LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-18-2008, 09:28 AM   #1
VanditBoy
LQ Newbie
 
Registered: Jan 2006
Posts: 4

Rep: Reputation: 0
Problem with pam_mount on Gentoo


Hi everyone!

I have Active Directory with Windows Services for Unix. I'm using system authentication through pam_winbind, users can login to linux machines using AD account. Also I need to use pam_mount module with cifs, but I got this annoying message:

Aug 18 16:13:00 test sshd[21555]: pam_winbind(sshd:auth): getting password (0x00000010)
Aug 18 16:13:00 test sshd[21555]: pam_winbind(sshd:auth): pam_get_item returned a password
Aug 18 16:13:00 test sshd[21555]: pam_winbind(sshd:auth): user 'madamczyk' granted access
Aug 18 16:13:00 test sshd[21555]: pam_winbind(sshd:account): user 'madamczyk' OK
Aug 18 16:13:00 test sshd[21555]: pam_winbind(sshd:account): user 'madamczyk' granted access
Aug 18 16:13:00 test sshd[21550]: Accepted keyboard-interactive/pam for madamczyk from 172.20.10.100 port 2327 ssh2
Aug 18 16:13:00 test sshd[21556]: pam_unix(sshd:session): session opened for user madamczyk by (uid=0)
Aug 18 16:13:00 test sshd[21556]: pam_mount(pam_mount.c:511) error trying to retrieve authtok from auth code
Aug 18 16:13:00 test sshd[21556]: pam_mount(pam_mount.c:163) conv->conv(...): Conversation error
Aug 18 16:13:00 test sshd[21556]: pam_mount(pam_mount.c:514) error trying to read password


I found post with problem similar to main: http://www.linuxquestions.org/questi...gentoo-553741/
but this solution doesn't work for me.

Here are my config files:

/etc/pam.d/system-auth

PHP Code:

#%PAM-1.0

auth       required     pam_env.so
auth       optional     pam_mount
.so
auth       sufficient   pam_winbind
.so use_first_pass
auth       required     pam_unix
.so use_first_pass

#auth       sufficient   pam_unix.so try_first_pass likeauth nullok
#auth       required     pam_group.so try_first_pass
#auth       sufficient   pam_winbind.so try_first_pass
#auth       required     pam_deny.so

account    sufficient   pam_winbind.so
account    required     pam_unix
.so

password   required     pam_cracklib
.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password   sufficient   pam_unix
.so try_first_pass use_authtok nullok md5 shadow
password   required     pam_deny
.so

session    required     pam_limits
.so
session    required     pam_unix
.so
session    required     pam_mkhomedir
.so skel=/etc/skelumask=0022 silent
session    optional     pam_mount
.so 
/etc/pam.d/sshd

PHP Code:

#%PAM-1.0

#auth       required     pam_shells.so


auth       include      system-auth
auth       optional     pam_mount
.so use_first_pass
auth       required     pam_nologin
.so

account    
include      system-auth
password   
include      system-auth
session    
include      system-auth 
/etc/security/pam_mount.conf.xml

PHP Code:
...

<
volume user="madamczyk" fstype="cifs" server="172.20.10.10"  path="madamczyk" mountpoint="/home/madamczyk/workspace" /> 
Thanks for any help to resolve this problem.
 
Old 08-20-2008, 07:17 AM   #2
VanditBoy
LQ Newbie
 
Registered: Jan 2006
Posts: 4

Original Poster
Rep: Reputation: 0
I changed winbind to ldap authorization because of wrong ID mapping. I figured it out and I can login locally, but through ssh I can't. Any idea? I have openssh-4.7_p1-r6 (USE="kerberos ldap pam tcpd -X -X509 -chroot -hpn -libedit (-selinux) -skey -smartcard -static") and pam_mount 0.43. My /etc/pam.d/sshd file looks like these:

PHP Code:

auth       
include      system-login
account    
include      system-login
password   
include      system-login
session    
include      system-login 
/etc/pam.d/system-login contains:

PHP Code:

auth            required        pam_tally
.so file=/var/log/faillog onerr=succeed
auth            required        pam_shells
.so
auth            required        pam_nologin
.so
auth            
include         system-auth

account         required        pam_access
.so
account         required        pam_nologin
.so
account         
include         system-auth
account         required        pam_tally
.so file=/var/log/faillog onerr=succeed

password        
include         system-auth

session         required        pam_env
.so
session         optional        pam_lastlog
.so
session         
include         system-auth
session         optional        pam_motd
.so motd=/etc/motd
session         optional        pam_mail
.so 
and finally my /etc/pam.d/system-auth file

PHP Code:

#%PAM-1.0

auth required pam_env.so
auth required pam_mount
.so debug
auth sufficient pam_unix
.so nullok try_first_pass
auth requisite pam_succeed_if
.so uid >= 500 quiet
auth sufficient pam_krb5
.so use_first_pass
auth required pam_deny
.so

account required pam_unix
.so broken_shadow
account sufficient pam_localuser
.so
account sufficient pam_succeed_if
.so uid 500 quiet
account 
[default=bad success=ok user_unknown=ignorepam_krb5.so
account required pam_permit
.so

password requisite pam_cracklib
.so try_first_pass retry=3
password sufficient pam_unix
.so md5 shadow nis nullok try_first_pass use_authtok
password sufficient pam_krb5
.so use_authtok
password required pam_deny
.so

session optional pam_keyinit
.so revoke
session required pam_mkhomedir
.so skel=/etc/skel umask=0022
session required pam_limits
.so
session 
[success=default=ignorepam_succeed_if.so service in crond quiet use_uid
session required pam_unix
.so
session optional pam_mount
.so debug
session optional pam_krb5
.so 
What now? How to make sshd to work properly?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pam_mount problems in ssh on gentoo whysyn Linux - Security 6 12-20-2007 04:19 PM
pam_mount configuration MediMania Linux - Networking 0 03-28-2006 04:19 AM
pam_mount + pam_winbind + pam_krb5. All in one (?) Thakowbbery Linux - Networking 2 06-15-2005 06:49 AM
Installing Pam_mount in suse 9.3 bschneider SUSE / openSUSE 8 05-02-2005 05:04 PM
How to setup pam_mount? mauro_haller Linux - Networking 0 03-08-2004 09:26 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration