Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] mount.cifs ( 6.6 ) - error(13): Permission denied
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
log_null
n00b
n00b


Joined: 28 Nov 2011
Posts: 15

PostPosted: Mon Mar 27, 2017 7:36 pm    Post subject: [SOLVED] mount.cifs ( 6.6 ) - error(13): Permission denied Reply with quote

mount.cifs fails to access MS Windows share when smbclient goes on fine, using the same credentials ( with samba service running ). The credfile have the following structure :
Code:
username=administrator
password=mysecretpass
domain=mydomain


# mount.cifs -vvv -o credentials=/home/lognull/.credfile //remote.windows.box/c$ /mnt/windows/

Code:
mount.cifs kernel mount options: ip=192.168.1.183,unc=\\remote.windows.box\c$,user=administrator,,domain=mydomain,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The kernel debug says :
Code:
[  835.914446] CIFS VFS: mdfour: Crypto md4 allocation error -2
[  835.932724] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
[  835.932731] CIFS VFS: Send error in SessSetup = -13
[  835.932853] CIFS VFS: cifs_mount failed w/return code = -13

When tried with sec=ntlm :

# mount.cifs -vvv -o credentials=/home/lognull/.credfile,sec=ntlm //remote.windows.box/c$ /mnt/windows/

Code:
domain=ok
mount.cifs kernel mount options: ip=192.168.1.183,unc=\\remote.windows.box\c$,sec=ntlm,user=administrator,,domain=mydomain,pass=********
mount error(2): No such file or directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

And the following messages at dmesg :
Code:
[  976.940177] CIFS VFS: mdfour: Crypto md4 allocation error -2
[  976.940181] CIFS VFS: Error -2 during NTLM authentication
[  976.940183] CIFS VFS: Send error in SessSetup = -2
[  976.940238] CIFS VFS: cifs_mount failed w/return code = -2

When trying with smbclient :
# smbclient -A /home/lognull/.credfile -L //remote.windows.box
Code:
Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7600] Server=[Windows Server 2008 R2 Enterprise 6.1]

        Sharename       Type      Comment
        ---------       ----      -------
        ADMIN$          Disk      Remote Admin
        C$              Disk      Default share
        IPC$            IPC       Remote IPC
        Publish$        Disk     
Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7600] Server=[Windows Server 2008 R2 Enterprise 6.1]

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------


# smbclient -A /home/lognull/.credfile -L //remote.windows.box/c$ -c 'ls'
Code:
Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7600] Server=[Windows Server 2008 R2 Enterprise 6.1]
  $Recycle.Bin                      DHS        0  Wed Mar 22 13:49:22 2017
  Config.Msi                        DHS        0  Thu Jul 21 17:41:00 2016
  Documents and Settings            DHS        0  Tue Jul 14 02:06:44 2009
  inetpub                             D        0  Mon Jan 23 10:38:42 2017
  pagefile.sys                      AHS 4397260800  Fri Mar 24 00:08:24 2017
  PerfLogs                            D        0  Tue Jul 14 00:20:08 2009
  Program Files                      DR        0  Thu May  8 10:11:19 2014
  Program Files (x86)                DR        0  Tue Jan 24 15:40:48 2017
  ProgramData                        DH        0  Thu Nov 17 16:31:48 2016
  Recovery                          DHS        0  Thu Jun 20 00:12:16 2013
  System Volume Information         DHS        0  Thu Mar 16 00:44:52 2017
  temp                                D        0  Sat Mar 11 18:13:51 2017
  Users                              DR        0  Wed Mar 22 13:49:06 2017
  Windows                             D        0  Fri Aug  5 11:19:49 2016

                20945407 blocks of size 4096. 13978451 blocks available


Packages versions and USE :
Code:
 * Found these USE flags for net-fs/cifs-utils-6.6:
 U I
 + + acl     : Add support for Access Control Lists
 + + ads     : Enable Active Directory support and create cifs.idmap binary - idmap support
 + + caps    : libcap support
 + + caps-ng : libcap-ng support
 + + creds   : cifs credentials support

Code:
 * Found these USE flags for net-fs/samba-4.2.14:
 U I
 - - abi_x86_32               : 32-bit (x86) libraries
 - - acl                      : Add support for Access Control Lists
 - - addc                     : Enable Active Directory Domain Controller support
 - - addns                    : Enable AD DNS integration
 - - ads                      : Enable Active Directory support
 - - aio                      : Enable asynchronous IO support
 - - avahi                    : Add avahi/Zeroconf support
 + + client                   : Enables the client part
 - - cluster                  : Enable support for clustering
 - - cups                     : Add support for CUPS (Common Unix Printing System)
 - - dmapi                    : Enable support for DMAPI. This currently works only in combination with XFS.
 - - fam                      : Enable FAM (File Alteration Monitor) support
 + + gnutls                   : Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)
 - - iprint                   : Enabling iPrint technology by Novell
 - - ldap                     : Add LDAP support (Lightweight Directory Access Protocol)
 + + pam                      : Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip
 + + python_targets_python2_7 : Build with Python 2.7
 - - quota                    : Enables support for user quotas
 - - syslog                   : Enable support for syslog
 + + system-mitkrb5           : Use app-crypt/mit-krb5 instead of app-crypt/heimdal.
 - - systemd                  : Enable use of systemd-specific libraries and features like socket activation or session tracking
 - - test                     : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore
 + + winbind                  : Enables support for the winbind auth daemon

# egrep -i 'cifs|fuse' /boot/config-4.4.39-gentoo :
Code:
CONFIG_FUSE_FS=m
CONFIG_CIFS=m
CONFIG_CIFS_STATS=y
CONFIG_CIFS_STATS2=y
CONFIG_CIFS_WEAK_PW_HASH=y
CONFIG_CIFS_UPCALL=y
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
# CONFIG_CIFS_ACL is not set
CONFIG_CIFS_DEBUG=y
# CONFIG_CIFS_DEBUG2 is not set
CONFIG_CIFS_DFS_UPCALL=y
# CONFIG_CIFS_SMB2 is not set
# CONFIG_CIFS_FSCACHE is not set


lsmod:
Code:
Module                  Size  Used by
cifs                  238415  0
snd_usb_audio         132342  0
snd_usbmidi_lib        19323  1 snd_usb_audio
snd_rawmidi            17917  1 snd_usbmidi_lib

Full kernel config is here

Does anyone got the same behavior ? Thanks in advance.


Last edited by log_null on Fri Mar 31, 2017 2:51 pm; edited 1 time in total
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Tue Mar 28, 2017 3:14 pm    Post subject: Reply with quote

Quote:
mount error(2): No such file or directory


mount needs user root (or more like noobish phrased, daemon which gives root, allows it)

Sorry for my ignorance:

why not use fstab entry?

with users as option?

I do not use windows, but usually fstab with users should work (or the config file in question !)

--

Guys hate me to always refer to external guides anyway

https://wiki.gentoo.org/wiki/Samba

Quote:
CIFS share
Mount the shared content

Once the client is fully configured, the shares can soon be accessed.

Create the mount point:
root #mkdir -p /mnt/My-Disk/{Media,Shared}

Mount the exported folders:
root #mount.cifs //O2-Foobar/Media /mnt/My-Disk/Media -o guest
root #mount.cifs //O2-Foobar/Shared /mnt/My-Disk/Shared -o guest


Do you have this in your kernel?

Quote:
Symbol: CRYPTO_ECB [=y] │
│ Type : tristate │
│ Prompt: ECB support │
│ Location: │
│ (1) -> Cryptographic API (CRYPTO [=y]) │
│ Defined at crypto/Kconfig:329 │
│ Depends on: CRYPTO [=y] │
│ Selects: CRYPTO_BLKCIPHER [=y] && CRYPTO_MANAGER [=y] │
│ Selected by: BT [=y] && NET [=y] && !S390 && (RFKILL [=y] || !RFKILL [=y]) || PPP_MPPE [=n] && NETDEVICES [=y] && PPP [=n] || LIBIPW [=n] && NETDEVICES [=y] && W


https://www.centos.org/forums/viewtopic.php?t=58796
Quote:

It turned out in my case to be a Group policy which was set to Send NTLMv2 responses only. Refuse LM and NTLM. I changed this to Send LM & NTLM -use NTLMv2 session security if negotiated.

Located at: Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options. The policy is called: Network Security: Lan Manager authentication level.
Back to top
View user's profile Send private message
log_null
n00b
n00b


Joined: 28 Nov 2011
Posts: 15

PostPosted: Tue Mar 28, 2017 8:00 pm    Post subject: Reply with quote

Thanks for your help, Roman_Gruber :
1 - Yes, I'm doing as root ;
2 - mount.cifs must work before add to fstab ( since it extends from mount ). The users options makes no effect related to this issue.
3 - About samba guide : I'm doing the same syntax
4 - Yes, I have CRYPTO_ECB [=y] ( builtin ) This was a good advice. Thanks again!
5 - NTLMv2 is not possible for me since I can't change any configuration at Windows boxes.

NOTE : I used the same commands I mentioned before with a Slackware 14 box. It goes fine.

I'll compare both kernel configs and try to figure out what's happening here ... (sob)
Back to top
View user's profile Send private message
log_null
n00b
n00b


Joined: 28 Nov 2011
Posts: 15

PostPosted: Fri Mar 31, 2017 2:50 pm    Post subject: Reply with quote

Solved after system and kernel upgrade ( 4.4.39 to 4.9.16 ) ... =_=
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum