trouble configuring pam using pam_ldap and pam_mount

[Heiko Harders]

Hi,

I'm trying to configure PAM for my needs all day now, but I can't get it 
right.
I have an LDAP server which contains the user login information for my 
users. This server also serves the home directory's using NFS.

On my clients I use pam_ldap to authenticate and I use pam_mount to 
mount the home directorys whenever a users logs on. This works fine. The 
problem is, whenever a local user on the client logs on, pam_mount trys 
to mount a home directory from the server. In my pam configuration I 
would like to specify that pam_mount shouldn't be executed whenever a 
local user logs on. But I can't figure out how. I use the default files 
in my '/etc/pam.d/' directory and I've modified the 'common-*' files in 
the following way:

common-account:
account    sufficient  pam_ldap.so
account    required    pam_unix.so

common-auth:
auth    required    pam_mount.so
auth    sufficient  pam_ldap.so use_first_pass
auth    sufficient  pam_unix.so nullok_secure use_first_pass

common-password:
password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

common-session:
session optional        pam_foreground.so
## I think I should add something overhere
session required        pam_mount.so
session sufficient      pam_ldap.so
session required        pam_unix.so

I've tried to add a line in the common-session file, something like this:
session   [user_unknown=2 default=ignore] pam_ldap.so
Hoping this would skip the next 2 lines if the user wasn't found on the 
ldap server. But this doens't seem to work. The following line did work, 
but doens't do what I want:
session [default=2] pam_ldap.so
In this case ALL users skip the next two lines.

Has anyone a clue what I'm doing wrong? Is there something wrong in my 
syntax? Or is the complexe approach wrong?

Greetings,
Heiko