[Samba] helping whith pam_mount

jmpatagonia jmpatagonia at gmail.com
Thu Sep 24 13:29:41 UTC 2020 

Hello I try to implement pam_mount and I have errors.

When I login to ubuntu desktop client I have an error with "mounting
read-only" but if later to logon on domain I go to the files application
and map the resource shares manually, work fine.

Attach the syslog trace:

Sep 24 10:22:13 ubuntucliente lightdm[708]: (pam_mount.c:365): pam_mount
2.14: entering auth stage
Sep 24 10:22:20 ubuntucliente org.gtk.vfs.Daemon[4222]: A connection to the
bus can't be made
Sep 24 10:22:20 ubuntucliente dbus[631]: [system] Activating via systemd:
service name='org.bluez' unit='dbus-org.bluez.service'
Sep 24 10:22:20 ubuntucliente systemd[1]: Started Session c8 of user
prueba3.
Sep 24 10:22:20 ubuntucliente lightdm[708]: (pam_mount.c:568): pam_mount
2.14: entering session stage
Sep 24 10:22:20 ubuntucliente lightdm[708]: (mount.c:267): Mount info:
globalconf, user=prueba3 <volume fstype="cifs" server="10.11.37.155"
path="FS_PRUEBA_3" mountpoint="/home/POLICIA2/prueba3/compartido"
cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)"
options="" /> fstab=0 ssh=0
Sep 24 10:22:20 ubuntucliente lightdm[708]: (mount.c:664): Password will be
sent to helper as-is.
Sep 24 10:22:20 ubuntucliente lightdm[708]: command: 'mount' '-t' 'cifs' '//
10.11.37.155/FS_PRUEBA_3' '/home/POLICIA2/prueba3/compartido' '-o'
'username=prueba3,uid=50006,gid=50027'
Sep 24 10:22:20 ubuntucliente kernel: [ 1974.705572] No dialect specified
on mount. Default has changed to a more secure dialect, SMB2.1 or later
(e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to
access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0
on mount.
Sep 24 10:22:20 ubuntucliente kernel: [ 1974.864537] Status code returned
0xc000006d STATUS_LOGON_FAILURE
Sep 24 10:22:20 ubuntucliente kernel: [ 1974.864553] CIFS VFS: Send error
in SessSetup = -13
Sep 24 10:22:20 ubuntucliente kernel: [ 1974.864570] CIFS VFS: cifs_mount
failed w/return code = -13
Sep 24 10:22:20 ubuntucliente kernel: [ 1974.865346] No dialect specified
on mount. Default has changed to a more secure dialect, SMB2.1 or later
(e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to
access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0
on mount.
Sep 24 10:22:20 ubuntucliente lightdm[708]: (mount.c:72): Messages from
underlying mount program:
Sep 24 10:22:20 ubuntucliente lightdm[708]: (mount.c:76): mount: //
10.11.37.155/FS_PRUEBA_3 is write-protected, mounting read-only
Sep 24 10:22:21 ubuntucliente kernel: [ 1975.010052] Status code returned
0xc000006d STATUS_LOGON_FAILURE
Sep 24 10:22:21 ubuntucliente kernel: [ 1975.010060] CIFS VFS: Send error
in SessSetup = -13
Sep 24 10:22:21 ubuntucliente kernel: [ 1975.010067] CIFS VFS: cifs_mount
failed w/return code = -13
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:76): mount: cannot
mount //10.11.37.155/FS_PRUEBA_3 read-only
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 22 27 0:21 /
/sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 23 27 0:4 /
/proc rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 24 27 0:6 / /dev
rw,nosuid,relatime shared:2 - devtmpfs udev
rw,size=990848k,nr_inodes=247712,mode=755
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 25 24 0:22 /
/dev/pts rw,nosuid,noexec,relatime shared:3 - devpts devpts
rw,gid=5,mode=620,ptmxmode=000
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 26 27 0:23 /
/run rw,nosuid,noexec,relatime shared:5 - tmpfs tmpfs
rw,size=204124k,mode=755
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 27 0 8:1 / /
rw,relatime shared:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 28 22 0:7 /
/sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:8 - securityfs
securityfs rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 29 24 0:24 /
/dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 30 26 0:25 /
/run/lock rw,nosuid,nodev,noexec,relatime shared:6 - tmpfs tmpfs
rw,size=5120k
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 31 22 0:26 /
/sys/fs/cgroup ro,nosuid,nodev,noexec shared:9 - tmpfs tmpfs ro,mode=755
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 32 31 0:27 /
/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup
cgroup
rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 33 22 0:28 /
/sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:11 - pstore pstore rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 34 31 0:29 /
/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:13 -
cgroup cgroup rw,cpu,cpuacct
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 35 31 0:30 /
/sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:14 - cgroup
cgroup rw,hugetlb
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 36 31 0:31 /
/sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 - cgroup
cgroup rw,freezer
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 37 31 0:32 /
/sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:16 - cgroup
cgroup rw,memory
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 38 31 0:33 /
/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:17 -
cgroup cgroup rw,net_cls,net_prio

--> Common-auth
auth    optional        pam_mount.so

# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
session    required    pam_mkhomedir.so    skel=/etc/skel/    umask=0022

--> common-session
# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions
etc.
# See "man pam_umask".
session optional                        pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required        pam_unix.so
session optional                        pam_winbind.so
session optional        pam_systemd.so
session optional                        pam_mkhomedir.so
# end of pam-auth-update config
session optional        pam_mount.so


--> just forcing /etc/security/pam_mount.conf.xml for test purpose

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<volume
        fstype="cifs"
        server="10.11.37.155"
        path="FS_PRUEBA_3"
        mountpoint="/home/POLICIA2/prueba3/compartido"
        />
<!-- ... -->
</pam_mount>

regards.

More information about the samba mailing list