[Samba] Samba3 shares cannot be mounted on linux box uisng cifs command , error "CIFS VFS: cifs_mount failed w/return code = -13"

Mario Pio Russo mariopiorusso at ie.ibm.com
Tue Jul 14 15:49:36 UTC 2015

Good Day All

I have a problem for our main fileserver base don samba 3.5.6

Let's give a bit of pregress first. We had a samba 3.5.6 installation which
was acting as a PDC for our internal domian called CCDC. On a sapearate
machine, we had another installation of samba 3.5.6 to act just as file
share server.

All was working ok, till I upgraded the PDC form samba 3.5.6 to samba
4.2.2 , using the classicupgrade.

Now I am able to access the shares from the windows boxes added to the CCDC
domain, but when I try to mount a cifs share form a linux box, then I get
the following error:

mount.cifs -o
username=mariopio,domain=CCDC  //seadog.mul.ie.ibm.com/scrap/4mario /media/
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

form dmesg I can see the following error:

CIFS VFS: cifs_mount failed w/return code = -13

the smb.conf of the file server is the following:

root at seadog:/etc/samba# cat smb.conf

        write cache size = 131072

      vfs objects = full_audit
      full_audit:prefix = %u,%I,%m,%S
      # removed this, so we only log failures.
      # however will keep it here commented it out for future reference

      #full_audit:success = mkdir rename unlink rmdir open chown chmod
connect readlink
      full_audit:failure = mkdir rename unlink rmdir open chown chmod
connect readlink
      full_audit:facility = local7
      full_audit:priority = NOTICE

      server string = CSI Samba Server
      workgroup = CCDC
      netbios name = SEADOG
      realm = CCDC.LAN
      security = ads
      #security = domain
      wins server =
      server signing = mandatory
      password server =

     map untrusted to domain = yes

      wins support = no
      wins proxy = no
      dns proxy = no
      name resolve order = wins host bcast

      winbind use default domain = yes

      winbind uid = 10000-20000
      winbind gid = 10000-20000
      winbind cache time = 15
      winbind enum users = yes
      winbind enum groups = yes

      # This is needed, a fake home folder so that users are able to ftp
      # this folder is empty but exists, do a getent passwd to see what I
      template homedir = /home/winbind

      local master = no
      domain master = no

      # To o with ACL mapping to windows
      dos filemode = Yes
      acl group control = Yes
      acl map full control = Yes
       map acl inherit = Yes

      guest account = nobody
      invalid users = root daemon bin sys sync games man lp mail news uucp
proxy www-data backup list irc gnats Debian-exim sshd ntpd

      log file = /var/log/samba/log.%m
      log level = 3

      max log size = 2000
      syslog = 0

      # using these options copied from clearcase.
      # back in the day we did research these to death
#      socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE
      socket options = SO_RCVBUF=262144 SO_SNDBUF=262144 SO_KEEPALIVE

      # This disables print options
      # we are not a print server
      load printers = No
      disable spoolss = Yes

      smb ports = 139

      # every mount from the SAN has a lost+found folder
      # to avoid user confusion, have set this to hidden
      hide files = /lost+found/

      aio read size = 1
      aio write size = 1
      follow symlinks          = no

      comment              = ICS - CSI general scrap Area
      path                 = /export/ICS/CSI/scrap
      valid users          = @"Domain Users"
      force create mode    = 750
      force directory mode = 740
      writeable            = Yes
      browseable           = Yes

note that on this fileserver nothing was touched during the classiupgrade,
a part the following parameters of the smb.conf

      realm = CCDC.LAN
      security = ads
      wins server =

      password server =

I have tried already different Linux machine with different distribution
and I always get the same error, I have also tried to add the parameter
"sec=ntlm or ntlmi " but hasn't changed much.

Note that for some historical reason, this file server has NOT a kerbero
workstation installation and was joined to the CCDC domain using net rpc
join instead of net ads join, could this be a problem?

any help is much appreciated!!!!


Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariopiorusso at ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4

(Embedded image moved to file: pic44465.gif)

More information about the samba mailing list