Не удается смонтировать SMB vi PAM при ошибке входа в систему (домашний каталог) -13

Ubuntu 14.04 файл (сервер) работает Samba 4 Активный каталог (AD)
Клиент Ubuntu 18 (новая установка)

Я настроил домашние каталоги пользователей Ubuntu для подключения через PAM а также SMB/CIFS,

Тестовый каталог будет монтироваться через CIFS вручную, но не при вызове PAM при входе в систему. Ошибка -13 кажется, указывает на ошибку прав доступа, но добавление определенных прав доступа к файлу не помогает. Кроме того, разрешения должны быть получены из AD User вошел в систему (поэтому он не запрашивает пароль.)

APT

libmount1/bionic-updates,now 2.31.1-0.4ubuntu3.3 amd64 [installed]
libpam-mount/bionic-updates,now 2.16-3ubuntu0.1 amd64 [installed]
mount/bionic-updates,now 2.31.1-0.4ubuntu3.3 amd64 [installed]
cifs-utils/bionic,now 2:6.8-1 amd64 [installed]
libsmbclient/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64 [installed]
python-samba/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64 [installed,automatic]
samba/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64 [installed,automatic]
samba-common/bionic-updates,bionic-updates,bionic-security,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 all [installed,automatic]
samba-common-bin/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64 [installed,automatic]
samba-dsdb-modules/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64 [installed,automatic]
samba-libs/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64 [installed]

/etc/security/pam_mount.conf.xml

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />

                <!-- Volume definitions -->            
                        <volume fstype="cifs" 
                        path="//SMB-Server.SAMBA-AD.de/testshare" 
                        mountpoint="/mnt/AD-User" 
                        options="user=AD-User,domain=SAMBA-AD,exec,vers=3.0"  
                        gid="1234"/>

                <!-- pam_mount parameters: General tunables -->

<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />

<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" />

<mkmountpoint enable="1" remove="true" />
</pam_mount>

/etc/pam.d/common-auth

auth    [success=3 default=ignore]      pam_krb5.so minimum_uid=1000
auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional        pam_mount.so 
auth    optional                        pam_cap.so 
auth    optional  pam_mount.so
# end of pam-auth-update config

/etc/pam.d/common-session

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session optional                        pam_umask.so
session optional                        pam_krb5.so minimum_uid=1000
session required        pam_unix.so 
session optional                        pam_winbind.so 
session optional        pam_mount.so 
session optional        pam_systemd.so 
session  optional  pam_mount.so
# end of pam-auth-update config

Ручное крепление

root@logToComputerName:/#mount -t cifs -o rw,user=AD-User,domain=SAMBA-AD  \\\\SMB-Server\\testshare /mnt/AD-User
Password for AD-User@\SMB-Server\testshare:  ********

root@logToComputerName:/# df -h 
Filesystem                                       Size  Used Avail Use% Mounted on
udev                                             7,9G     0  7,9G   0% /dev
tmpfs                                            1,6G  2,9M  1,6G   1% /run
/dev/sda1                                        458G   29G  406G   7% /
(...snip...)
\\SMB-Server\testshare                                23T     0   23T   0% /mnt/AD-User

PAM крепление

AD-User@localTerm:~$ ssh AD-User@logToComputerName
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.18.0-20-generic x86_64)
(...snip...)
Your Hardware Enablement Stack (HWE) is supported until April 2023.
Last login: Tue May 28 14:42:45 2019 from xxx.xxx.x8.149
AD-User@logToComputerName:~$ df -h 
Filesystem                                       Size  Used Avail Use% Mounted on
udev                                             7,9G     0  7,9G   0% /dev
tmpfs                                            1,6G  2,9M  1,6G   1% /run
/dev/sda1                                        458G   29G  406G   7% /
(...snip...)
(No mount)

/var/log/syslog (из-за неудачного подключения к PAM

May 28 14:51:56 logToComputerName kernel: [14958.849509] Status code returned 0xc000006d STATUS_LOGON_FAILURE
May 28 14:51:56 logToComputerName kernel: [14958.849518] CIFS VFS: Send error in SessSetup = -13
May 28 14:51:56 logToComputerName kernel: [14958.849527] CIFS VFS: cifs_mount failed w/return code = -13
May 28 14:51:56 logToComputerName systemd[1]: Created slice User Slice of AD-User.
May 28 14:51:56 logToComputerName systemd[1]: Starting User Manager for UID 123456...
May 28 14:51:56 logToComputerName systemd[1]: Started Session 59 of user AD-User.
May 28 14:51:57 logToComputerName systemd[16601]: Listening on GnuPG network certificate management daemon.
May 28 14:51:57 logToComputerName systemd[16601]: Started Pending report trigger for Ubuntu Report.
May 28 14:51:57 logToComputerName systemd[16601]: Reached target Paths.
May 28 14:51:57 logToComputerName systemd[16601]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
May 28 14:51:57 logToComputerName systemd[16601]: Reached target Timers.
May 28 14:51:57 logToComputerName systemd[16601]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
May 28 14:51:57 logToComputerName systemd[16601]: Listening on GnuPG cryptographic agent and passphrase cache.
May 28 14:51:57 logToComputerName systemd[16601]: Starting D-Bus User Message Bus Socket.
May 28 14:51:57 logToComputerName systemd[16601]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
May 28 14:51:57 logToComputerName systemd[16601]: Listening on D-Bus User Message Bus Socket.
May 28 14:51:57 logToComputerName systemd[16601]: Reached target Sockets.
May 28 14:51:57 logToComputerName systemd[16601]: Reached target Basic System.
May 28 14:51:57 logToComputerName systemd[1]: Started User Manager for UID 123456.
May 28 14:51:57 logToComputerName systemd[16601]: Reached target Default.
May 28 14:51:57 logToComputerName systemd[16601]: Startup finished in 504ms.
May 28 14:51:57 logToComputerName kernel: [14959.422369] FS-Cache: Duplicate cookie detected
May 28 14:51:57 logToComputerName kernel: [14959.422376] FS-Cache: O-cookie c=00000000439a062a [p=00000000aec79842 fl=222 nc=1 na=1]
May 28 14:51:57 logToComputerName kernel: [14959.422378] FS-Cache: O-cookie d=00000000ddea9b97 n=000000000ee78c37
May 28 14:51:57 logToComputerName kernel: [14959.422381] FS-Cache: O-key=[8] '020001bd8d03590a'
May 28 14:51:57 logToComputerName kernel: [14959.422389] FS-Cache: N-cookie c=000000005644be78 [p=00000000aec79842 fl=2 nc=0 na=1]
May 28 14:51:57 logToComputerName kernel: [14959.422392] FS-Cache: N-cookie d=00000000ddea9b97 n=00000000c3c538f7
May 28 14:51:57 logToComputerName kernel: [14959.422393] FS-Cache: N-key=[8] '020001bd8d03590a'
May 28 14:51:57 logToComputerName kernel: [14959.485780] Status code returned 0xc000006d STATUS_LOGON_FAILURE
May 28 14:51:57 logToComputerName kernel: [14959.485788] CIFS VFS: Send error in SessSetup = -13
May 28 14:51:57 logToComputerName kernel: [14959.485798] CIFS VFS: cifs_mount failed w/return code = -13
Источник

0 ответов

Другие вопросы по тегам