[Samba] What in samba 4.1 prevents a '/' share?

David C. Rankin drankinatty at suddenlinkmail.com
Sun Jan 5 19:34:26 MST 2014 

On 01/02/2014 03:11 AM, L.P.H. van Belle wrote:
> ow and what i just found.  ( yes your on arch linux, but ) 
> here is some good info you can try also. 
> https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1113395 
> 
> read #12 and #13 
> 
> Greetz, 
> 
> Louis

Louis,

  Thank you again. When I first saw your post here I thought "He did it! He
found the answer!", but I think there must be more to it. This does look like we
are on the right track though. Another part of the problem is the kernel (see:
#15 in https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1113395)
Apparently, Linux 3.8 dropped support for ntlm. But the tests with sec=ntlmv2
should have gotten around that... Also, the 3.3.6 boxes are all kernel <3.8 so
ntlm still worked fine. On the server that is giving us issues we have:

[19:45 phoinix:/home/david] # uname -r
3.12.6-1-ARCH

  I have tried the traditional value of 0x7 for /proc/fs/cifs/SecurityFlags, but
it makes no difference with not being able to mount my '/' share:

[19:34 phoinix:/home/david] # echo 0x7 >/proc/fs/cifs/SecurityFlags
[19:36 phoinix:/home/david] # cat /proc/fs/cifs/SecurityFlags
0x7

  Then on my 3.3.6 box (/proc/fs/cifs/SecurityFlags doesn't exist), I tried
mounting normally:

19:36 providence:~> sudo mount.cifs //phoinix/config /mnt/phx-cfg/ -o
username=david,uid=1000,credentials=/home/david/.dcr/mountcfile,noperm
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
19:37 providence:~> sudo mount.cifs //phoinix/config /mnt/phx-cfg -o
username=david,uid=1000,credentials=/home/david/.dcr/mountcfile,noperm,sec=ntlmv2
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
19:40 providence:~> sudo mount -t cifs //phoinix/config /mnt/phx-cfg -o
username=david,sec=ntlmv2
Password for david@//phoinix/config:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
19:41 providence:~> sudo mount -t cifs //phoinix/config /mnt/phx-cfg -o
username="RLFPLLC\david",sec=ntlmv2
Password for david@//phoinix/config:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

  In your last thread about whether 'smbpasswd -e' or 'smbpasswd -a' was used,
you noted the password prompt contained an '@' when not using a credentials= file:

Password for david@//phoinix/config:

  That is something I cannot explain -- but I do not think it is the issue:

19:50 providence:~> sudo umount /mnt/phx-david
19:51 providence:~> sudo mount -t cifs //phoinix/david /mnt/phx-david -o
username=david
Password for david@//phoinix/david:

  It all worked just fine. The problem is still limited to the '/' share.
Checking what mount reports for the shares successfully mounted, I don't see
anything out of the ordinary. Maybe you do?

19:54 providence:~> mount
<snip>
//phoinix/samba on /mnt/phx type cifs
(rw,relatime,vers=1.0,sec=ntlm,cache=loose,unc=\\phoinix\samba,username=david,uid=1000,forceuid,gid=0,noforcegid,
addr=192.168.7.16,unix,posixpaths,serverino,acl,noperm,
rsize=1048576,wsize=65536,actimeo=1)
//phoinix/david on /mnt/phx-david type cifs
(rw,relatime,vers=1.0,sec=ntlm,cache=loose,unc=\\phoinix\david,username=david,uid=1000,forceuid,gid=0,noforcegid,
addr=192.168.7.16,unix,posixpaths,serverino,acl,noperm,
rsize=1048576,wsize=65536,actimeo=1)

  Does there appear to be anything in the way the working shares get mounted
that might indicate why the '/' share is being blocked? (just a thought)

  I did a test on the server phoinix (smbd 4.1.3) to see what security mechanism
it was reporting instead of "..sec=ntlm,cache=loose.." as reported on the kernel
<3.8 boxes. Mounting the '/' share from a 3.3.6 box 'mount' reported no security
information at all:

//providence/config on /mnt/pv-cfg type cifs
(rw,relatime,vers=1.0,cache=strict,username=david,domain=WORKGROUP,
uid=1000,forceuid,gid=0,noforcegid,addr=192.168.7.124,unix,posixpaths,
serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1)

  It does however report ..cache=strict,..,domain=WORKGROUP, I guess as a result
of being in standalone configuration. I'm not sure that makes any difference
though...

  So I'm back to square 1. I had high hopes that 'echo 0x7
>/proc/fs/cifs/SecurityFlags' would fix the issue, but it would seem -- more
learning is needed. What other ideas do you have? Does the smbpasswd -a instead
of -e make any difference?

  Thank you again for your help!

-- 
David C. Rankin, J.D.,P.E.

More information about the samba mailing list