[Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)

Günter Kukkukk linux at kukkukk.com
Wed May 16 23:13:00 MDT 2012 

Am Donnerstag, 17. Mai 2012, 05:19:09 schrieb Shirish Pargaonkar:
> On Wed, May 16, 2012 at 5:29 PM,  <Scott_Purcell at dell.com> wrote:
> > Steve said:
> >> Do you have the cifs-utils package installed?
> > 
> > cifs-utils is installed (2:5.1-1ubuntu1)
> > 
> > Shirish said:
> >> What is the Windows server?
> > 
> > I don't really have visibility into the specifics here -- it is a NAS
> > appliance of some kind managed by our IT and not under my control.
> > However, smbclient identifies it as: OS=[EMC-SNAS:T5.6.50.205]
> > Server=[NT1]
> > 
> >> Can you try a command like
> >>       mount -t cifs //servername/sharename <mount_point> -o
> >> sec=ntlmsspi, user=<username>,pass=<password>
> > 
> > ntlmsspi results in "operation not supported" but it doesn't seem to
> > object to either the default ntlm or ntlmv2 as specified below:
> > 
> > $ sudo mount -t cifs //pc************.com/D******NAS2 /mnt/temp --verbose
> > -o
> >  domain=a******as,user=scott_purcell,password='******!***',uid=scott,gid
> > =scott,rw,sec=ntlmv2
> > 
> > mount.cifs kernel mount options:
> > ip=10.30.25.221,unc=\\pc************.com/D******NAS2,sec=ntlmv2,uid=1000
> > ,gid=1000,ver=1,user=scott_purcell,domain=a******as,pass=******** mount
> > error(13): Permission denied
> > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> > 
> >> You can paste your smb.conf that smbclient uses as well.
> > 
> > With comments and blank lines stripped:
> > 
> > $ grep -v ^# /etc/samba/smb.conf |grep -v ^$ |grep -v ^\;
> > [global]
> >   workgroup = WORKGROUP
> >   server string = %h server (Samba, Ubuntu)
> >   dns proxy = no
> >   log file = /var/log/samba/log.%m
> >   max log size = 1000
> >   syslog = 0
> >   panic action = /usr/share/samba/panic-action %d
> >   encrypt passwords = true
> >   passdb backend = tdbsam
> >   obey pam restrictions = yes
> >   unix password sync = yes
> >   passwd program = /usr/bin/passwd %u
> >   passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam
> > password change = yes
> >   map to guest = bad user
> >   usershare allow guests = yes
> > [printers]
> >   comment = All Printers
> >   browseable = no
> >   path = /var/spool/samba
> >   printable = yes
> >   guest ok = no
> >   read only = yes
> >   create mask = 0700
> > [print$]
> >   comment = Printer Drivers
> >   path = /var/lib/samba/printers
> >   browseable = yes
> >   read only = yes
> >   guest ok = no
> > 
> > 
> > I can invoke smbclient successfully by either referring it to my
> > credentials file:
> > 
> > 
> > $ sudo smbclient  //pc************.com/D******NAS2 -A /etc/.smb_creds.txt
> > Domain=[A*****S] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1]
> > smb: \> ls training/
> > NT_STATUS_ACCESS_DENIED listing \training\
> > smb: \> cd training
> > smb: \training\> ls
> >  .                                  DA        0  Tue Jan 10 13:17:11 2012
> >  ..                                 DA        0  Thu Sep  1 11:54:48 2011
> >  Enterprise                         DA        0  Fri Oct 21 07:03:08 2011
> >  enterprise_services_offering       DA        0  Mon Jun 13 16:31:21 2011
> >  Flash_Beta                         DA        0  Wed Apr 14 13:46:40 2010
> >  Functions                          DA        0  Sat Feb 27 09:47:17 2010
> >  GCSS                               DA        0  Wed Apr 14 13:46:49 2010
> > 
> > 
> > Or by specifying my authentication at the command line:
> > 
> > $ sudo smbclient  //pc************.com/D******NAS2 --workgroup=a******as
> > --user=scott_purcell Enter scott_purcell's password:
> > Domain=[A******AS] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1]
> > smb: \> cd training
> > smb: \training\> ls
> >  .                                  DA        0  Tue Jan 10 13:17:11 2012
> >  ..                                 DA        0  Thu Sep  1 11:54:48 2011
> >  Enterprise                         DA        0  Fri Oct 21 07:03:08 2011
> >  enterprise_services_offering       DA        0  Mon Jun 13 16:31:21 2011
> >  Flash_Beta                         DA        0  Wed Apr 14 13:46:40 2010
> >  Functions                          DA        0  Sat Feb 27 09:47:17 2010
> >  GCSS                               DA        0  Wed Apr 14 13:46:49 2010
> > 
> > 
> > Hope that helps...
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> Scott, you can try sec=ntlmssp instead.
> Perhaps the NAS box does not support smb signing.
> 
> What would also help is either a wireshark trace or tcpdump output
> in both the cases, smbclient and cifs client.
> tcpdump -s 0 -w <filename.pcap> can be used to gather the data.
> 
> Regards,
> 
> Shirish

i also guess using "sec=ntlmssp" could solve the issue.

Using defaults - current cifs vfs does not offer the
"extended security negotiation" bit in flags2 during negprot...
So atm "sec=..." stuff is needed.

Cheers, Günter

More information about the samba mailing list