so I have this problem that pam_mount won't mount my cifs home dirs
pam_mount has this in /var/log/messages:
Feb 3 15:49:18 centosy nslcd[1278]: [3c9869] <passwd="tomas"> (re)loading /etc/nsswitch.conf
Feb 3 15:49:20 centosy systemd: Starting user-3000044.slice.
Feb 3 15:49:20 centosy systemd: Created slice user-3000044.slice.
Feb 3 15:49:20 centosy systemd: Starting Session 1 of user tomas.
Feb 3 15:49:20 centosy systemd: Started Session 1 of user tomas.
Feb 3 15:49:20 centosy systemd-logind: New session 1 of user tomas.
Feb 3 15:49:20 centosy sshd[2208]: (rdconf1.c:744): path to luserconf set to /home/tomas/.pam_mount.conf.xml
Feb 3 15:49:20 centosy sshd[2208]: (pam_mount.c:568): pam_mount 2.14: entering session stage
Feb 3 15:49:20 centosy sshd[2208]: (pam_mount.c:173): conv->conv(...): Conversation error
Feb 3 15:49:20 centosy sshd[2208]: (pam_mount.c:477): warning: could not obtain password interactively either
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:782): Could not get realpath of /home/tomas: No such file or directory
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:263): Mount info: globalconf, user=tomas <volume fstype="cifs" server="zentyal" path="tomas" mountpoint="/home/tomas" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="sec=ntlm,nodev,nosuid" /> fstab=0 ssh=0
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:305): mkmountpoint: checking /home
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:305): mkmountpoint: checking /home/tomas
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:345): mkdir[0] /home/tomas
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:353): chown /home/tomas -> 3000044:1901
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:660): Password will be sent to helper as-is.
Feb 3 15:49:20 centosy sshd[2208]: command: 'mount' '-t' 'cifs' '//zentyal/tomas' '/home/tomas' '-o' 'username=tomas,uid=3000044,gid=1901,sec=ntlm,nodev,nosuid'
Feb 3 15:49:20 centosy kernel: Key type dns_resolver registered
Feb 3 15:49:21 centosy kernel: Key type cifs.spnego registered
Feb 3 15:49:21 centosy kernel: Key type cifs.idmap registered
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:68): Messages from underlying mount program:
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:72): mount error(13): Permission denied
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Feb 3 15:49:21 centosy kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb 3 15:49:21 centosy kernel: CIFS VFS: Send error in SessSetup = -13
Feb 3 15:49:21 centosy kernel: CIFS VFS: cifs_mount failed w/return code = -13
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 17 37 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 18 37 0:16 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 19 37 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,size=934084k,nr_inodes=233521,mode=755
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 20 18 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 21 19 0:17 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 22 19 0:11 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,gid=5,mode=620,ptmxmode=000
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 23 37 0:18 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,mode=755
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 24 18 0:19 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:8 - tmpfs tmpfs rw,mode=755
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 25 24 0:20 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 26 18 0:21 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 27 24 0:22 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,cpuset
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 28 24 0:23 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuacct,cpu
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 29 24 0:24 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,memory
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 30 24 0:25 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,devices
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 31 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,freezer
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 32 24 0:27 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,net_cls
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 33 24 0:28 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,blkio
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 34 24 0:29 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,perf_event
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 35 24 0:30 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,hugetlb
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 36 18 0:31 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 37 1 253:1 / / rw,relatime shared:1 - xfs /dev/mapper/centos-root rw,attr2,inode64,noquota
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 15 17 0:14 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=32,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 38 19 0:32 / /dev/hugepages rw,relatime shared:23 - hugetlbfs hugetlbfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 39 19 0:13 / /dev/mqueue rw,relatime shared:24 - mqueue mqueue rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 40 18 0:7 / /sys/kernel/debug rw,relatime shared:25 - debugfs debugfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 41 37 8:1 / /boot rw,relatime shared:26 - xfs /dev/sda1 rw,attr2,inode64,noquota
Feb 3 15:49:21 centosy sshd[2208]: (pam_mount.c:522): mount of tomas failed
my /etc/security/pam_mount.conf.xml looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="1" />
<!-- Volume definitions -->
<volume user="*" fstype="cifs" server="zentyal" path="%(USER)" mountpoint="/home/%(USER)" options="se$
<!-- pam_mount parameters: General tunables -->
<mkmountpoint enable="1" remove="true" />
<luserconf name=".pam_mount.conf.xml" />
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions allow="*" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="0" term="0" kill="0" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
</pam_mount>
I konw it says permission denied but I can't understand this because on my ubuntu client which mounts exactly like this work fine:
Feb 3 15:39:39 ubuntu-client sshd[1618]: (pam_mount.c:568): pam_mount 2.14: entering session stage
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:786): Could not get realpath of /home/tomas: No such file or directory
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:267): Mount info: globalconf, user=tomas <volume fstype="cifs" server="zentyal" path="tomas" mountpoint="/home/tomas" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="sec=ntlm,nodev,nosuid" /> fstab=0 ssh=0
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:309): mkmountpoint: checking /home
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:309): mkmountpoint: checking /home/tomas
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:349): mkdir[0] /home/tomas
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:357): chown /home/tomas -> 3000044:1901
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:664): Password will be sent to helper as-is.
Feb 3 15:39:39 ubuntu-client sshd[1618]: command: 'mount' '-t' 'cifs' '//zentyal/tomas' '/home/tomas' '-o' 'username=tomas,uid=3000044,gid=1901,sec=ntlm,nodev,nosuid'
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 17 22 0:15 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 18 22 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 19 22 0:5 / /dev rw,relatime - devtmpfs udev rw,size=498160k,nr_inodes=124540,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 20 19 0:12 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 21 22 0:16 / /run rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=101788k,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 22 1 8:1 / / rw,relatime - ext4 /dev/disk/by-uuid/3056ddfe-8725-48bd-a3c7-c353dd4ed7ee rw,errors=remount-ro,data=ordered
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 23 17 0:17 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 24 17 0:18 / /sys/fs/fuse/connections rw,relatime - fusectl none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 25 17 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 26 17 0:10 / /sys/kernel/security rw,relatime - securityfs none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 27 21 0:19 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=5120k
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 28 21 0:20 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 29 21 0:21 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=102400k,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 30 17 0:22 / /sys/fs/pstore rw,relatime - pstore none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 31 23 0:23 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup systemd rw,name=systemd
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 32 29 0:24 / /run/user/112/gvfs rw,nosuid,nodev,relatime - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=112,group_id=118
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 33 22 0:25 / /home/tomas rw,nosuid,nodev,relatime - cifs //zentyal/tomas rw,vers=1.0,sec=ntlm,cache=strict,username=tomas,uid=3000044,forceuid,gid=1901,forcegid,addr=172.16.0.5,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1
Feb 3 15:39:39 ubuntu-client sshd[1618]: command: 'pmvarrun' '-u' 'tomas' '-o' '1'
Feb 3 15:39:39 ubuntu-client sshd[1618]: (pam_mount.c:441): pmvarrun says login count is 1
Feb 3 15:39:39 ubuntu-client sshd[1618]: (pam_mount.c:660): done opening session (ret=0)
can anyone help me figure out why I get permission denied on centos but not on ubuntu?
thanks guys
Best Answer
I found the solution.
The problem was in the sec option on the mount command. for some reason centos can't use ntlm through ssh, so it can't get the password for the mount command.
the solution to this was to change the sec option to ntlmsspi