You are not logged in.
I'm having trouble getting pam_mount to mount a CIFS drive on login. I've setup the pam login module to include pam_mount and allowed user .pam_mount.conf.xml files. When I log in with debugging turned on I see a message saying "no volumes to mount." I've tested that I can properly mount the cifs manually. The password for the user and the cifs mount are definitely the same. Any ideas?
Thanks,
Chris
This has been tested and works:
# sudo mount.cifs //nearspace1/cwoodruf ~/nearspace -o username=jpl/cwoodruf,sec=ntlmv2auth.log:
Mar 2 14:09:08 localhost login[48797]: (rdconf1.c:701): path to luserconf set to /home/cwoodruf/.pam_mount.conf.xml
Mar 2 14:09:08 localhost login[48797]: (pam_mount.c:365): pam_mount 2.13: entering auth stage
Mar 2 14:09:08 localhost login[48797]: pam_unix(login:session): session opened for user cwoodruf by LOGIN(uid=0)
Mar 2 14:09:08 localhost login[48797]: (rdconf1.c:701): path to luserconf set to /home/cwoodruf/.pam_mount.conf.xml
Mar 2 14:09:08 localhost login[48797]: (pam_mount.c:554): pam_mount 2.13: entering session stage
Mar 2 14:09:08 localhost login[48797]: (misc.c:39): Session open: (ruid/rgid=0/0, e=0/0)
Mar 2 14:09:08 localhost login[48797]: (pam_mount.c:602): going to readconfig /home/cwoodruf/.pam_mount.conf.xml
Mar 2 14:09:08 localhost login[48797]: (pam_mount.c:615): no volumes to mount
Mar 2 14:09:08 localhost login[48797]: command: 'pmvarrun' '-u' 'cwoodruf' '-o' '1'
Mar 2 14:09:08 localhost login[48798]: (misc.c:39): set_myuid<pre>: (ruid/rgid=0/0, e=0/0)
Mar 2 14:09:08 localhost login[48798]: (misc.c:39): set_myuid<post>: (ruid/rgid=0/0, e=0/0)
Mar 2 14:09:08 localhost login[48797]: (pam_mount.c:441): pmvarrun says login count is 1
Mar 2 14:09:08 localhost login[48797]: (pam_mount.c:646): done opening session (ret=0)/etc/security/pam_mount.conf.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="1" />
<!-- Volume definitions -->
<!-- pam_mount parameters: General tunables -->
<luserconf name=".pam_mount.conf.xml" />
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,noserverino,sec" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="0" term="0" kill="0" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
</pam_mount>User .pam_mount.conf.xml:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<volume user="jpl/%(USER)"
fstype="cifs"
server="nearspace1"
path="%(USER)"
mountpoint="~/nearspace"
options="nodev,nosuid,noserverino,sec=ntlmv2"
/>
</pam_mount>/etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth required pam_unix.so nullok
auth required pam_tally.so onerr=succeed file=/var/log/faillog
auth optional pam_mount.so try_first_pass
# use this to lockout accounts for 10 minutes after 10 failed attempts
auth required pam_tally.so deny=10 unlock_time=600 onerr=succeed file=/var/log/faillog
account required pam_access.so
account required pam_time.so
account required pam_unix.so
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
password optional pam_mount.so
session required pam_unix.so
session optional pam_mount.so
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so
session optional pam_loginuid.so
-session optional pam_ck_connector.so nox11
-session optional pam_systemd.soOffline