Hi guys,
I have a PC on which everything works with the (seemingly) same configuration like on the non-working computers. The computers all run Debian 7 "Wheezy" with XFCE and the latest patches. I replaced the company name with "redacted" in the following examples.
First, the errors:
root@REDACTED-PC9:~# su phre4k reenter password for pam_mount: (mount.c:72): Messages from underlying mount program: (mount.c:76): mount error(13): Permission denied (mount.c:76): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) (pam_mount.c:522): mount of ablage failed phre4k@REDACTED-PC9:/root$ exit exit (mount.c:72): umount messages: (mount.c:76): umount: /home/REDACTED.local/phre4k/Öffentlich ist nicht eingehängt (mount.c:885): unmount of ablage failed root@REDACTED-PC9:~# dmesg | tail [ 237.007952] CIFS VFS: cifs_mount failed w/return code = -13 [23208.914633] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE [23208.914649] CIFS VFS: Send error in SessSetup = -13 [23208.914749] CIFS VFS: cifs_mount failed w/return code = -13 [23236.005142] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE [23236.005156] CIFS VFS: Send error in SessSetup = -13 [23236.005354] CIFS VFS: cifs_mount failed w/return code = -13 [23400.427703] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE [23400.427717] CIFS VFS: Send error in SessSetup = -13 [23400.427917] CIFS VFS: cifs_mount failed w/return code = -13 Some tests with Winbind:
root@REDACTED-PC9:~# wbinfo -P checking the NETLOGON dc connection to "REDACTED-server.REDACTED.local" succeeded root@REDACTED-PC9:~# wbinfo -p Ping to winbindd succeeded root@REDACTED-PC9:~# net rpc testjoin Join to 'REDACTED' is OK dmesg on the working PC:
[ 259.610360] Key type dns_resolver registered [ 259.621819] FS-Cache: Netfs 'cifs' registered for caching [ 259.621881] Key type cifs.spnego registered [ 259.621902] Key type cifs.idmap registered The server is called filesrv1 and here's the pam_mount.conf.xml for the clients:
<?xml version="1.0" encoding="utf-8" ?> <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd"> <!-- See pam_mount.conf(5) for a description. --> <pam_mount> <!-- debug should come before everything else, since this file is still processed in a single pass from top-to-bottom --> <debug enable="0" /> <!-- Volume definitions --> <volume fstype="cifs" server="filesrv1" path="ablage" mountpoint="/home/REDACTED.local/%(DOMAIN_USER)/Öffentlich" option="sec=krb5,workgroup=REDACTED" /> <!-- pam_mount parameters: General tunables --> <!-- <luserconf name=".pam_mount.conf.xml" /> --> <!-- Note that commenting out mntoptions will give you the defaults. You will need to explicitly initialize it with the empty string to reset the defaults to nothing. --> <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" /> <!-- <mntoptions deny="suid,dev" /> <mntoptions allow="*" /> <mntoptions deny="*" /> --> <mntoptions require="nosuid,nodev" /> <logout wait="0" hup="0" term="0" kill="0" /> <!-- pam_mount parameters: Volume-related --> <mkmountpoint enable="1" remove="true" /> </pam_mount> On the working PC I have the exact same pam_mount.conf.xml. libpam-mount is installed, DNS works. Everything I've found so far is regarding a missing Domain or auth method in the configurations, but I specified both (REDACTED respectively Kerberos). With klist on the client I see the ticket for the user, the file server log.smbd only shows some CUPS errors (which are okay since it shouldn't work as CUPS server).
Mounting the share from the "non-working" clients with username and password works, even the server browser of Thunar works flawlessly – only the automount with pam_mount fails.
Login→ PAM → pam_mount → Kerberos → Winbind on server → Samba on server → Samba on client
Am I missing a link in the chain above? The configurations are (seemingly) the same and the program versions certainly are. I must have missed something, but what exactly?
[link][2 comments]