[Samba] permission denied with windows acls
Peter Carlson
peter at howudodat.com
Sun Jan 28 16:47:28 UTC 2024
On 1/27/24 03:19, Rowland Penny via samba wrote:
>
> You are close, but are missing a parameter, try opening a terminal on
> u2gui (which I take it is the hostname for the domain joined client you
> are trying to mount the share to). Then type this:
>
> sudo mount -t cifs //fs.carlson.lab/test /mnt/test -o
> sec=krb5,username=U2GUI$,multiuser
>
> Now go and look at /mnt/test
>
> Rowland
>
I am still getting permission denied. Does the machine need a user
account? I thought that with multiuser it just needed a computer account
root at u2gui:~# mount -t cifs //fs1.carlson.lab/test /mnt/test -o
sec=krb5,username=U2GUI$,multiuser
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and
kernel log messages (dmesg)
root at u2gui:~# !tail
tail -f /var/log/syslog
Jan 28 08:43:46 U2GUI cifs.upcall: creduid=0
Jan 28 08:43:46 U2GUI cifs.upcall: user=U2GUI$
Jan 28 08:43:46 U2GUI cifs.upcall: pid=1583
Jan 28 08:43:46 U2GUI cifs.upcall: get_cachename_from_process_env:
pid == 0
Jan 28 08:43:46 U2GUI cifs.upcall: get_existing_cc: default ccache
is FILE:/tmp/krb5cc_0
Jan 28 08:43:46 U2GUI cifs.upcall: get_tgt_time: unable to get principal
Jan 28 08:43:48 U2GUI cifs.upcall: handle_krb5_mech: getting service
ticket for fs1.carlson.lab
Jan 28 08:43:48 U2GUI cifs.upcall: handle_krb5_mech: obtained
service ticket
Jan 28 08:43:48 U2GUI cifs.upcall: Exit status 0
Jan 28 08:43:50 U2GUI kernel: [ 769.735756] CIFS: VFS: cifs_mount
failed w/return code = -13
log on file server:
[2024/01/28 16:38:40.621414, 3]
../../source3/auth/auth_generic.c:173(auth3_generate_session_info_pac)
Kerberos ticket principal name is [U2GUI$@CARLSON.LAB]
[2024/01/28 16:38:40.622002, 1]
../../source3/auth/token_util.c:572(add_local_groups)
FINDME: for user CARLSON\u2gui$ worked
[2024/01/28 16:38:40.624929, 3]
../../source3/param/loadparm.c:3998(lp_load_ex)
lp_load_ex: refreshing parameters
[2024/01/28 16:38:40.625066, 3]
../../source3/param/loadparm.c:560(init_globals)
Initialising global parameters
[2024/01/28 16:38:40.625221, 3]
../../source3/param/loadparm.c:2900(lp_do_section)
Processing section "[global]"
[2024/01/28 16:38:40.625652, 2]
../../source3/param/loadparm.c:2917(lp_do_section)
Processing section "[Test]"
[2024/01/28 16:38:40.625769, 3]
../../source3/param/loadparm.c:1684(lp_add_ipc)
adding IPC service
[2024/01/28 16:38:40.625960, 3]
../../source3/smbd/password.c:84(register_homes_share)
Adding homes service for user 'CARLSON\u2gui$' using home directory:
'/home/u2gui_ at CARLSON'
[2024/01/28 16:38:40.626945, 3] ../../lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.54 (192.168.1.54)
[2024/01/28 16:38:40.627048, 3]
../../source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2024/01/28 16:38:40.627092, 3]
../../source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2024/01/28 16:38:40.627111, 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2024/01/28 16:38:40.627121, 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [acl_xattr]
[2024/01/28 16:38:40.628705, 3]
../../lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module
'/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
[2024/01/28 16:38:40.628780, 2]
../../source3/modules/vfs_acl_xattr.c:206(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service IPC$
[2024/01/28 16:38:40.628949, 3]
../../source3/smbd/smb2_service.c:814(make_connection_snum)
192.168.1.54 (ipv4:192.168.1.54:47396) signed connect to service IPC$
initially as user CARLSON\u2gui$ (uid=2001123, gid=2000515) (pid 59341)
[2024/01/28 16:38:40.629417, 3]
../../source3/smbd/msdfs.c:984(get_referred_path)
get_referred_path: |test| in dfs path \fs1.carlson.lab\test is not a
dfs root.
[2024/01/28 16:38:40.629475, 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NOT_FOUND] || at ../../source3/smbd/smb2_ioctl.c:353
[2024/01/28 16:38:40.630006, 3] ../../lib/util/access.c:372(allow_access)
Allowed connection from 192.168.1.54 (192.168.1.54)
[2024/01/28 16:38:40.630107, 3]
../../source3/smbd/smb2_service.c:584(make_connection_snum)
make_connection_snum: Connect path is '/data/test' for service [Test]
[2024/01/28 16:38:40.630142, 3]
../../source3/smbd/vfs.c:115(vfs_init_default)
Initialising default vfs hooks
[2024/01/28 16:38:40.630158, 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2024/01/28 16:38:40.630167, 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
Initialising custom vfs hooks from [acl_xattr]
[2024/01/28 16:38:40.630202, 2]
../../source3/modules/vfs_acl_xattr.c:206(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service Test
[2024/01/28 16:38:40.630351, 2]
../../source3/smbd/smb2_service.c:814(make_connection_snum)
192.168.1.54 (ipv4:192.168.1.54:47396) signed connect to service Test
initially as user CARLSON\u2gui$ (uid=2001123, gid=2000515) (pid 59341)
[2024/01/28 16:38:40.630655, 0]
../../source3/smbd/smb2_service.c:117(chdir_current_service)
chdir_current_service: vfs_ChDir(/data/test) failed: Permission
denied. Current token: uid=2001123, gid=2000515, 5 groups: 2001123
2000515 10003 10004 10006
[2024/01/28 16:38:40.630692, 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/28 16:38:40.630909, 0]
../../source3/smbd/smb2_service.c:117(chdir_current_service)
chdir_current_service: vfs_ChDir(/data/test) failed: Permission
denied. Current token: uid=2001123, gid=2000515, 5 groups: 2001123
2000515 10003 10004 10006
[2024/01/28 16:38:40.630938, 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/28 16:38:40.631074, 0]
../../source3/smbd/smb2_service.c:117(chdir_current_service)
chdir_current_service: vfs_ChDir(/data/test) failed: Permission
denied. Current token: uid=2001123, gid=2000515, 5 groups: 2001123
2000515 10003 10004 10006
[2024/01/28 16:38:40.631094, 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/28 16:38:42.665018, 3]
../../source3/smbd/smb2_service.c:907(close_cnum)
192.168.1.54 (ipv4:192.168.1.54:47396) closed connection to service IPC$
[2024/01/28 16:38:42.665160, 2]
../../source3/smbd/smb2_service.c:907(close_cnum)
192.168.1.54 (ipv4:192.168.1.54:47396) closed connection to service Test
[2024/01/28 16:38:42.801101, 3]
../../source3/smbd/server_exit.c:229(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
More information about the samba
mailing list