[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Home directory does not automount when remotely logging in via ssh



I have run into the following when attempting to ssh to an AIX 6.1
system running OpenSSH 5.5p1/Openssl 1.0.0a (with PAM support enabled)
and Quest Authentication Services (QAS) 3.5.2.18:

----------------------------------------------------------------------------------------------------------------------

Could not chdir to home directory /export/home/user: The file access
permissions do not allow the specified action.

----------------------------------------------------------------------------------------------------------------------

The home directory is on a Solaris (10) NFS3 share. The same user is
able to login and obtain their home directory from both Solaris and
Linux clients without any issues. The permissions on the home
directory are 755.

The error does _not_ occur when logging in from the AIX console.

In either case, “id user” produces the correct results for UID and GID.

/usr/local/etc/sshd_config has been configured with “UsePAM yes”

/etc/pam.conf has been updated to support the QAS PAM module:

<snip>
sshd auth   sufficient  pam_vas3.so get_nonvas_pass store_creds debug trace
sshd auth   requisite   pam_vas3.so echo_return debug trace
sshd auth   required    /usr/lib/security/pam_aix use_new_state use_first_pass

sshd account      sufficient  pam_vas3.so
sshd account      requisite   pam_vas3.so echo_return
sshd account      required    /usr/lib/security/pam_aix

sshd password     sufficient  pam_vas3.so
sshd password     requisite   pam_vas3.so echo_return
sshd password     required    /usr/lib/security/pam_aix

sshd session      required    pam_vas3.so
sshd session      requisite   pam_vas3.so echo_return
sshd session      required    /usr/lib/security/pam_aix
</snip>

On the AIX client auto_master & auto_home are like this:

# Master map for automounter
#
+auto_master
/export/home            auto_home   -nobrowse


# Home directory map for automounter
#
+auto_home
*     -rw          1.1.1.1:/export/home/&


The following is an edited portion of the output from a debug (-ddd)
server session, prior to the client logging out:

<snip>
Accepted keyboard-interactive/pam for <user> from 1.1.1.1 port 39042 ssh2
debug3: mm_do_pam_account returning 1
debug3: mm_send_keystate: Sending new keys: 2002e138 2002df78
debug3: mm_newkeys_to_blob: converting 2002e138
debug3: mm_newkeys_to_blob: converting 2002df78
debug3: mm_send_keystate: New keys have been sent
debug3: mm_send_keystate: Sending compression state
debug3: mm_request_send entering: type 24
debug3: mm_send_keystate: Finished sending state
debug3: AIX/setauthdb set registry 'VAS'
debug3: aix_restoreauthdb: restoring old registry ''
debug1: monitor_child_preauth: <user> has been authenticated by
privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 24
debug3: mm_request_receive entering
debug3: mm_newkeys_from_blob: 200655e8(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 200655e8(118)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: PAM: establishing credentials
debug3: PAM: opening session
User child is on pid 278536
debug3: mm_request_receive entering
debug1: PAM: establishing credentials
debug3: AIX/UsrInfo: set len 29
debug1: permanently_set_uid: 2000/2000
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 9 setting O_NONBLOCK
debug2: fd 10 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_global_request: rtype
no-more-sessions@xxxxxxxxxxx want_reply 0
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug3: mm_request_send entering: type 25
debug3: monitor_read: checking request 25
debug3: mm_answer_pty entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect entering: type 26
debug3: mm_request_receive entering
debug3: AIX/setauthdb set registry 'VAS'
debug3: aix_restoreauthdb: restoring old registry ''
Writing login record failed for <user>
debug3: mm_request_send entering: type 26
debug1: session_pty_req: session 0 alloc /dev/pts/0
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
setsid: Operation not permitted.
debug2: fd 3 setting TCP_NODELAY
debug2: channel 0: rfd 13 isatty
debug2: fd 13 setting O_NONBLOCK
debug3: fd 11 is O_NONBLOCK
debug3: mm_answer_pty: tty /dev/pts/0 ptyfd 5
debug3: mm_request_receive entering
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 339980
debug1: session_exit_message: session 0 channel 0 pid 339980
debug2: channel 0: request exit-status confirm 0
debug1: session_exit_message: release channel 0
debug2: channel 0: write failed
debug2: channel 0: close_write
debug2: channel 0: send eow
debug2: channel 0: output open -> closed
debug3: mm_request_send entering: type 27
debug2: channel 0: read<=0 rfd 13 len -1
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: channel 0: send close
debug2: notify_done: reading
debug3: channel 0: will not send data after close
debug2: channel 0: rcvd close
Received disconnect from 1.1.1.1: 11: disconnected by user
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug3: monitor_read: checking request 27
debug3: mm_answer_pty_cleanup entering
debug1: session_by_tty: session 0 tty /dev/pts/0
debug3: mm_session_close: session 0 pid 278536
debug3: mm_session_close: tty /dev/pts/0 ptyfd 5
debug1: session_pty_cleanup: session 0 release /dev/pts/0
debug3: session_unused: session id 0 unused
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials
debug3: PAM: sshpam_thread_cleanup entering
</snip>


I would appreciate any assistance.

Regards,

John



[Home]     [Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Add to Google Powered by Linux