On May 28th, my pam_mount configuration was still mounting 6 shares from my Synology NAS. Since yesterday (May 29th), this no longer works. Since I haven't changed anything on my Ubuntu Studio 24.04 LT system other than installing updates and there haven't been any updates to the Synology NAS, I can only conclude that this must be due to the Ubuntu updates which took place in that interval. Here is an anonymized pam_mount line from my /etc/security/pam_mount.conf.xml:
<volume sgrp="domain users@mydomain" fstype="cifs" server="server.domain" path="public" mountpoint="/nas/public" options="sec=krb5,cruid=%(USERUID),noexec,rw,nofail" />
The relevant error (from /var/log/auth.log) appears to be:
mount error(126): Required key not available
Why should this be suddenly so? How can I get more detailed information for debugging purposes? Some sources recommend verifying the mount command interactively, but this doesn't work for me:
mount -t cifs //diskstation.<FQDN>/public /nas/public -o sec=krb5,cruid=<logged in domain user>
mount.cifs: permission denied: no match for /nas/public found in /etc/fstab
because I am only using fstab for physically connected disks.
Background information on my configuration can be found here:
How to pam_mount server shares?
P.S. I can reproduce the mount error(126) with the following interactive mount command:
sudo mount -t cifs -o user=$USER,domain=<mydomain>,sec=krb5 //diskstation.<FQDN>/public /nas/public
with and without cruid.
In Dolphin, I can access the shares for which the logged-in domain user is authorized via paths like:
smb://diskstation.local/<shared directory>/
without needing to authenticate, so Dolphin/smb is evidently still able to manage the authentication that mount.cifs no longer can.
