所以我有这个问题,pam_mount 不会挂载我的 cifs 主目录
pam_mount 有这个/var/log/messages
:
Feb 3 15:49:18 centosy nslcd[1278]: [3c9869] <passwd="tomas"> (re)loading /etc/nsswitch.conf
Feb 3 15:49:20 centosy systemd: Starting user-3000044.slice.
Feb 3 15:49:20 centosy systemd: Created slice user-3000044.slice.
Feb 3 15:49:20 centosy systemd: Starting Session 1 of user tomas.
Feb 3 15:49:20 centosy systemd: Started Session 1 of user tomas.
Feb 3 15:49:20 centosy systemd-logind: New session 1 of user tomas.
Feb 3 15:49:20 centosy sshd[2208]: (rdconf1.c:744): path to luserconf set to /home/tomas/.pam_mount.conf.xml
Feb 3 15:49:20 centosy sshd[2208]: (pam_mount.c:568): pam_mount 2.14: entering session stage
Feb 3 15:49:20 centosy sshd[2208]: (pam_mount.c:173): conv->conv(...): Conversation error
Feb 3 15:49:20 centosy sshd[2208]: (pam_mount.c:477): warning: could not obtain password interactively either
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:782): Could not get realpath of /home/tomas: No such file or directory
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:263): Mount info: globalconf, user=tomas <volume fstype="cifs" server="zentyal" path="tomas" mountpoint="/home/tomas" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="sec=ntlm,nodev,nosuid" /> fstab=0 ssh=0
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:305): mkmountpoint: checking /home
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:305): mkmountpoint: checking /home/tomas
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:345): mkdir[0] /home/tomas
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:353): chown /home/tomas -> 3000044:1901
Feb 3 15:49:20 centosy sshd[2208]: (mount.c:660): Password will be sent to helper as-is.
Feb 3 15:49:20 centosy sshd[2208]: command: 'mount' '-t' 'cifs' '//zentyal/tomas' '/home/tomas' '-o' 'username=tomas,uid=3000044,gid=1901,sec=ntlm,nodev,nosuid'
Feb 3 15:49:20 centosy kernel: Key type dns_resolver registered
Feb 3 15:49:21 centosy kernel: Key type cifs.spnego registered
Feb 3 15:49:21 centosy kernel: Key type cifs.idmap registered
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:68): Messages from underlying mount program:
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:72): mount error(13): Permission denied
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Feb 3 15:49:21 centosy kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb 3 15:49:21 centosy kernel: CIFS VFS: Send error in SessSetup = -13
Feb 3 15:49:21 centosy kernel: CIFS VFS: cifs_mount failed w/return code = -13
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 17 37 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 18 37 0:16 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 19 37 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,size=934084k,nr_inodes=233521,mode=755
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 20 18 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 - securityfs securityfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 21 19 0:17 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 22 19 0:11 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts rw,gid=5,mode=620,ptmxmode=000
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 23 37 0:18 / /run rw,nosuid,nodev shared:21 - tmpfs tmpfs rw,mode=755
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 24 18 0:19 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:8 - tmpfs tmpfs rw,mode=755
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 25 24 0:20 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:9 - cgroup cgroup rw,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 26 18 0:21 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:19 - pstore pstore rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 27 24 0:22 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,cpuset
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 28 24 0:23 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:11 - cgroup cgroup rw,cpuacct,cpu
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 29 24 0:24 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:12 - cgroup cgroup rw,memory
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 30 24 0:25 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,devices
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 31 24 0:26 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,freezer
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 32 24 0:27 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,net_cls
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 33 24 0:28 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,blkio
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 34 24 0:29 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,perf_event
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 35 24 0:30 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,hugetlb
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 36 18 0:31 / /sys/kernel/config rw,relatime shared:20 - configfs configfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 37 1 253:1 / / rw,relatime shared:1 - xfs /dev/mapper/centos-root rw,attr2,inode64,noquota
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 15 17 0:14 / /proc/sys/fs/binfmt_misc rw,relatime shared:22 - autofs systemd-1 rw,fd=32,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 38 19 0:32 / /dev/hugepages rw,relatime shared:23 - hugetlbfs hugetlbfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 39 19 0:13 / /dev/mqueue rw,relatime shared:24 - mqueue mqueue rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 40 18 0:7 / /sys/kernel/debug rw,relatime shared:25 - debugfs debugfs rw
Feb 3 15:49:21 centosy sshd[2208]: (mount.c:554): 41 37 8:1 / /boot rw,relatime shared:26 - xfs /dev/sda1 rw,attr2,inode64,noquota
Feb 3 15:49:21 centosy sshd[2208]: (pam_mount.c:522): mount of tomas failed
我的/etc/security/pam_mount.conf.xml
样子是这样的:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="1" />
<!-- Volume definitions -->
<volume user="*" fstype="cifs" server="zentyal" path="%(USER)" mountpoint="/home/%(USER)" options="se$
<!-- pam_mount parameters: General tunables -->
<mkmountpoint enable="1" remove="true" />
<luserconf name=".pam_mount.conf.xml" />
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions allow="*" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="0" term="0" kill="0" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
</pam_mount>
我知道它说权限被拒绝,但我无法理解这一点,因为在我的 ubuntu 客户端上,它的安装方式与此完全一样,工作正常:
Feb 3 15:39:39 ubuntu-client sshd[1618]: (pam_mount.c:568): pam_mount 2.14: entering session stage
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:786): Could not get realpath of /home/tomas: No such file or directory
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:267): Mount info: globalconf, user=tomas <volume fstype="cifs" server="zentyal" path="tomas" mountpoint="/home/tomas" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="sec=ntlm,nodev,nosuid" /> fstab=0 ssh=0
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:309): mkmountpoint: checking /home
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:309): mkmountpoint: checking /home/tomas
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:349): mkdir[0] /home/tomas
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:357): chown /home/tomas -> 3000044:1901
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:664): Password will be sent to helper as-is.
Feb 3 15:39:39 ubuntu-client sshd[1618]: command: 'mount' '-t' 'cifs' '//zentyal/tomas' '/home/tomas' '-o' 'username=tomas,uid=3000044,gid=1901,sec=ntlm,nodev,nosuid'
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 17 22 0:15 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 18 22 0:3 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 19 22 0:5 / /dev rw,relatime - devtmpfs udev rw,size=498160k,nr_inodes=124540,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 20 19 0:12 / /dev/pts rw,nosuid,noexec,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 21 22 0:16 / /run rw,nosuid,noexec,relatime - tmpfs tmpfs rw,size=101788k,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 22 1 8:1 / / rw,relatime - ext4 /dev/disk/by-uuid/3056ddfe-8725-48bd-a3c7-c353dd4ed7ee rw,errors=remount-ro,data=ordered
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 23 17 0:17 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 24 17 0:18 / /sys/fs/fuse/connections rw,relatime - fusectl none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 25 17 0:6 / /sys/kernel/debug rw,relatime - debugfs none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 26 17 0:10 / /sys/kernel/security rw,relatime - securityfs none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 27 21 0:19 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=5120k
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 28 21 0:20 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 29 21 0:21 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none rw,size=102400k,mode=755
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 30 17 0:22 / /sys/fs/pstore rw,relatime - pstore none rw
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 31 23 0:23 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime - cgroup systemd rw,name=systemd
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 32 29 0:24 / /run/user/112/gvfs rw,nosuid,nodev,relatime - fuse.gvfsd-fuse gvfsd-fuse rw,user_id=112,group_id=118
Feb 3 15:39:39 ubuntu-client sshd[1618]: (mount.c:558): 33 22 0:25 / /home/tomas rw,nosuid,nodev,relatime - cifs //zentyal/tomas rw,vers=1.0,sec=ntlm,cache=strict,username=tomas,uid=3000044,forceuid,gid=1901,forcegid,addr=172.16.0.5,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1
Feb 3 15:39:39 ubuntu-client sshd[1618]: command: 'pmvarrun' '-u' 'tomas' '-o' '1'
Feb 3 15:39:39 ubuntu-client sshd[1618]: (pam_mount.c:441): pmvarrun says login count is 1
Feb 3 15:39:39 ubuntu-client sshd[1618]: (pam_mount.c:660): done opening session (ret=0)
谁能帮助我弄清楚为什么我在 centos 上被拒绝权限而在 ubuntu 上没有被拒绝?
多谢你们
答案1
我找到了解决方案。
问题出在 mount 命令的 sec 选项上。由于某种原因,centos 无法通过 ssh 使用 ntlm,因此它无法获取 mount 命令的密码。
解决方案是将 sec 选项更改为 ntlmsspi
sec=ntlmsspi