Pam_cifscreds module failing with "Cannot find command to construct key"

Hello guys,

OS is Rocky Linux release 8.6 (Green Obsidian) :rocket:

I’ve setup multi-user CIFS mounts. Here below is what fstab entries looks like:

//<FQDN>/<share-name> /mnt/<share-name>  cifs    auto,_netdev,rw,noexec,nodev,nosuid,noperm,cache=strict,hard,vers=3.1.1,multiuser,sec=ntlmsspi,credentials=/root/<credentials-file>        0 0

This works great :ok_hand:

The user account whom credentials are specified in the <credentials-file> only have permissions to traverse top level folder. Security first!

To read/write content on the CIFS share, I run the following command to add NTLM credentials in kernel keyring:

$ cifscreds add --username <user-with-read/write-permissions> --domain <domain>

This works great :ok_hand:

I wanted to automate the last step thanks to PAM. I’ve installed the pam_cifscreds package and I’ve edited the /etc/pam.d/login file according to the documentation:

#%PAM-1.0
auth       substack     system-auth
auth       optional     pam_cifscreds.so
[...]
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    optional     pam_cifscreds.so domain=<domain>
session    include      postlogin
-session   optional     pam_ck_connector.so

But this fails :cry: The logs read stuff like:

request-key[2613]: Cannot find command to construct key 399466615
request-key[2614]: Cannot find command to construct key 608471545

Can you please help me fix this issue? My understanding is that PAM doesn’t find the pam_cifscreds module, but I may very well be wrong.

Note that the user, the Rocky Linux client and the CIFS server all are member of the same Active Directory instance. Again, no issue when using the cifscreds command instead of PAM.

Best regards,
MauvaisJoueur