[Samba] Debian client/workstation pam_mount

Robert Wooden wdn2420systm at gmail.com
Sat Sep 26 11:47:22 UTC 2020 

Maybe I am not testing the signin correctly. Here is what I am doing. I
sign into the client/workstation (hereafter referred to as C/W) via ssh as
the local "admin" from another C/W so I can open many terminals to tail log
files. Then "sudo -i" into "root". All testing is run as "root". When I
sign into "root", I see this:

> admin at lws4:~$ sudo -i
> [sudo] password for admin:
> /etc/security/pam_mount.conf.xml:2: parser error : Extra content at the
> end of the document
> <volume fstype="fuse"
> ^
> (rdconf1.c:401): libxml detected a syntax error in
> /etc/security/pam_mount.conf.xml
>
I cannot seem to find, what appears to me, any errors in
"/etc/security/pam_mount.conf.xml".

Maybe it does not matter and I could be remembering incorrectly but, aren't
all pam_mount config files supposed *to end with a blank line*?

My file:

> root at lws4:~# cat /etc/security/pam_mount.conf.xml
> <debug enable="2" />
> <volume fstype="fuse"
> server="mbr04.subdom.example.com"
> path="/public"
> mountpoint="/home/test2/dtshare"
>
> options="username=%(USER),uid=%(USERUID),gid=%(USERGID),domain=%(DOMAIN_NAME),nosuid,nodev,noatime,reconnect,nonempty,allow_other,default_permissions,password_stdin"
>         ssh="0" noroot="0" />
>
 Per Dr. Naumer suggestion, I removed "password_stdin" but failure remained
the same (so, put it back in.)

I tried changing "<volumefstype=" to "cifs" and failure remained the same
(so, changed it back to "fuse".)

This leads me to think sign in permissions issues?

The auth.log shows:

> root at lws4:~# tail -f /var/log/auth.log
> Sep 26 06:22:29 lws4 sshd[2296]: Failed password for invalid user tuser16
> from 192.168.24.30 port 33008 ssh2
> Sep 26 06:22:50 lws4 sshd[2296]: pam_winbind(sshd:auth): getting password
> (0x00000388)
> Sep 26 06:22:50 lws4 sshd[2296]: pam_winbind(sshd:auth): pam_get_item
> returned a password
> Sep 26 06:22:51 lws4 sshd[2296]: pam_winbind(sshd:auth): request
> wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7),
> NTSTATUS: NT_STATUS_LOGON_FAILURE, Error message was: The attempted logon
> is invalid. This is either due to a bad username or authentication
> information.
> Sep 26 06:22:51 lws4 sshd[2296]: pam_winbind(sshd:auth): user 'tuser16'
> denied access (incorrect password or invalid membership)
> Sep 26 06:22:52 lws4 sshd[2296]: Failed password for invalid user tuser16
> from 192.168.24.30 port 33008 ssh2
> Sep 26 06:22:52 lws4 sshd[2296]: Connection closed by invalid user tuser16
> 192.168.24.30 port 33008 [preauth]
> Sep 26 06:22:52 lws4 sshd[2296]: PAM 2 more authentication failures;
> logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.24.30  user=tuser16
> Sep 26 06:25:01 lws4 CRON[2300]: pam_unix(cron:session): session opened
> for user root by (uid=0)
> Sep 26 06:25:01 lws4 CRON[2300]: pam_unix(cron:session): session closed
> for user root
>

Suggestions?

On Fri, Sep 25, 2020 at 2:18 PM Robert Wooden <wdn2420systm at gmail.com>
wrote:

> Dear jmpatagonia,
>
> Did NOT appreciate your taking over my thread!
>
> Next time start your own thread, please.
>
> On Fri, Sep 25, 2020 at 12:08 PM jmpatagonia via samba <
> samba at lists.samba.org> wrote:
>
>> yes 'FS_PRUEBA_3' is the share name
>>
>> El vie., 25 sept. 2020 a las 14:03, Rowland penny via samba (<
>> samba at lists.samba.org>) escribió:
>>
>> > On 25/09/2020 17:50, jmpatagonia via samba wrote:
>> > > Is still not working
>> > >
>> > > <volume fstype="cifs"
>> > >           server="domain-server2.policia2.rionegro.gov.ar"
>> > >           path="FS_PRUEBA_3"
>> > >           mountpoint="/home/POLICIA2/prueba3/compartido"
>> > >
>> Options="username=%(USER),uid=%(USERUID),gid=%(USERGID),domain=%(GRUPO3)"
>> > >   >
>> >
>> > No, 'domain=GRUPO3', not 'domain=%(GRUPO3)'
>> >
>> > I also take it that 'FS_PRUEBA_3' is the sharename on  the server.
>> >
>> > Rowland
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list