samba - May 2010 - Still can't mount Samba shares from other Samba server

I am *still* unable to mount shares from a Ubuntu 10.04 server, using a 
Ubuntu 10.04 laptop. I totally re-formatted both my desktop and my 
laptop with Ubuntu 10.04 (so that they would be using the same version 
of Samba). I am using the exact same smb.conf for the 2 machines (less 
the share definitions, which exist only on the desktop, known as 
"workhorse"). wbinfo -u, wbinfo -g, wbinfo -t, wbinfo -a domainuser- 
these all work. getent passwd and getent group both work, and both 
return the exact same info, on both machines:

DACRIB+administrator:*:10002:10000:Administrator:/home/DACRIB/Administrator:/bin/sh
DACRIB+krbtgt:*:10006:10000:krbtgt:/home/DACRIB/krbtgt:/bin/sh
DACRIB+turgon:*:10003:10000:Mike Leone:/home/DACRIB/turgon:/bin/bash
DACRIB+leonem:*:10000:10000:Leone, Mike:/home/DACRIB/LeoneM:/bin/bash
DACRIB+servicerunner:*:10005:10000:ServiceRunner:/home/DACRIB/ServiceRunner:/bin/sh
DACRIB+ldap-proxy:*:10001:10000:LDAP Proxy:/home/DACRIB/ldap-proxy:/bin/sh

It returns the uid that was entered on the Unix Attributes tab of my 
Win2003 w/SFU AD entry. So it looks like domain users are being mapped 
identically, on both machines.

Yet trying to mount a share from workhorse onto Dual-Booter fails:

(on Dual-Booter)
# smbmount //workhorse/OldHome /OldHome -o username=DACRIB+turgon
Password:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

So I did a  "echo 1 > /proc/fs/cifs/cifsFYI"  and tried again, and
then
saw this, in syslog:

/build/buildd/linux-2.6.32/fs/cifs/cifsfs.c: Devname: 
//workhorse/OldHome flags: 64
/build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: in cifs_mount as 
Xid: 1 with uid: 0
/build/buildd/linux-2.6.32/fs/cifs/connect.c: Username: DACRIB+turgon
/build/buildd/linux-2.6.32/fs/cifs/connect.c: UNC: \\workhorse\OldHome 
ip: 10.0.0.20
/build/buildd/linux-2.6.32/fs/cifs/connect.c: Socket created
/build/buildd/linux-2.6.32/fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 
rcvtimeo 0x6d6
/build/buildd/linux-2.6.32/fs/cifs/connect.c: Existing smb sess not found
/build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: secFlags 0x7
/build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 114
/build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb:  total_len 82
/build/buildd/linux-2.6.32/fs/cifs/connect.c: Demultiplex PID: 1752
/build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x5f
/build/buildd/linux-2.6.32/fs/cifs/misc.c: Calculated size 81 vs length 
95 mismatch for mid 1
/build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: Dialect: 2
/build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: negprot rc 0
/build/buildd/linux-2.6.32/fs/cifs/connect.c: Security Mode: 0x3 
Capabilities: 0x80f3fc TimeAdjust: 14400
/build/buildd/linux-2.6.32/fs/cifs/sess.c: sess setup type 2
/build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 115
/build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb:  total_len 260
/build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x5e
/build/buildd/linux-2.6.32/fs/cifs/misc.c: Null buffer passed to 
cifs_small_buf_release
/build/buildd/linux-2.6.32/fs/cifs/sess.c: ssetup rc from sendrecv2 is 0
/build/buildd/linux-2.6.32/fs/cifs/sess.c: Guest login
/build/buildd/linux-2.6.32/fs/cifs/sess.c: UID = 100
/build/buildd/linux-2.6.32/fs/cifs/sess.c: bleft 48
/build/buildd/linux-2.6.32/fs/cifs/sess.c: serverOS=Unix
/build/buildd/linux-2.6.32/fs/cifs/sess.c: serverNOS=Samba 3.4.7
/build/buildd/linux-2.6.32/fs/cifs/sess.c: serverDomain=DACRIB
/build/buildd/linux-2.6.32/fs/cifs/sess.c: ssetup freeing small buf d99201c0
/build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS Session Established 
successfully
/build/buildd/linux-2.6.32/fs/cifs/connect.c: file mode: 0x1ed  dir 
mode: 0x1ed
/build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 117
/build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb:  total_len 94
/build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x27
/build/buildd/linux-2.6.32/fs/cifs/netmisc.c: Mapping smb error code 5 
to POSIX err -13
/build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS Tcon rc = -13
/build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: in cifs_put_tcon 
as Xid: 2 with uid: 0
/build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: In tree disconnect
/build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 113
/build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb:  total_len 39
/build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x27
/build/buildd/linux-2.6.32/fs/cifs/netmisc.c: Mapping smb error code 64 
to POSIX err -5
/build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: Tree disconnect failed -5
/build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: in 
cifs_put_smb_ses as Xid: 3 with uid: 0
/build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: In SMBLogoff for session 
disconnect
/build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 116
/build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb:  total_len 43
/build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x2b
/build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: leaving 
cifs_mount (xid = 1) rc = -13
CIFS VFS: cifs_mount failed w/return code = -13

Can anyone help? I'm about to throw in the towel, and just give up on 
using Samba on the laptop, if I can't mount shares from both Windows and 
Samba servers. What is that "Guest login" and "UID=100"? I
specified a
valid domain user (in fact, a Domain Admin), in the mounting line. On 
workhorse, the share is actually owned by DACRIB+turgon. :-)

Dual-Booter can mount shares from an XP machine (altho oddly, I need to 
specify username as "turgon at DACRIB", instead of
"DACRIB+turgon".

smb.conf:

[global]
	workgroup = DACRIB
	realm = DACRIB.LOCAL
	server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
	security = ADS
	map to guest = Bad User

	client use spnego = true
	client ntlmv2 auth = yes
	auth methods = winbind
	restrict anonymous = 0
	server signing = auto

	eventlog list = Application System Security SyslogLinux

# PAM AUTH
	encrypt passwords = Yes
	obey pam restrictions = Yes
	pam password change = true
	password server = dim-win2300.DaCrib.local
	pam password change = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
	unix password sync = Yes

	log level = 3
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000

	preferred master = No
	domain master = No
	local master  = No
	os level = 2

	dns proxy = No
	usershare allow guests = Yes
	panic action = /usr/share/samba/panic-action %d
	hide dot files = No

# WINBIND

	idmap config DACRIB:backend = ad
	idmap config DACRIB:range = 10000 - 20000
	idmap config DACRIB:schema_mode = sfu

         idmap uid = 10000-20000
         idmap gid = 10000-20000

	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = No
    	winbind nested groups = Yes
	winbind refresh tickets = true
	winbind separator = +
	winbind nss info = sfu
	allow trusted domains = No

	template homedir = /home/%D/%u
	template shell = /bin/bash

	enable privileges = Yes
	wide links = No

On workkhorse only:

[OldHome]
	path = /OldHome
	read only = No

On a hunch, I removed the

winbind separator = +

And can mount shares from the command line:

# mount -t cifs //workhorse/OldHome /OldHome -o 
user=DACRIB\\turgon,password=******** --verbose

mount.cifs kernel mount options: 
unc=//workhorse\OldHome,domain=DACRIB,ver=1,rw,user=turgon,,,,,,,,ip=10.0.0.20,pass=********

Note that I had to escape the backslash separator, both in the 
DOMAIN\USER entry, and (in this case) also in the password, which has a 
exclamation mark (!) in it.

root at Dual-Booter:/etc# ls -la /OldHome/
root at Dual-Booter:/etc# ls -la /OldHome/
total 4
drwxr-xr-x 13 DACRIB\turgon DACRIB\domain users    0 2010-05-09 18:25 .
drwxr-xr-x 29 root          root                4096 2010-05-12 23:03 ..
drwxrwxrwx 11 DACRIB\turgon DACRIB\domain users    0 2010-05-09 18:25 mjl
drwxrwxrwx 23 DACRIB\turgon DACRIB\domain users    0 2010-03-27 14:30 turgon

So YAY! for that. Still can't mount it in fstab, however. It doesn't 
work if I specify the username and password in the entry, nor does it 
work if I put it in a credentials file. No indications that I can see as 
to why it's failing.

Is using samba really supposed to be this hard? :-(

On 05/13/2010 12:20 AM, Mike Leone wrote:
> I am *still* unable to mount shares from a Ubuntu 10.04 server, using a
> Ubuntu 10.04 laptop. I totally re-formatted both my desktop and my
> laptop with Ubuntu 10.04 (so that they would be using the same version
> of Samba). I am using the exact same smb.conf for the 2 machines (less
> the share definitions, which exist only on the desktop, known as
> "workhorse"). wbinfo -u, wbinfo -g, wbinfo -t, wbinfo -a
domainuser-
> these all work. getent passwd and getent group both work, and both
> return the exact same info, on both machines:
>
>
DACRIB+administrator:*:10002:10000:Administrator:/home/DACRIB/Administrator:/bin/sh
>
> DACRIB+krbtgt:*:10006:10000:krbtgt:/home/DACRIB/krbtgt:/bin/sh
> DACRIB+turgon:*:10003:10000:Mike Leone:/home/DACRIB/turgon:/bin/bash
> DACRIB+leonem:*:10000:10000:Leone, Mike:/home/DACRIB/LeoneM:/bin/bash
>
DACRIB+servicerunner:*:10005:10000:ServiceRunner:/home/DACRIB/ServiceRunner:/bin/sh
>
> DACRIB+ldap-proxy:*:10001:10000:LDAP Proxy:/home/DACRIB/ldap-proxy:/bin/sh
>
> It returns the uid that was entered on the Unix Attributes tab of my
> Win2003 w/SFU AD entry. So it looks like domain users are being mapped
> identically, on both machines.
>
> Yet trying to mount a share from workhorse onto Dual-Booter fails:
>
> (on Dual-Booter)
> # smbmount //workhorse/OldHome /OldHome -o username=DACRIB+turgon
> Password:
> mount error(13): Permission denied
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
>
> So I did a "echo 1 > /proc/fs/cifs/cifsFYI" and tried again,
and then
> saw this, in syslog:
>
> /build/buildd/linux-2.6.32/fs/cifs/cifsfs.c: Devname:
> //workhorse/OldHome flags: 64
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: in cifs_mount as
> Xid: 1 with uid: 0
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: Username: DACRIB+turgon
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: UNC: \\workhorse\OldHome
> ip: 10.0.0.20
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: Socket created
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380
> rcvtimeo 0x6d6
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: Existing smb sess not found
> /build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: secFlags 0x7
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 114
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb: total_len 82
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: Demultiplex PID: 1752
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x5f
> /build/buildd/linux-2.6.32/fs/cifs/misc.c: Calculated size 81 vs length
> 95 mismatch for mid 1
> /build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: Dialect: 2
> /build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: negprot rc 0
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: Security Mode: 0x3
> Capabilities: 0x80f3fc TimeAdjust: 14400
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: sess setup type 2
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 115
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb: total_len 260
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x5e
> /build/buildd/linux-2.6.32/fs/cifs/misc.c: Null buffer passed to
> cifs_small_buf_release
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: ssetup rc from sendrecv2 is 0
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: Guest login
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: UID = 100
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: bleft 48
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: serverOS=Unix
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: serverNOS=Samba 3.4.7
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: serverDomain=DACRIB
> /build/buildd/linux-2.6.32/fs/cifs/sess.c: ssetup freeing small buf
> d99201c0
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS Session Established
> successfully
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: file mode: 0x1ed dir mode:
> 0x1ed
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 117
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb: total_len 94
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x27
> /build/buildd/linux-2.6.32/fs/cifs/netmisc.c: Mapping smb error code 5
> to POSIX err -13
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS Tcon rc = -13
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: in cifs_put_tcon
> as Xid: 2 with uid: 0
> /build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: In tree disconnect
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 113
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb: total_len 39
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x27
> /build/buildd/linux-2.6.32/fs/cifs/netmisc.c: Mapping smb error code 64
> to POSIX err -5
> /build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: Tree disconnect failed -5
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: in
> cifs_put_smb_ses as Xid: 3 with uid: 0
> /build/buildd/linux-2.6.32/fs/cifs/cifssmb.c: In SMBLogoff for session
> disconnect
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: For smb_command 116
> /build/buildd/linux-2.6.32/fs/cifs/transport.c: Sending smb: total_len 43
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: rfc1002 length 0x2b
> /build/buildd/linux-2.6.32/fs/cifs/connect.c: CIFS VFS: leaving
> cifs_mount (xid = 1) rc = -13
> CIFS VFS: cifs_mount failed w/return code = -13
>
> Can anyone help? I'm about to throw in the towel, and just give up on
> using Samba on the laptop, if I can't mount shares from both Windows
and
> Samba servers. What is that "Guest login" and
"UID=100"? I specified a
> valid domain user (in fact, a Domain Admin), in the mounting line. On
> workhorse, the share is actually owned by DACRIB+turgon. :-)
>
> Dual-Booter can mount shares from an XP machine (altho oddly, I need to
> specify username as "turgon at DACRIB", instead of
"DACRIB+turgon".
>
> smb.conf:
>
> [global]
> workgroup = DACRIB
> realm = DACRIB.LOCAL
> server string = %h server (Samba %v, Domain: %D, Server: %L - %R)
> security = ADS
> map to guest = Bad User
>
> client use spnego = true
> client ntlmv2 auth = yes
> auth methods = winbind
> restrict anonymous = 0
> server signing = auto
>
> eventlog list = Application System Security SyslogLinux
>
> # PAM AUTH
> encrypt passwords = Yes
> obey pam restrictions = Yes
> pam password change = true
> password server = dim-win2300.DaCrib.local
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
>
> log level = 3
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
>
> preferred master = No
> domain master = No
> local master = No
> os level = 2
>
> dns proxy = No
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> hide dot files = No
>
> # WINBIND
>
> idmap config DACRIB:backend = ad
> idmap config DACRIB:range = 10000 - 20000
> idmap config DACRIB:schema_mode = sfu
>
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = No
> winbind nested groups = Yes
> winbind refresh tickets = true
> winbind separator = +
> winbind nss info = sfu
> allow trusted domains = No
>
> template homedir = /home/%D/%u
> template shell = /bin/bash
>
> enable privileges = Yes
> wide links = No
>
> On workkhorse only:
>
> [OldHome]
> path = /OldHome
> read only = No
>

-- 
Michael J. Leone, <mailto:turgon at mike-leone.com>

It seems to me
I could live my life
A lot better than I think I am
			Rush, "Working Man"