pam_module adds user=%(USER) to mount options for cifs
Brought to you by:
jengelh
Menu
▾
▴
#107 pam_module adds user=%(USER) to mount options for cifs
When fstype is cifs, pam_mount adds user=(%USER) to mount options, that causes problem when local user name is different from domain user name.
Example:
<volume sgrp="users" fstype="cifs" server="server" path="share" mountpoint="/home/%(USER)/mountpoint" options="cred=/home/%(USER)/.cred.txt" />
is transformed to:
command: 'mount' '-t' 'cifs' '//server/share' '/home/user/mountpoint' '-o' 'user=user,uid=1000,gid=1000,credentials=/home/user/.cred.txt'
But user is set in credentials file .cred.txt and mount.cifs results in error:
mount -t cifs //server/share /home/user/mountpoint/ -o user=user,uid=1000,gid=1000,credentials=/home/user/.cred.txt -v
mount.cifs kernel mount options: unc=//server\share,user=domainuser,ver=1,user=user,credentials=/home/user/.cred.txt,uid=1000,gid=1000,ip=a.b.c.d,pass=********
mount error(13): Permission denied
There is a small patch in attach, that removes user from default command string for cifsmount to fix this problem.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Last edit: Anonymous 2014-04-06
I ran into the same problem after upgrading to util-linux-2.22, where the parsing of the options seems to have changed.
Since my windows username is different from my local linux username, I used to specify the windows user as a volume option in the .pam_mount.conf.xml.
This results in the mount command having two user values, one added by the default_command struct in rdconf1.c, one by my volume option.
With util-linux-2.11, the second user name was actually used, resulting in the desired effect. With util-linux-2.22, the parsing behaviour seems to have changed, and now the first user name is used, resulting in a failed login.
I have forwarded the observation to the util-linux maintainer.
Thanks, Jan. Still, my guess is that the bug is rather pam_mount's, than mount.cifs' - since it's impossible with pam_mount to specify a user= value that differs from the current username. Specifying two user= values masked to problem, but I would not expect mount.cifs to support two user= values and always pick the second one...
mount.cifs supports multiple user=, which is why there has not been any problem.
Could we get an update with what the util-linux maintainer stated, Jan? I couldn't find any open bug reports, but didn't bother checking closed bug reports. I am also affected by this issue.
Karel rightfully pointed me towards the fact that the "user" option is the wrong one to use for the username.
I have created and pushed commit 966c6bea34eb4db75f4899927606cf4b5dfe5ee3 that changes this.
Please check if the change resolves your issue, thanks.
Note to all: if you have a <volume> element with options="user=xyz", you need to change it to options="username=xyz", because that is what mount(8) requires, and actually required years ago. pam_mount (and users) have practically been relying on a hack that user=xyz was accepted in the past.
I couldn't seem to get pam_mount recompiled on OpenSUSE 12.3 (didn't know what packages to install in place of libxml + mount since those aren't in the repos, despite mount being avail on the system and libxml2 being provided by libxml2-tools). I checked the commit diffs and seems like this does similarly: http://technik.blogs.nde.ag/2013/02/28/pam_mounting-cifs-volume-with-a-different-user/ Adding that <cifsmount> line into my pam_mount conf fixed the issue.</cifsmount>
libxml and mount are very well available in the build system (how else would pam_mount be present in openSUSE?). See https://build.opensuse.org/package/show?package=pam_mount&project=Linux-PAM . You can even branch from there.