okay so i configured pam_mount on my centos 6 machine as i did on my centos 7 and 5 machines.
But when i login locally or via ssh, pam_mount can't mount my home dir. when i login with a local user, and su to a user who needs the hmoe dir mounted pam_mount works fine and mount the home dir.
the error i get, when i ssh or log in from console is found in /var/log/messages:
Feb 13 14:27:52 centosy sshd[1224]: pam_mount(mount.c:64): Errors from underlying mount program:
Feb 13 14:27:52 centosy sshd[1224]: pam_mount(mount.c:68): mount error(13): Permission denied
Feb 13 14:27:52 centosy sshd[1224]: pam_mount(mount.c:68): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Feb 13 14:27:52 centosy sshd[1224]: pam_mount(pam_mount.c:521): mount of tomas failed
Feb 13 14:27:52 centosy sshd[1224]: pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
Feb 13 14:27:52 centosy sshd[1224]: pam_mount(pam_mount.c:476): warning: could not obtain password interactively either
Feb 13 14:28:00 centosy sshd[1224]: pam_mount(mount.c:64): umount messages:
Feb 13 14:28:00 centosy sshd[1224]: pam_mount(mount.c:68): umount: /home/tomas: not mounted
Feb 13 14:28:00 centosy sshd[1224]: pam_mount(mount.c:722): unmount of tomas failed
Feb 13 14:33:59 centosy kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb 13 14:33:59 centosy kernel: CIFS VFS: Send error in SessSetup = -13
Feb 13 14:33:59 centosy kernel: CIFS VFS: cifs_mount failed w/return code = -13
my pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
auth optional pam_mount.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
session optional pam_mount.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
my pam.d/password-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
auth optional pam_mount.so
account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
session optional pam_mount.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
my pam_mount.conf.xml:
?xml version="1.0" encoding="utf-8" ?>
can anyone see the error, and knows how to fix this?
No comments:
Post a Comment