19

I've recently bumped into this problem. I usually navigate through a local network shared folder from a Linux machine via smb (i.e. from file manger using smb: ). Now whenever I try to access the shortcut or typing credential again I keep getting the dialog window asking for user, domain and password.

So I tried mounting the location manually using cisf-utils doing:

sudo mount -t cifs //fileshare1/docs1/user/My\ Documents/shared/Francesco/ /home/frank/used_shared/ -o username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000

I get mount error(13): Permission denied.

I'm definitely sure my user has permission on that folder cause I can access it from a windows machine.

Also if I try to mount my personal folder on that location through:

sudo mount -t cifs //fileshare1/docs5/francesco.azzarello/ /home/frank/mnt_folder -o username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000

I can access it with no problem.

For reference I'm using 4.2.0-36-generic kernel and my mount.cifs version is 6.4

Any idea on how to make one of both methods work?

Update Rgarding ponsfrilus answer

number 1: verbose option returns: 

_mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,uid=1000,gid=1000,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_

Number 2 is basically the same thing:

_ mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,iocharset=utf8,file_mode=0777,dir_mode=0777,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_

And nothing changed with vers=2.1: 

_mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,vers=2.1,iocharset=utf8,file_mode=0777,dir_mode=0777,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_

As for number 4 I can mount docs1 no problem but I can navigate tho get to the shared folder in user.

muru
  • 193,181
  • 53
  • 473
  • 722
Frankmtl
  • 401
  • 1
  • 3
  • 9
  • Try ponsfrilus' tip #3 with `vers=3.0`, maybe also `vers=2.0` or `vers=1.0`. If this doesn't work, maybe you can allow the server a broader range of smb versions to connect. I had this issue myself because smb3 was set on the server as required. I couldn't connect with linux until the server lowered the required samba version to 2. What OS does the server run? – emk2203 May 16 '16 at 08:19
  • 2
    I tried all of them. I still get "permission denied" with 3.0, 2.1 and 2.0. While I get "unknown error" with 1.0. I don't know how to check the windows server version as user since I don't have direct access to it. – Frankmtl May 16 '16 at 13:49
  • Can't help you on that, sorry. I had control over the server and my problem went away after relaxing the allowed SMB versions. You can connect to your own share - linux misconfiguration unlikely; you can connect via windows to share - server misconfiguration unlikely. This calls for a real samba guru. – emk2203 May 16 '16 at 13:53

5 Answers5

21

I'm pretty sure I ran into this exact same problem today on Ubuntu 16.10 I tried all the suggestions in this thread several times, I could mount the exact same share using Windows Server 2016 and I could browse it using smbclient (smbclient -U brainstrust //WINBOX01/shared). I even tried an external credentials file.

I ended up stumbling on a fix - although I'd created a local user for the share on the Windows box, it was also joined to a domain. Basically setting the domain to be the local machine -o domain=WINBOX01 fixed my problem instantly, so leaving a comment here in the hope that its useful to someone out there.

The complete minimal command I used was:

sudo mount.cifs -v //WINBOX01/shared /home/geoff/winbox01  --verbose -o user=brainstrust,password=topsecret,domain=WINBOX01
Geoff Williams
  • 341
  • 2
  • 4
  • Thanks for leaving this comment here, it helped me out. – dleerob Feb 07 '19 at 14:08
  • Helped me too. Appears that mount -t cifs suffers from the same problem – Terminality Mar 04 '19 at 11:29
  • This is what turned out to be my problem. I already had a `~/.smbcredentials` file. I'm horrified to find out my local NAS has let me mount the share with a bad password for a very long time. – Charlie Jul 30 '19 at 23:01
  • Oddly enough, we needed to specify the domain NetBIOS name, not the fileserver's hostname. Nevertheless, it does work now, thanks a lot. – bviktor Feb 14 '20 at 08:41
12

I think you have the wrong security type for the server , error 13 means the server isn't letting you in.

You will need to select the right security mode in your mount command add a sec option via -o as follows [reference]:

sec=
   Security mode. Allowed values are:
   ·   none - attempt to connection as a null user (no name)
   ·   krb5 - Use Kerberos version 5 authentication
   ·   krb5i - Use Kerberos authentication and forcibly enable packet 
       signing
   ·   ntlm - Use NTLM password hashing
   ·   ntlmi - Use NTLM password hashing and force packet signing
   ·   ntlmv2 - Use NTLMv2 password hashing
   ·   ntlmv2i - Use NTLMv2 password hashing and force packet signing
   ·   ntlmssp - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message
   ·   ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
caot
  • 103
  • 3
Amias
  • 5,207
  • 20
  • 33
  • 2
    I tried all of them and I receive "permission denied" or "unknown error" depending on the sec type – Frankmtl May 13 '16 at 16:38
  • given all the recent security issues with SMB I would advice only using it where a lot of additional security measures are in place , such as very up to date virus checking. – Amias Oct 31 '17 at 09:28
  • Try using sec=ntlmssp, and make sure your samba server config encrypts the password. – Humpity Jan 29 '20 at 18:55
  • Saved my day. Actually what I did was just remove the sec=ntlm and then it worked. – chuckedw Mar 16 '20 at 18:44
  • You really should move away from SMB these days, it's a near constant source of attacks and privelege escalation. – Amias Mar 18 '20 at 07:10
  • Note that exclusion of the `sec` parameter is not the same as some default `none` or `ntlm` value. – Elysiumplain Mar 14 '21 at 23:40
  • adding sec=ntlm was the final step to get a centos 7 linux box to connect to an old rohde and schwarz SMU200A generator stil running windows xp. Another centos 7 box did not need this flag. weird. – poleguy Apr 28 '22 at 18:16
9

  1. Try to add the "-v" option to get verbose output:

    sudo mount -v -t cifs //fileshare1/docs1/user/My\ 
   Documents/shared/Francesco/ /home/frank/mnt_folder -o \
   username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000

  2. Test with these options to the mount command

    iocharset=utf8,rw,file_mode=0777,dir_mode=0777:

    sudo mount -v -t cifs //fileshare1/docs1/user/My\ 
   Documents/shared/Francesco/ /home/frank/mnt_folder -o 
   username=my_user,password=my_pass,domain=my_domain,\
   iocharset=utf8,rw,file_mode=0777,dir_mode=0777

  3. Test specifying the SMB version option (vers=2.1), see the samba wiki. From the mount.cifs man page:

    vers=
    SMB protocol version. Allowed values are:

    • 1.0 - The classic CIFS/SMBv1 protocol. This is the default.

    • 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) that is not supported.

    • 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.

    • 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.

  4. Finally, try to mount only the first share :

    sudo mount -v -t cifs //fileshare1/docs1/ /home/frank/mnt_folder \
   -o username=my_user,password=my_pass,domain=my_domain,\
   iocharset=utf8,rw,file_mode=0777,dir_mode=0777

Any verbose output you can share might help.

abu_bua
  • 10,473
  • 10
  • 45
  • 62
ponsfrilus
  • 586
  • 1
  • 5
  • 15
  • Thank you for you answer. I Didn't find any better way to replay other than update the question. you can find the outputs of those commands in the update – Frankmtl May 12 '16 at 14:37
  • @Frankmtl can you compare the folders rights inside docs1 and docs5 fileshare1 ? – ponsfrilus May 13 '16 at 19:49
  • Sorry for the late reply. If you mean the folder permissions after i mount them, they both have drwxr-xr-x – Frankmtl May 16 '16 at 13:23
  • To access a Windows 2012 server share (smb2), you must add `,vers=2.1` after uid=1000 (aka end of line) . I installed also "cifs-utils" package. – laugeo Dec 07 '17 at 14:22
  • I'm still getting the permission denied error, even when settings the file_mode/dir_mode variables. Here's what my line looks like: ``` //192.168.50.230/entire-library /mnt/shares/nsfw cifs credentials=/home/raleigh/.smbcredentials,iocharset=utf8,rw,file_mode=0777,dir_mode=0777 ``` And if I run the mount command with the verbose flag, I get this: / : ignored /boot/efi : already mounted none : ignored mount.cifs: permission denied – Raleigh L. Aug 12 '22 at 04:22
3

For this problem when using cifs higher than 6.0: new version of cifs use the domain variable instead, so creadentials file look like: 

username=<your username>
password=<your password>
domain=<your domain>
Félicien
  • 1,163
  • 1
  • 10
  • 18
Do Manh Tien
  • 31
  • 1
3

Adding the option sec=ntlm to the mount command resolved my issue.

eg:

sudo mount -t cifs -o username=administrator,password=123456,sec=ntlm //ip/eeshare /mnt/eeshare/
fosslinux
  • 3,771
  • 4
  • 28
  • 46
brike
  • 131
  • 1