Mount CIFS — permission denied
I try to mount a folder shared by Windows 10. The Win10 client is part of a corporate domain. The user login is also part of the domain (local users are forbidden by domain policy). Using smbclient , the folder can be accessed without problem:
user@NAS:~$ smbclient //server/folder -A /logincred Domain=[DOMAIN] OS=[] Server=[] smb: \> username=USER password=******** domain=DOMAIN fd_admin@FDNAS:~$sudo mount -t cifs //server/folder /mnt/smbshare -o vers=3.0,credentials=/.logincred --verbose Password: domain=DOMAIN mount.cifs kernel mount options: ip=[IP],unc=\\server\folder,vers=3.0,user=USER,,domain=DOMAIN,pass=******** mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) NAS kernel: [2513666.498825] CIFS VFS: Send error in SessSetup = -13 NAS kernel: [2513666.504632] CIFS VFS: cifs_mount failed w/return code = -13 Any ideas why smbclient works but mounting fails?
I don’t know if the server requires SMB encrytion. How can I find out if it does?
Here is the requested verbose printout. -d auth:7 does not work for me so I did the -d 7 as below:
admin@NAS:~$ smbclient //server/folder -d 7 -A /logincred lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Cannot opendir for custom conf Processing section "[global]" Can't find include file /var/tmp/nginx/smb.netbios.aliases.conf /etc/samba/smb.reserved.conf not found Cannot opendir for custom conf find syno address: [0]: XXX.YYY.196.21 [1]: VVV.ZZZ.126.36 [2]: VVV.ZZZ.3.29 [3]: VVV.ZZZ.19.246 added interface ovs_eth0 ip=XXX.YYY.196.21 bcast=XXX.YYY.199.255 netmask=255.255.252.0 added interface ovs_eth2 ip=VVV.ZZZ.3.29 bcast=VVV.ZZZ.255.255 netmask=255.255.0.0 added interface ovs_eth3 ip=VVV.ZZZ.19.246 bcast=VVV.ZZZ.255.255 netmask=255.255.0.0 added interface ovs_eth1 ip=VVV.ZZZ.126.36 bcast=VVV.ZZZ.255.255 netmask=255.255.0.0 Client started (version 4.4.16). tdb(/run/samba/gencache.tdb): tdb_open_ex: could not open file /run/samba/gencache.tdb: Permission denied resolve_hosts: Attempting host lookup for name SERVER Connecting to XXX.YYY.200.189 at port 445 Doing spnego session setup (blob length=120) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered gensec_update [NT_STATUS_MORE_PROCESSING_REQUIRED] Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 gensec_update [NT_STATUS_MORE_PROCESSING_REQUIRED] NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 gensec_update [NT_STATUS_OK] Domain=[DOMAIN] OS=[] Server=[] smb: \> Unable to mount CIFS share on Linux: mount error(13): Permission denied (cifs_mount failed w/return code = -13)
There are a couple of ways how to mount a CIFS/Samba share on a Linux client. However some tutorials are outdated and meanwhile completely wrong. I just ran into a (stupid) case of a wrong mount.cifs syntax:
root@focal:~# mount -t cifs //server/Share /mnt -o rw,user=domain\myuser,password=secret
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
Unfortunately, the additional output in dmesg is not helpful to figure out the problem:
root@focal:~# dmesg
[. ]
[16444886.307684] CIFS: Attempting to mount //server/Share
[16444886.307717] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[16444886.539770] Status code returned 0xc000006d STATUS_LOGON_FAILURE
[16444886.539795] CIFS VFS: \\server Send error in SessSetup = -13
[16444886.539901] CIFS VFS: cifs_mount failed w/return code = -13
After additional try and errors (and looking up a recent share mount from the history), the problem turned out to be the user=domain\myuser syntax. This way of combining the domain/workgroup and the username is not working (anymore).
Note: Both user= and username= are accepted in the options.
root@focal:~# mount -t cifs «//server/Share» /mnt -o «user=myuser,password=secret,workgroup=DOMAIN»
root@focal:~# ll /mnt/
total 0
drwxr-xr-x 2 root root 0 Sep 1 2020 _Archiv
drwxr-xr-x 2 root root 0 Aug 9 12:10 Client
[..]
Of course the password should not be used on the command line, so for the final (and automatic) mount of the share use the following entry in /etc/fstab:
root@focal:~# cat /etc/fstab
[. ]
# Mount CIFS share from server
//server/Share /mnt cifs rw,relatime,vers=3.1.1,credentials=/etc/samba/servershare.conf,uid=0 0 0
Where /etc/samba/servershare.conf contains the credentials:
root@focal:~# cat /etc/samba/servershare.conf
user=myuser
password=secret
domain=DOMAIN
Add a comment
Comments (newest first)
Edgardo Pannunzio (KERNEL Consultores) from Uruguay wrote on Feb 9th, 2023:
Thanks very much !!
Your post was really helpful.
Ed from wrote on Jan 27th, 2023:
In my case (mounting win 2019 share in RHEL9) when using double apostrophe: «user=myuser. » was outputing:
«bash: !,workgroup=$MY_DOMAIN: event not found»
Switching to single apostrophe ‘user=mysers. ‘ did the trick
ck from Switzerland wrote on Nov 29th, 2022:
Keith, make sure you have the cifs-utils and smbclient packages installed on your Ubuntu. Still an error? Try to connect to the share using the smbclient command. It could also be a SMB protocol mismatch. Check out this article, describing Samba protocol configuration on the client.
Keith from United States wrote on Nov 29th, 2022:
I’ve tried for the past 3 hours, 5AM in the morning now, and I’ve tried everything from every other website and this one and still get the exact same errors. Tried it with just sudo, then root. Same thing. Host OS is ubuntu server trying to mount a network share from my Synology NAS.
AJav from wrote on Sep 19th, 2022:
simonpunk2016 from wrote on Aug 1st, 2022:
Thank you sir, never know the mount option has changed, because I just successfully mounted the cifs last month, thought my Manjaro has come to an end.
simonpunk2016 from wrote on Jul 29th, 2022:
Thank you sir, never know the mount option has changed, because I just successfully mounted the cifs last month, thought my Manjaro has come to an end.
Jesko from wrote on Feb 10th, 2022:
I had exact the same error, but different reason. On a freshly installed (old) Ubuntu 16.04 LTS (last 32Bit version). My reason was: There was no cifs-utils installed! so «sudo apt install cifs-utils» was the solution. I just write here because I crawled through hundreds of comments.
Blog Tags:
© 2008 — 2023 by Claudio Kuenzler. Powered by .
This website uses own and third-party 🍪 cookies to improve your browsing experience. By continuing using our website you agree to the Cookie and Privacy Policy. I agree
Монтирование сетевой папки, настройка прав
В локальной сети есть два сентоса 7. На обоих настроена samba.
Первый используется как файловый сервер с распределенным доступом. Настроено несколько папок, разные группы подключаются, в основном с виндовских машин по паролям, проблем не было.
Сейчас с другого сентоса 7 примонтировать сетевую папку с файлового сервера как обычную, родную папку. Доступы по паролям.
[global] workgroup = WORKGROUP security = user map to guest = bad password netbios name = FileServer server string = FileServer [pm] path = /mnt/pm browseable = no writable = yes read only = no guest ok = no valid users = @pm create mask = 0777 directory mask = 0777 2. Создана папка /mnt/pm с правами 777
3. Создан пользователь pm c паролем 111111, сделала его владельцем папки папка /mnt/pm, как пользователя самбы его тоже завела.
1. Создан пользователь pm c паролем 111111
2. pm — владелец папки files, в которую монтирую сетевую папку
drwxrwxr-x 3 pm pm 33 ноя 24 17:50 files Подключаюсь с клиента к файловому серверу:
smbclient //192.168.1.101/pm -U pm Enter pm's password: Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10] smb: \>mount.cifs //192.168.1.101/pm/ /opt/files -o user=pm -o password=111111 mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) 1. Каких прав кому не хватает?
2. Как разрешить подключение только этой группе (pm)?
Нужно найти владельца твоей мамки, вендузятник
Скорее всего, оно ругается на множественные опции, перечисляйте их через запятую.
Сам-то давно с окошек слез, петушок?
Версия cifs-utils
yum info cifs-utils Загружены модули: fastestmirror Determining fastest mirrors * base: mirror.corbina.net * epel: mirror.yandex.ru * extras: mirror.corbina.net * updates: mirror.corbina.net Установленные пакеты Название: cifs-utils Архитектура: x86_64 Версия: 6.2 Выпуск: 7.el7 Объем: 174 k Источник: installed Из источника: base Аннотация: Utilities for mounting and managing CIFS mounts Ссылка: http://linux-cifs.samba.org/cifs-utils/ Лицензия: GPLv3А на что влияет версия? Ставила из yum.
Попробуйте добавить параметр sec=ntlm
Команда в итоге должна выглядеть так:
mount -t cifs //192.168.1.101/pm/ /opt/files -o sec=ntlm,username=pm,password=111111
Спасибо Вам, большое.
Действительно, синтаксис не тот. Примонтировалось на ура! И в автозагрузку добавила с этим же параметром sec=ntlm.
Реанимирую тему
Решение работает, директория монтируется под рутом, тему отложила.
Теперь обнаружила, что не смотря на монтирование пользователем pm, залогинившись пользователем pm я не могу зайти в примонтированную директорию. Всё тот же permission deny.
Примонтировать сетевую директорию в /opt/files — монтирую командой
mount -t cifs //192.168.1.101/pm/ /opt/files -o sec=ntlm,username=pm,password=111111. Директория монтируется без ошибок. На файловом сервере есть пользователь pm с паролем 111111, и с паролем от самбы, также 111111, он владелец директории /mnt/pm. В самбе прописаны valid users = @pm на /mnt/pm.
Смотрю на директорию files командой
ls -la /opt/ - drwxrwx---+ 4 1019 1023 0 ноя 25 11:47 filesт.е. владельцем директории система видит не пользователя pm, а uid пользователя pm на файловом сервере. Поменять владельца files — отказано в доступе даже для root. Залогинилась пользователем pm — не могу войти в директорию files, когда в нее примонтирована сетевая директория.
У локального и удалённого юзера идентификаторы могут отличаться.
Также надо учитывать, что у вас монтирование реализовано не юзером, а рутом.
Один из способов решения:
man mount.cifs | grep -A2 '^ *[ug]id='