clean system authtok (0)
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: command: 
>>/usr/sbin/pmvarrun [-u] [mobermair] [-d] [-o] [1]
>>May 22 10:55:27 localhost gdm[8774]: pam_mount: setting uid to 0
>>May 22 10:55:27 localhost gdm[8774]: pam_mount: real and effective user 
>>ID are 0 and 0.
>>May 22 10:55:27 localhost gdm[8774]: pam_mount: real and effective group 
>>ID are 1000 and 1000.
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: pmvarrun says login 
>>count is 1
>>May 22 10:55:27 localhost gdm[8747]: pam_mount: done opening session
>>
>>
>>/etc/security/pam_mount.conf
>>
>>*
>>volume user local -  /tmp /home/test - - -
>>*
>>
>>on the weekend i changed from ubunte 6.04 dapper beta to 5.10 breezyx 
>>badger with the same errors
>>
>>so the problem is defenitve the person in front of the computer  ;-)
>>
>>thanks a lot
>>
>>martin
>>    
>>
>
>This error might be the problem ...
>
>May 22 10:55:27 localhost gdm[8747]: pam_mount: per-user configurations 
>not allowed by pam_mount.conf
>
>You probably need to remove the # in front of the luserconf line
>in /etc/security/pam_mount.conf as shown below:
>
># Format: luserconf <file>
># luserconf .pam_mount.conf
>
>Murray
>
>
>_______________________________________________
>Pam-list mailing list
>Pam-list at redhat.com
>https://www.redhat.com/mailman/listinfo/pam-list
>  
>
hi

thanks for your help!
i found my fault!!

i just run chmod +s /usr/bin/smbmount and chmod +s /usr/bin/smbumount so 
that user can mount smbshares!
that's all!

greetings from bavaria

martin




More information about the Pam-list mailing list