Calculate Forum

Pam_mount прерывает создание профиля пользователя

#1

Доброго времени суток.
Есть домен на Win server 2012, есть файловый сервер на Win server 2012.
Рабочий сценарий на виндовых клиентах: для всех пользователей домена групповыми политиками создаются персональные сетевые папки, и подключаются как сетевой диск. Т.е. при логине пользователя, если на файловом сервере отсутствует папка %username% то она создаётся, если она есть то подключается как сетевой диск. Получается что папка подключается только после второго логина на компьютере с виндой.

В «cldc-18», введённом в домен, при использовании «sys-auth/pam_mount» возникает интересная особенность: если пользователь авторизуется на компьютере первый раз (отсутствует его профиль на компьютере и отсутствует сетевая папка на сервере) в процессе создания профиля возникает ошибка подключения сетевой папки и профиль создаётся не полностью, ломается настройки оформления (чёрный экран вместо заставки на рабочем столе, сломанная нижняя панель и др.). При этом если профиль уже создан (перед логином отключён pam_mount, а после включён обратно), то в логах пишется об ошибке подключения сетевой папки, но пользователь ничего не замечает и у него все работает.

Так вот вопрос, как бы так сделать, чтобы pam_mount не нарушал процесс создания профиля даже если возникли ошибки при подключении.

Лог авторизации
May 27 14:09:04 hostname lightdm[13750]: pam_winbind(lightdm:auth): user 'test123' granted access
May 27 14:09:04 hostname lightdm[13750]: pam_winbind(lightdm:account): user 'test123' granted access
May 27 14:09:04 hostname lightdm[13713]: pam_unix(lightdm-greeter:session): session closed for user root
May 27 14:09:06 hostname su[13889]: pam_winbind(su:account): user 'test123' granted access
May 27 14:09:06 hostname su[13889]: Successful su for test123 by root
May 27 14:09:06 hostname su[13889]: + ??? root:test123
May 27 14:09:06 hostname su[13889]: pam_unix(su:session): session opened for user test123 by (uid=0)
May 27 14:09:06 hostname kernel: elogind-daemon[4866]: New session 13 of user test123.
May 27 14:09:11 hostname su[13889]: (mount.c:68): Messages from underlying mount program:
May 27 14:09:11 hostname su[13889]: (mount.c:72): mount error(13): Permission denied
May 27 14:09:11 hostname su[13889]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
May 27 14:09:11 hostname kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
May 27 14:09:11 hostname su[13889]: (pam_mount.c:522): mount of users/test123 failed
May 27 14:09:11 hostname kernel: traps: ck-remove-direc[13902] trap int3 ip:7fa66b425875 sp:7ffd53d939c0 error:0 in libglib-2.0.so.0.5800.3[7fa66b3ed000+7e000]
May 27 14:09:11 hostname su[13889]: pam_unix(su:session): session closed for user test123
May 27 14:09:11 hostname su[13889]: (mount.c:68): umount messages:
May 27 14:09:11 hostname su[13889]: (mount.c:72): umount: /media/test123/MyDisk: no mount point specified.
May 27 14:09:11 hostname su[13889]: (mount.c:888): unmount of users/test123 failed
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Removed session 13.
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Failed to remove runtime directory /run/user/50192 (after unmounting): Device or resource busy
May 27 14:09:11 hostname su[13919]: pam_winbind(su:account): user 'test123' granted access
May 27 14:09:11 hostname su[13919]: Successful su for test123 by root
May 27 14:09:11 hostname su[13919]: + ??? root:test123
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: New session 14 of user test123.
May 27 14:09:11 hostname su[13919]: pam_unix(su:session): session opened for user test123 by (uid=0)
May 27 14:09:11 hostname su[13919]: (mount.c:68): Messages from underlying mount program:
May 27 14:09:11 hostname su[13919]: (mount.c:72): mount error(13): Permission denied
May 27 14:09:11 hostname su[13919]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
May 27 14:09:11 hostname su[13919]: (pam_mount.c:522): mount of users/test123 failed
May 27 14:09:11 hostname kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
May 27 14:09:11 hostname kernel: traps: ck-remove-direc[13930] trap int3 ip:7fb4ef8e7875 sp:7fffcc144c80 error:0 in libglib-2.0.so.0.5800.3[7fb4ef8af000+7e000]
May 27 14:09:11 hostname su[13919]: pam_unix(su:session): session closed for user test123
May 27 14:09:11 hostname su[13919]: (mount.c:68): umount messages:
May 27 14:09:11 hostname su[13919]: (mount.c:72): umount: /media/test123/MyDisk: no mount point specified.
May 27 14:09:11 hostname su[13919]: (mount.c:888): unmount of users/test123 failed
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Removed session 14.
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Failed to remove runtime directory /run/user/50192 (after unmounting): Device or resource busy
May 27 14:09:11 hostname su[13950]: pam_winbind(su:account): user 'test123' granted access
May 27 14:09:11 hostname su[13950]: Successful su for test123 by root
May 27 14:09:11 hostname su[13950]: + ??? root:test123
May 27 14:09:11 hostname su[13950]: pam_unix(su:session): session opened for user test123 by (uid=0)
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: New session 15 of user test123.
May 27 14:09:11 hostname su[13950]: (mount.c:68): Messages from underlying mount program:
May 27 14:09:11 hostname su[13950]: (mount.c:72): mount error(13): Permission denied
May 27 14:09:11 hostname su[13950]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
May 27 14:09:11 hostname kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
May 27 14:09:11 hostname su[13950]: (pam_mount.c:522): mount of users/test123 failed
May 27 14:09:11 hostname kernel: traps: ck-remove-direc[13959] trap int3 ip:7f79c10ab875 sp:7fff42425e60 error:0 in libglib-2.0.so.0.5800.3[7f79c1073000+7e000]
May 27 14:09:11 hostname su[13950]: pam_unix(su:session): session closed for user test123
May 27 14:09:11 hostname su[13950]: (mount.c:68): umount messages:
May 27 14:09:11 hostname su[13950]: (mount.c:72): umount: /media/test123/MyDisk: no mount point specified.
May 27 14:09:11 hostname su[13950]: (mount.c:888): unmount of users/test123 failed
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Removed session 15.
May 27 14:09:11 hostname su[13985]: pam_winbind(su:account): user 'test123' granted access
May 27 14:09:11 hostname su[13985]: Successful su for test123 by root
May 27 14:09:11 hostname su[13985]: + ??? root:test123
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: New session 16 of user test123.
May 27 14:09:11 hostname su[13985]: pam_unix(su:session): session opened for user test123 by (uid=0)
May 27 14:09:11 hostname su[13985]: (mount.c:68): Messages from underlying mount program:
May 27 14:09:11 hostname su[13985]: (mount.c:72): mount error(13): Permission denied
May 27 14:09:11 hostname su[13985]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
May 27 14:09:11 hostname su[13985]: (pam_mount.c:522): mount of users/test123 failed
May 27 14:09:11 hostname kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
May 27 14:09:11 hostname kernel: traps: ck-remove-direc[13994] trap int3 ip:7f60e6a1d875 sp:7ffda7ec94e0 error:0 in libglib-2.0.so.0.5800.3[7f60e69e5000+7e000]
May 27 14:09:11 hostname su[13985]: pam_unix(su:session): session closed for user test123
May 27 14:09:11 hostname su[13985]: (mount.c:68): umount messages:
May 27 14:09:11 hostname su[13985]: (mount.c:72): umount: /media/test123/MyDisk: no mount point specified.
May 27 14:09:11 hostname su[13985]: (mount.c:888): unmount of users/test123 failed
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Removed session 16.
May 27 14:09:11 hostname kernel: elogind-daemon[4866]: Failed to remove runtime directory /run/user/50192 (after unmounting): Device or resource busy
May 27 14:09:11 hostname su[14017]: pam_winbind(su:account): user 'test123' granted access
May 27 14:09:11 hostname su[14017]: Successful su for test123 by root
May 27 14:09:11 hostname su[14017]: + ??? root:test123
May 27 14:09:11 hostname su[14017]: pam_unix(su:session): session opened for user test123 by (uid=0)
May 27 14:09:11 hostname su[14017]: (mount.c:68): Messages from underlying mount program:
May 27 14:09:11 hostname su[14017]: (mount.c:72): mount error(13): Permission denied
May 27 14:09:11 hostname su[14017]: (mount.c:72): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
May 27 14:09:11 hostname su[14017]: (pam_mount.c:522): mount of users/test123 failed
May 27 14:09:11 hostname kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
May 27 14:09:11 hostname kernel: traps: ck-remove-direc[14025] trap int3 ip:7fabb8139875 sp:7ffe53a83a10 error:0 in libglib-2.0.so.0.5800.3[7fabb8101000+7e000]
May 27 14:09:11 hostname su[14017]: pam_unix(su:session): session closed for user test123
May 27 14:09:11 hostname su[14017]: (mount.c:68): umount messages:
May 27 14:09:11 hostname su[14017]: (mount.c:72): umount: /media/test123/MyDisk: no mount point specified.
May 27 14:09:11 hostname su[14017]: (mount.c:888): unmount of users/test123 failed

#################################################
# Вот в этот момент возникает диалоговое окно об ошибке
################################################

May 27 14:09:54 hostname kernel: elogind-daemon[4866]: New session 18 of user test123.
May 27 14:09:54 hostname lightdm[13750]: pam_unix(lightdm:session): session opened for user test123 by (uid=0)
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gtk.vfs.Daemon' requested by ':1.0' (uid=50192 pid=14127 comm="cinnamon-session --session cinnamon ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gtk.vfs.Daemon'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='ca.desrt.dconf' requested by ':1.19' (uid=50192 pid=14192 comm="/usr/libexec/csd-a11y-settings ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'ca.desrt.dconf'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gtk.vfs.UDisks2VolumeMonitor' requested by ':1.17' (uid=50192 pid=14196 comm="/usr/libexec/csd-automount ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gtk.vfs.UDisks2VolumeMonitor'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gtk.vfs.AfcVolumeMonitor' requested by ':1.17' (uid=50192 pid=14196 comm="/usr/libexec/csd-automount ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gtk.vfs.AfcVolumeMonitor'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gtk.vfs.MTPVolumeMonitor' requested by ':1.17' (uid=50192 pid=14196 comm="/usr/libexec/csd-automount ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gtk.vfs.MTPVolumeMonitor'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gtk.vfs.GPhoto2VolumeMonitor' requested by ':1.17' (uid=50192 pid=14196 comm="/usr/libexec/csd-automount ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gtk.vfs.GPhoto2VolumeMonitor'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.freedesktop.Tracker1' requested by ':1.32' (uid=50192 pid=14292 comm="gdbus call -e -d org.freedesktop.DBus -o /org/free")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.freedesktop.Tracker1'
May 27 14:09:55 hostname polkitd[4643]: Registered Authentication Agent for unix-session:18 (system bus name :1.218 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale ru_RU.utf8)
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gnome.evolution.dataserver.Sources5' requested by ':1.42' (uid=50192 pid=14346 comm="/usr/libexec/evolution-data-server/evolution-alarm")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gnome.OnlineAccounts' requested by ':1.43' (uid=50192 pid=14368 comm="/usr/libexec/evolution-source-registry ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gnome.evolution.dataserver.Sources5'
May 27 14:09:55 hostname /cinnamon-killer-daemon[14339]: Bound Cinnamon restart to <Control><Alt>Escape.
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gnome.OnlineAccounts'
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gtk.vfs.Metadata' requested by ':1.39' (uid=50192 pid=14323 comm="nemo-desktop ")
May 27 14:09:55 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gtk.vfs.Metadata'
May 27 14:09:55 hostname dbus-daemon[4496]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.221" (uid=50192 pid=14353 comm="python3.6 /usr/bin/blueman-applet ") interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error name="(unset)" requested_reply="0" destination=":1.8" (uid=0 pid=5239 comm="/usr/libexec/bluetooth/bluetoothd ")
May 27 14:09:56 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gnome.evolution.dataserver.Calendar7' requested by ':1.42' (uid=50192 pid=14346 comm="/usr/libexec/evolution-data-server/evolution-alarm")
May 27 14:09:56 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gnome.evolution.dataserver.Calendar7'
May 27 14:09:56 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Activating service name='org.gnome.evolution.dataserver.AddressBook9' requested by ':1.48' (uid=50192 pid=14398 comm="/usr/libexec/evolution-calendar-factory ")
May 27 14:09:56 hostname dbus-daemon[14136]: [session uid=50192 pid=14134] Successfully activated service 'org.gnome.evolution.dataserver.AddressBook9'
May 27 14:09:57 hostname NetworkManager[5302]: <info>  [1558940997.7277] agent-manager: req[0x563fd3cb4630, :1.227/org.freedesktop.nm-applet/50192]: agent registered
May 27 14:10:00 hostname dbus-daemon[4496]: [system] Activating service name='org.freedesktop.Accounts' requested by ':1.228' (uid=50192 pid=14481 comm="cinnamon-screensaver                              ") (using servicehelper)
May 27 14:10:00 hostname accounts-daemon[14488]: started daemon version 0.6.50
May 27 14:10:00 hostname dbus-daemon[4496]: [system] Successfully activated service 'org.freedesktop.Accounts'
May 27 14:10:01 hostname cron[14494]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
May 27 14:10:46 hostname lightdm[13750]: pam_unix(lightdm:session): session closed for user test123
May 27 14:10:46 hostname kernel: elogind-daemon[4866]: Removed session 18.
May 27 14:10:46 hostname polkitd[4643]: Unregistered Authentication Agent for unix-session:18 (system bus name :1.218, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale ru_RU.utf8) (disconnected from bus)
May 27 14:10:46 hostname lightdm[14617]: pam_unix(lightdm-greeter:session): session opened for user root by (uid=0)
May 27 14:10:46 hostname dbus-daemon[14634]: [session uid=0 pid=14632] Activating service name='org.a11y.Bus' requested by ':1.0' (uid=0 pid=14627 comm="/usr/sbin/lightdm-gtk-greeter ")
May 27 14:10:46 hostname dbus-daemon[14634]: [session uid=0 pid=14632] Successfully activated service 'org.a11y.Bus'
#2

CLDC у Вас введён в CDS или Windows Server-2012 ?

#3

CLDC введен в Windows Server-2012.

#4

Для того, чтобы Calculate Linux Desktop корректно работал в домене, на CDS при подключении ресурсов выполняются дополнительные скрипты.

[unix]
        
        root preexec = /usr/lib/calculate/calculate-server/bin/execserv -s --login %U
        root postexec = /usr/lib/calculate/calculate-server/bin/execserv -s --logout %U

На WS2012 этого не происходит, поэтому вам придётся вручную создать ресурсы unix, homes, share для пользователя.

Mastodon Mastodon