[Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
Günter Kukkukk
linux at kukkukk.com
Wed May 16 23:13:00 MDT 2012
Am Donnerstag, 17. Mai 2012, 05:19:09 schrieb Shirish Pargaonkar:
> On Wed, May 16, 2012 at 5:29 PM, <Scott_Purcell at dell.com> wrote:
> > Steve said:
> >> Do you have the cifs-utils package installed?
> >
> > cifs-utils is installed (2:5.1-1ubuntu1)
> >
> > Shirish said:
> >> What is the Windows server?
> >
> > I don't really have visibility into the specifics here -- it is a NAS
> > appliance of some kind managed by our IT and not under my control.
> > However, smbclient identifies it as: OS=[EMC-SNAS:T5.6.50.205]
> > Server=[NT1]
> >
> >> Can you try a command like
> >> mount -t cifs //servername/sharename <mount_point> -o
> >> sec=ntlmsspi, user=<username>,pass=<password>
> >
> > ntlmsspi results in "operation not supported" but it doesn't seem to
> > object to either the default ntlm or ntlmv2 as specified below:
> >
> > $ sudo mount -t cifs //pc************.com/D******NAS2 /mnt/temp --verbose
> > -o
> > domain=a******as,user=scott_purcell,password='******!***',uid=scott,gid
> > =scott,rw,sec=ntlmv2
> >
> > mount.cifs kernel mount options:
> > ip=10.30.25.221,unc=\\pc************.com/D******NAS2,sec=ntlmv2,uid=1000
> > ,gid=1000,ver=1,user=scott_purcell,domain=a******as,pass=******** mount
> > error(13): Permission denied
> > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> >
> >> You can paste your smb.conf that smbclient uses as well.
> >
> > With comments and blank lines stripped:
> >
> > $ grep -v ^# /etc/samba/smb.conf |grep -v ^$ |grep -v ^\;
> > [global]
> > workgroup = WORKGROUP
> > server string = %h server (Samba, Ubuntu)
> > dns proxy = no
> > log file = /var/log/samba/log.%m
> > max log size = 1000
> > syslog = 0
> > panic action = /usr/share/samba/panic-action %d
> > encrypt passwords = true
> > passdb backend = tdbsam
> > obey pam restrictions = yes
> > unix password sync = yes
> > passwd program = /usr/bin/passwd %u
> > passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam
> > password change = yes
> > map to guest = bad user
> > usershare allow guests = yes
> > [printers]
> > comment = All Printers
> > browseable = no
> > path = /var/spool/samba
> > printable = yes
> > guest ok = no
> > read only = yes
> > create mask = 0700
> > [print$]
> > comment = Printer Drivers
> > path = /var/lib/samba/printers
> > browseable = yes
> > read only = yes
> > guest ok = no
> >
> >
> > I can invoke smbclient successfully by either referring it to my
> > credentials file:
> >
> >
> > $ sudo smbclient //pc************.com/D******NAS2 -A /etc/.smb_creds.txt
> > Domain=[A*****S] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1]
> > smb: \> ls training/
> > NT_STATUS_ACCESS_DENIED listing \training\
> > smb: \> cd training
> > smb: \training\> ls
> > . DA 0 Tue Jan 10 13:17:11 2012
> > .. DA 0 Thu Sep 1 11:54:48 2011
> > Enterprise DA 0 Fri Oct 21 07:03:08 2011
> > enterprise_services_offering DA 0 Mon Jun 13 16:31:21 2011
> > Flash_Beta DA 0 Wed Apr 14 13:46:40 2010
> > Functions DA 0 Sat Feb 27 09:47:17 2010
> > GCSS DA 0 Wed Apr 14 13:46:49 2010
> >
> >
> > Or by specifying my authentication at the command line:
> >
> > $ sudo smbclient //pc************.com/D******NAS2 --workgroup=a******as
> > --user=scott_purcell Enter scott_purcell's password:
> > Domain=[A******AS] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1]
> > smb: \> cd training
> > smb: \training\> ls
> > . DA 0 Tue Jan 10 13:17:11 2012
> > .. DA 0 Thu Sep 1 11:54:48 2011
> > Enterprise DA 0 Fri Oct 21 07:03:08 2011
> > enterprise_services_offering DA 0 Mon Jun 13 16:31:21 2011
> > Flash_Beta DA 0 Wed Apr 14 13:46:40 2010
> > Functions DA 0 Sat Feb 27 09:47:17 2010
> > GCSS DA 0 Wed Apr 14 13:46:49 2010
> >
> >
> > Hope that helps...
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> Scott, you can try sec=ntlmssp instead.
> Perhaps the NAS box does not support smb signing.
>
> What would also help is either a wireshark trace or tcpdump output
> in both the cases, smbclient and cifs client.
> tcpdump -s 0 -w <filename.pcap> can be used to gather the data.
>
> Regards,
>
> Shirish
i also guess using "sec=ntlmssp" could solve the issue.
Using defaults - current cifs vfs does not offer the
"extended security negotiation" bit in flags2 during negprot...
So atm "sec=..." stuff is needed.
Cheers, Günter
More information about the samba
mailing list