Hi, > You can enable debugging in /etc/security/pam_mount.conf.xml. Then the > commands being executed by pam_mount (and some more info) will be listed in > auth.log. Debug looks like that:
Jul 29 22:16:34 oimel login[3409]: pam_mount(pam_mount.c:306) saving authtok for session code (authtok=0x249bd40) Jul 29 22:16:34 oimel login[3409]: pam_env(login:session): Unable to open env file: /etc/environment: No such file or directory Jul 29 22:16:34 oimel login[3409]: pam_mount(pam_mount.c:458) Entered pam_mount session stage Jul 29 22:16:34 oimel login[3409]: pam_mount(pam_mount.c:479) back from global readconfig Jul 29 22:16:34 oimel login[3409]: pam_mount(pam_mount.c:481) per-user configurations not allowed by pam_mount.conf.xml Jul 29 22:16:34 oimel login[3409]: pam_mount(misc.c:43) Session open: (uid=0, euid=0, gid=1000, egid=1000) Jul 29 22:16:34 oimel login[3409]: pam_mount(rdconf2.c:181) checking sanity of volume record (/dev/sda5) Jul 29 22:16:34 oimel login[3409]: pam_mount(pam_mount.c:533) about to perform mount operations Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:366) information for mount: Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:367) ---------------------- Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:368) (defined by globalconf) Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:369) user: prisma Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:370) server: Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:371) volume: /dev/sda5 Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:372) mountpoint: /home/prisma Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:373) options: cipher=aes-lrw-benbi,fsck Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:374) fs_key_cipher: Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:375) fs_key_path: Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:376) use_fstab: 0 Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:377) ---------------------- Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:170) realpath of volume "/home/prisma" is "/home/prisma" Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:174) checking to see if /dev/mapper/_dev_sda5 is already mounted at /home/prisma Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:848) checking for encrypted filesystem key configuration Jul 29 22:16:34 oimel login[3409]: pam_mount(mount.c:874) about to start building mount command Jul 29 22:16:34 oimel login[3409]: pam_mount(misc.c:272) command: mount [-t] [crypt] [-o cipher=aes-lrw-benbi,fsck] [/dev/sda5] [/home/prisma] Jul 29 22:16:34 oimel login[17040]: pam_mount(misc.c:43) set_myuid<pre>: (uid=0, euid=0, gid=1000, egid=1000) Jul 29 22:16:34 oimel login[17040]: pam_mount(misc.c:43) set_myuid<post>: (uid=0, euid=0, gid=1000, egid=1000) > > > It seems that the > > mount processes are unable to finish. Executing by hand works perfectly > > (mount -t crypt -o cipher=lrw-aes-benbi,fsck /dev/sdx /home/x) > What login program are you using - gdm? Yes normally gdm, but the logs are exactly the same as above (with login) I have attached all requested files (no important information in them i guess) Thanks a lot...
pam_mount.conf.xml
Description: XML document
#%PAM-1.0 auth requisite pam_nologin.so auth required pam_env.so readenv=1 auth required pam_env.so readenv=1 envfile=/etc/default/locale @include common-auth @include common-pammount auth optional pam_gnome_keyring.so @include common-account session required pam_limits.so @include common-session session optional pam_gnome_keyring.so auto_start @include common-password
# # The PAM configuration file for the Shadow `login' service # # Outputs an issue file prior to each login prompt (Replaces the # ISSUE_FILE option from login.defs). Uncomment for use # auth required pam_issue.so issue=/etc/issue # Disallows root logins except on tty's listed in /etc/securetty # (Replaces the `CONSOLE' setting from login.defs) auth requisite pam_securetty.so # Disallows other than root logins when /etc/nologin exists # (Replaces the `NOLOGINS_FILE' option from login.defs) auth requisite pam_nologin.so # This module parses environment configuration file(s) # and also allows you to use an extended config # file /etc/security/pam_env.conf. # # parsing /etc/environment needs "readenv=1" session required pam_env.so readenv=1 # locale variables are also kept into /etc/default/locale in etch # reading this file *in addition to /etc/environment* does not hurt session required pam_env.so readenv=1 envfile=/etc/default/locale # Standard Un*x authentication. @include common-auth # PAMMOUNT @include common-pammount # This allows certain extra groups to be granted to a user # based on things like time of day, tty, service, and user. # Please edit /etc/security/group.conf to fit your needs # (Replaces the `CONSOLE_GROUPS' option in login.defs) auth optional pam_group.so # Uncomment and edit /etc/security/time.conf if you need to set # time restrainst on logins. # (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs # as well as /etc/porttime) # account requisite pam_time.so # Uncomment and edit /etc/security/access.conf if you need to # set access limits. # (Replaces /etc/login.access file) # account required pam_access.so # Sets up user limits according to /etc/security/limits.conf # (Replaces the use of /etc/limits in old login) session required pam_limits.so # Prints the last login info upon succesful login # (Replaces the `LASTLOG_ENAB' option from login.defs) session optional pam_lastlog.so # Prints the motd upon succesful login # (Replaces the `MOTD_FILE' option in login.defs) session optional pam_motd.so # Prints the status of the user's mailbox upon succesful login # (Replaces the `MAIL_CHECK_ENAB' option from login.defs). # # This also defines the MAIL environment variable # However, userdel also needs MAIL_DIR and MAIL_FILE variables # in /etc/login.defs to make sure that removing a user # also removes the user's mail spool file. # See comments in /etc/login.defs session optional pam_mail.so standard # SELinux needs to intervene at login time to ensure that the process # starts in the proper default security context. # Uncomment the following line to enable SELinux # session required pam_selinux.so multiple # Standard Un*x account and session @include common-account @include common-session @include common-password
# Include this file in every /etc/pam.d/SERVICE you use for login: # [...] # @include common-auth # @include common-session # [...] # # added for libpam-mount # @include common-pammount # # Make sure that the common-auth and common-session includes are # above the common-pammount include (just as in the example above). # replace "optional" with "required" if a user must mount the specified # volumes, for example the home directory # make sure that there is no PAM module loaded with a "sufficient" # priority before these entries, else the pam_mount module is not # executed # for configuration details about different login programs see # /usr/share/doc/libpam-mount/README.Debian.gz auth required pam_mount.so try_first_pass session required pam_mount.so try_first_pass
