Try to auto mount cifs home dir on Ubuntu using Centrify AD + Pam_mount
12-17-2012 04:20 PM
Here is my situration, I am able to login using GUI and auto mount my CIFS share user home directory. BUT, after reboot ubuntu, trying to login using SSH, I am able to login with my AD account but automount is NOT working. When I run "mount", nothing is mounted. However, if I do su useraccount after SSH logon, I am able to mount my home dir and when cd home/useraccount, i am about to get to my share.
I think I am missing something over SSH, please help.
Here is pam_mount.conf.xml:
<volume user="*" fstype="cifs" server="fs1" path="home/%(DOMAIN_USER)" mountpoint="~/" />
12-21-2012 09:14 AM
Could you please verify if you have placed pam_mount module in
And do you see any "mount" related error exist in syslog or messages file?
12-21-2012 11:05 AM
Here is /etc/pam.d/sshd:
# CentrifyDC OpenSSH - DO NOT change this line
# PAM configuration for the Secure Shell service
# Disallow non-root logins when /etc/nologin exists.
auth required pam_nologin.so
# Read environment variables from /etc/environment and
auth required pam_env.so # 
# Standard Un*x authentication.
# Standard Un*x authorization.
# Standard Un*x session setup and teardown.
# Print the message of the day upon successful login.
session optional pam_motd.so # 
# Print the status of the user's mailbox upon successful login.
session optional pam_mail.so standard noenv # 
# Set up user limits from /etc/security/limits.conf.
session required pam_limits.so
# Standard Un*x password updating.
here is related log in syslog file:
Dec 21 10:54:03 ubuntu3 kernel: [ 124.602471] Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD
Dec 21 10:54:03 ubuntu3 kernel: [ 124.602476] CIFS VFS: Send error in SessSetup = -13
Dec 21 10:54:03 ubuntu3 kernel: [ 124.602547] CIFS VFS: cifs_mount failed w/return code = -13
Could you provide an example of working sshd file?
thank you very much.
12-23-2012 08:14 PM
After doing some research on pam_mount, this seems to be an known issue of pam_mount with Openssh:
So pam_mount would normally ask for a password in the session stage,
but in any OpenSSH to date, PAM modules do not seem to be able to ask
for a password in the session stage, "conversation" always fails:
pam_mount(pam_mount.c:172): conv->conv(...): Conversation error
pam_mount(pam_mount.c:454): warning: could not obtain password interactively either
Therefore it is unable to provide the password to the mount command, and failed to mount with permission denied error:
pam_mount(mount.c:196): Mount info: globalconf, user=test <volume fstype="cifs" server="win-c221qkm9mqg.mba.local" path="share" mountpoint="/home/test/pam_mount_share" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0
command: [mount] [-t] [cifs] [//win-c221qkm9mqg.mba.local/share] [/home/test/pam_mount_share] [-o] [user=test,uid=1459618905,gid=1459618905]
pam_mount(misc.c:38): set_myuid<pre>: (uid=0, euid=0, gid=0, egid=0)
pam_mount(misc.c:38): set_myuid<post>: (uid=0, euid=0, gid=0, egid=0)
pam_mount(mount.c:64): Errors from underlying mount program:
pam_mount(mount.c:68): mount error(13): Permission denied
As a workaround, you can configure the mount to authenticate with kerberos ticket by adding
<volume user="*" fstype="cifs" server="fs1" path="home/%(DOMAIN_USER)" mountpoint="~/" options="sec=krb5i" />
Since this is an issue with pam_mount code and unrelated to Centrify, we would recommend you to open a ticket/bug with corresponding community and ask for a permanent fix.
Please feel free to provide us an update if there are any progress or if you need further help from us.
With best wishes for a Merry Christmas and a Happy New Year.