sshd cannot mount cifs shares

Bug #367918 reported by baum on 2009-04-27
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libpam-mount (Ubuntu)
Undecided
Unassigned

Bug Description

release: intrepid
libpam-mount package version: 0.41-1

after an update in intrepid libpam-mount does not mount cifs shares anymore.
the update process asked if i wanted to use pam-auth-update to update my /etc/pam.d/common-* files. the answer was no.
now im unable to mount cifs shares.

here is the debug output from /var/log/auth.log

Apr 27 13:01:25 pc-cs sshd[14780]: Accepted publickey for username from 1.2.3.4 port 44243 ssh2
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:459) Entered pam_mount session stage
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:480) back from global readconfig
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:482) per-user configurations not allowed by pam_mount.conf.xml
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:511) error trying to retrieve authtok from auth code
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:195) enter read_password
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:163) conv->conv(...): Conversation error
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:514) error trying to read password
Apr 27 13:01:25 pc-cs sshd[14780]: pam_mount(pam_mount.c:547) done opening session (ret=7)
Apr 27 13:01:25 pc-cs sshd[14780]: pam_unix(sshd:session): session opened for user username by (uid=0)

#######pam configuration#########
/etc/pam.d/common-account
----
account [new_authtok_reqd=done authinfo_unavail=ignore user_unknown=ignore default=done] pam_unix.so
account sufficient pam_localuser.so
account [success=ignore default=1] pam_succeed_if.so uid > 10000
account [authinfo_unavail=ignore default=done] pam_ldap.so
account requisite pam_deny.so
account requisite pam_permit.so

/etc/pam.d/common-auth
----
auth required pam_env.so
auth [success=ignore default=1] pam_localuser.so
auth [success=done new_authtok_reqd=done default=2] pam_unix.so likeauth nullok_secure shadow nodelay
auth [authinfo_unavail=1 success=ignore default=2] pam_ldap.so
auth [default=done] pam_ccreds.so action=store use_first_pass
auth [success=done default=die] pam_ccreds.so action=validate use_first_pass
auth [default=ignore] pam_echo.so Delete cached password
auth [default=bad] pam_ccreds.so action=update
auth required pam_deny.so

/etc/pam.d/common-password
-----
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password sufficient pam_unix.so nullok use_authtok shadow md5 try_first_pass
password sufficient pam_ldap.so use_authtok use_first_pass
password required pam_deny.so

/etc/pam.d/common-session
----
session required pam_limits.so
session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0066
session required pam_ldap.so

/etc/pam.d/common-pammount
----
auth optional pam_mount.so use_first_pass
session optional pam_mount.so use_first_pass

/etc/pam.d/sshd (either way if at the top or the bottom it doesnt work. it worked with ssh before the update with the 2 lines at the top)
----
#auth optional pam_mount.so use_first_pass
#session optional pam_mount.so use_first_pass
@include common-auth
@include common-account
@include common-password
@include common-session
@include common-pammount

####sshd configuration######
/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes

the umount errors also there. but that has been opened long time ago and isnt fixed.

is my problem this a bug or is just the configuration after the update wrong.
i tried several setups but with no postive result.

James Page (james-page) wrote :

Marking 'Won't Fix' as Intrepid is no longer supported.

Changed in libpam-mount (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers