[Samba] permission denied with windows acls

Peter Carlson peter at howudodat.com
Sun Jan 28 16:47:28 UTC 2024


On 1/27/24 03:19, Rowland Penny via samba wrote:
>
> You are close, but are missing a parameter, try opening a terminal on
> u2gui (which I take it is the hostname for the domain joined client you
> are trying to mount the share to). Then type this:
>
> sudo mount -t cifs //fs.carlson.lab/test /mnt/test -o
> sec=krb5,username=U2GUI$,multiuser
>
> Now go and look at /mnt/test
>
> Rowland
>
I am still getting permission denied.  Does the machine need a user 
account? I thought that with multiuser it just needed a computer account

    root at u2gui:~# mount -t cifs //fs1.carlson.lab/test /mnt/test -o
    sec=krb5,username=U2GUI$,multiuser
    mount error(13): Permission denied
    Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and
    kernel log messages (dmesg)

    root at u2gui:~# !tail
    tail -f /var/log/syslog
    Jan 28 08:43:46 U2GUI cifs.upcall: creduid=0
    Jan 28 08:43:46 U2GUI cifs.upcall: user=U2GUI$
    Jan 28 08:43:46 U2GUI cifs.upcall: pid=1583
    Jan 28 08:43:46 U2GUI cifs.upcall: get_cachename_from_process_env:
    pid == 0
    Jan 28 08:43:46 U2GUI cifs.upcall: get_existing_cc: default ccache
    is FILE:/tmp/krb5cc_0
    Jan 28 08:43:46 U2GUI cifs.upcall: get_tgt_time: unable to get principal
    Jan 28 08:43:48 U2GUI cifs.upcall: handle_krb5_mech: getting service
    ticket for fs1.carlson.lab
    Jan 28 08:43:48 U2GUI cifs.upcall: handle_krb5_mech: obtained
    service ticket
    Jan 28 08:43:48 U2GUI cifs.upcall: Exit status 0
    Jan 28 08:43:50 U2GUI kernel: [  769.735756] CIFS: VFS: cifs_mount
    failed w/return code = -13

log on file server:

[2024/01/28 16:38:40.621414,  3] 
../../source3/auth/auth_generic.c:173(auth3_generate_session_info_pac)
   Kerberos ticket principal name is [U2GUI$@CARLSON.LAB]
[2024/01/28 16:38:40.622002,  1] 
../../source3/auth/token_util.c:572(add_local_groups)
   FINDME: for user CARLSON\u2gui$ worked
[2024/01/28 16:38:40.624929,  3] 
../../source3/param/loadparm.c:3998(lp_load_ex)
   lp_load_ex: refreshing parameters
[2024/01/28 16:38:40.625066,  3] 
../../source3/param/loadparm.c:560(init_globals)
   Initialising global parameters
[2024/01/28 16:38:40.625221,  3] 
../../source3/param/loadparm.c:2900(lp_do_section)
   Processing section "[global]"
[2024/01/28 16:38:40.625652,  2] 
../../source3/param/loadparm.c:2917(lp_do_section)
   Processing section "[Test]"
[2024/01/28 16:38:40.625769,  3] 
../../source3/param/loadparm.c:1684(lp_add_ipc)
   adding IPC service
[2024/01/28 16:38:40.625960,  3] 
../../source3/smbd/password.c:84(register_homes_share)
   Adding homes service for user 'CARLSON\u2gui$' using home directory: 
'/home/u2gui_ at CARLSON'
[2024/01/28 16:38:40.626945,  3] ../../lib/util/access.c:372(allow_access)
   Allowed connection from 192.168.1.54 (192.168.1.54)
[2024/01/28 16:38:40.627048,  3] 
../../source3/smbd/smb2_service.c:584(make_connection_snum)
   make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2024/01/28 16:38:40.627092,  3] 
../../source3/smbd/vfs.c:115(vfs_init_default)
   Initialising default vfs hooks
[2024/01/28 16:38:40.627111,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2024/01/28 16:38:40.627121,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [acl_xattr]
[2024/01/28 16:38:40.628705,  3] 
../../lib/util/modules.c:167(load_module_absolute_path)
   load_module_absolute_path: Module 
'/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
[2024/01/28 16:38:40.628780,  2] 
../../source3/modules/vfs_acl_xattr.c:206(connect_acl_xattr)
   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
true' and 'force unknown acl user = true' for service IPC$
[2024/01/28 16:38:40.628949,  3] 
../../source3/smbd/smb2_service.c:814(make_connection_snum)
   192.168.1.54 (ipv4:192.168.1.54:47396) signed connect to service IPC$ 
initially as user CARLSON\u2gui$ (uid=2001123, gid=2000515) (pid 59341)
[2024/01/28 16:38:40.629417,  3] 
../../source3/smbd/msdfs.c:984(get_referred_path)
   get_referred_path: |test| in dfs path \fs1.carlson.lab\test is not a 
dfs root.
[2024/01/28 16:38:40.629475,  3] 
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_NOT_FOUND] || at ../../source3/smbd/smb2_ioctl.c:353
[2024/01/28 16:38:40.630006,  3] ../../lib/util/access.c:372(allow_access)
   Allowed connection from 192.168.1.54 (192.168.1.54)
[2024/01/28 16:38:40.630107,  3] 
../../source3/smbd/smb2_service.c:584(make_connection_snum)
   make_connection_snum: Connect path is '/data/test' for service [Test]
[2024/01/28 16:38:40.630142,  3] 
../../source3/smbd/vfs.c:115(vfs_init_default)
   Initialising default vfs hooks
[2024/01/28 16:38:40.630158,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2024/01/28 16:38:40.630167,  3] 
../../source3/smbd/vfs.c:141(vfs_init_custom)
   Initialising custom vfs hooks from [acl_xattr]
[2024/01/28 16:38:40.630202,  2] 
../../source3/modules/vfs_acl_xattr.c:206(connect_acl_xattr)
   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
true' and 'force unknown acl user = true' for service Test
[2024/01/28 16:38:40.630351,  2] 
../../source3/smbd/smb2_service.c:814(make_connection_snum)
   192.168.1.54 (ipv4:192.168.1.54:47396) signed connect to service Test 
initially as user CARLSON\u2gui$ (uid=2001123, gid=2000515) (pid 59341)
[2024/01/28 16:38:40.630655,  0] 
../../source3/smbd/smb2_service.c:117(chdir_current_service)
   chdir_current_service: vfs_ChDir(/data/test) failed: Permission 
denied. Current token: uid=2001123, gid=2000515, 5 groups: 2001123 
2000515 10003 10004 10006
[2024/01/28 16:38:40.630692,  3] 
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/28 16:38:40.630909,  0] 
../../source3/smbd/smb2_service.c:117(chdir_current_service)
   chdir_current_service: vfs_ChDir(/data/test) failed: Permission 
denied. Current token: uid=2001123, gid=2000515, 5 groups: 2001123 
2000515 10003 10004 10006
[2024/01/28 16:38:40.630938,  3] 
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/28 16:38:40.631074,  0] 
../../source3/smbd/smb2_service.c:117(chdir_current_service)
   chdir_current_service: vfs_ChDir(/data/test) failed: Permission 
denied. Current token: uid=2001123, gid=2000515, 5 groups: 2001123 
2000515 10003 10004 10006
[2024/01/28 16:38:40.631094,  3] 
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/28 16:38:42.665018,  3] 
../../source3/smbd/smb2_service.c:907(close_cnum)
   192.168.1.54 (ipv4:192.168.1.54:47396) closed connection to service IPC$
[2024/01/28 16:38:42.665160,  2] 
../../source3/smbd/smb2_service.c:907(close_cnum)
   192.168.1.54 (ipv4:192.168.1.54:47396) closed connection to service Test
[2024/01/28 16:38:42.801101,  3] 
../../source3/smbd/server_exit.c:229(exit_server_common)
   Server exit (NT_STATUS_END_OF_FILE)




More information about the samba mailing list