Hi All, I am running into an issue mounting a Samba share from our Linux server. We are running Samba 4.8.8 on CentOS 7.6.1810. I have done a some testing, and I can't get the root cause of the error. Testing: CentOS 7.6 client -> Samba server, mounting fails - mount.cfs mount error(13): Permission denied CentOS 7.6 client -> Win10 desktop share, mounting works Fedora 29 client -> Samba server, mounting fails - mount.cfs mount error(13): Permission denied Fedora 29 client -> Win10 desktop share, mounting works Window 10 client -> Samba server, mounting works So there is a problem between the server and Linux clients. Originally I was thinking it was linked to this closed bug report, https://bugzilla.samba.org/show_bug.cgi?id=8950. The error is same, but the path leading to the share is readable, so it isn't the same thing. I am using the following command to mount the share. # mount -t cifs //xxxxxxxxxxxxxxxxxxxx/paulg /tmp/1 -o user=paulg,uid=2381,gid=1000,sec=ntlmsspi Password for paulg@//xxxxx/paulg: ********* mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) I tried the following security options. sec=ntlmsspi sec=ntlmssp sec=ntlmv2 sec=ntlmv2i With the same results. I wonder why Linux clients having issues? Any pointers? Thanks Paul ||||||||||--- samba config for AD --- # Global parameters [global] netbios name = DC1 workgroup = ONEEXAMPLECA realm = AD.ONE.EXAMPLE.CA dns forwarder = 130.63.xx.xx server role = active directory domain controller idmap_ldb:use rfc2307 = yes interfaces = 127.0.0.1 130.63.xx.xx bind interfaces only = yes [netlogon] path = /xconf/samba/sysvol/ad.one.example.ca/scripts read only = no writeable = no guest ok = no [sysvol] path = /xconf/samba/sysvol read only = no writeable = no guest ok = no --- samba config for file server --- [global] netbios name = PCSERVER1 security = ADS workgroup = ONEEXAMPLECA realm = AD.ONE.EXAMPLE.CA server string = Samba Server hostname lookups = yes #log files debug timestamp = yes debug uid = yes debug pid = yes debug level = 1 max log size = 0 username map = /xconf/samba/usermap #ip networking max connections = 0 interfaces = 127.0.0.1 130.xx.xx.xx bind interfaces only = yes #printing load printers = yes printcap name = /xconf/lprng/printcap printing = bsd print command = /xsys/bin/lpr -b -P%p %s ; rm -f %s lpq command = /xsys/bin/lpq -P%p lprm command = /xsys/bin/lprm -P%p %j use client driver = yes # security settings guest account = nobody invalid users = root nt acl support = yes inherit permissions = yes client lanman auth = no client ntlmv2 auth = yes wide links = no unix extensions = no # level2 oplocks = no oplocks = no strict locking = no # Tell Samba to kill processes which are not used anymore; time in minutes. deadtime = 30 [homes] comment = Home Directories browseable = yes read only = no valid users = %S csc policy = disable invalid users = activ8 oplocks = no level2 oplocks = no strict locking = no posix locking = no
On Mon, 22 Apr 2019 09:48:31 -0400 Paul Griffith via samba <samba at lists.samba.org> wrote:> Hi All, > > I am running into an issue mounting a Samba share from our Linux > server. We are running Samba 4.8.8 on CentOS 7.6.1810. I have done a > some testing, and I can't get the root cause of the error. > > Testing: > > CentOS 7.6 client -> Samba server, mounting fails - mount.cfs mount > error(13): Permission denied > CentOS 7.6 client -> Win10 desktop share, mounting works > > Fedora 29 client -> Samba server, mounting fails - mount.cfs mount > error(13): Permission denied > Fedora 29 client -> Win10 desktop share, mounting works >Are you using sssd ? If so, then I suggest asking on the sssd-users mailing list, Samba isn't doing the authentication. If you aren't using sssd, then the Unix domain members smb.conf is missing all the 'idmap config' lines, see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland
On 4/22/19 10:18 AM, Rowland Penny via samba wrote:> On Mon, 22 Apr 2019 09:48:31 -0400 > Paul Griffith via samba <samba at lists.samba.org> wrote: > >> Hi All, >> >> I am running into an issue mounting a Samba share from our Linux >> server. We are running Samba 4.8.8 on CentOS 7.6.1810. I have done a >> some testing, and I can't get the root cause of the error. >> >> Testing: >> >> CentOS 7.6 client -> Samba server, mounting fails - mount.cfs mount >> error(13): Permission denied >> CentOS 7.6 client -> Win10 desktop share, mounting works >> >> Fedora 29 client -> Samba server, mounting fails - mount.cfs mount >> error(13): Permission denied >> Fedora 29 client -> Win10 desktop share, mounting works >> > Are you using sssd ? > > If so, then I suggest asking on the sssd-users mailing list, Samba > isn't doing the authentication. > > If you aren't using sssd, then the Unix domain members smb.conf is > missing all the 'idmap config' lines, see here: > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Rowland >Thank you Rowland, We are not using sssd, I was handed this Samba server. It seems I some home work to do to make it work Paul
L.P.H. van Belle
2019-Apr-23 07:32 UTC
[Samba] mount.cfs mount error(13): Permission denied
Hai,> I am using the following command to mount the share. > > # mount -t cifs //xxxxxxxxxxxxxxxxxxxx/paulg /tmp/1 -o > user=paulg,uid=2381,gid=1000,sec=ntlmsspi > Password for paulg@//xxxxx/paulg: ********* > mount error(13): Permission denied > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > I tried the following security options. > sec=ntlmsspi > sec=ntlmssp > sec=ntlmv2 > sec=ntlmv2i > > With the same results.And in my opinion thats all correct. Of you gave to little info or you missed this part below. ;-) First, did you define the cifs SPN/UPN? Setup for a member : kinit Administrator net ads keytab add cifs/srv-a1.your.dnsdomain.tld -k ( optional : net ads keytab add root/srv-a1.your.dnsdomain.tld -k ) And make sure the cifs/spn is also listed in the AD. I set this manualy through ADUC. And i would try with just : mount -t cifs //xxxxxxxxxxxxxxxxxxxx/paulg /tmp/1 -o sec=ntlmsspi Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Paul > Griffith via samba > Verzonden: maandag 22 april 2019 20:01 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] mount.cfs mount error(13): Permission denied > > On 4/22/19 10:18 AM, Rowland Penny via samba wrote: > > On Mon, 22 Apr 2019 09:48:31 -0400 > > Paul Griffith via samba <samba at lists.samba.org> wrote: > > > >> Hi All, > >> > >> I am running into an issue mounting a Samba share > from our Linux > >> server. We are running Samba 4.8.8 on CentOS 7.6.1810. I > have done a > >> some testing, and I can't get the root cause of the error. > >> > >> Testing: > >> > >> CentOS 7.6 client -> Samba server, mounting fails - mount.cfs mount > >> error(13): Permission denied > >> CentOS 7.6 client -> Win10 desktop share, mounting works > >> > >> Fedora 29 client -> Samba server, mounting fails - > mount.cfs mount > >> error(13): Permission denied > >> Fedora 29 client -> Win10 desktop share, mounting works > >> > > Are you using sssd ? > > > > If so, then I suggest asking on the sssd-users mailing list, Samba > > isn't doing the authentication. > > > > If you aren't using sssd, then the Unix domain members smb.conf is > > missing all the 'idmap config' lines, see here: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > > Rowland > > > Thank you Rowland, > > We are not using sssd, I was handed this Samba server. It > seems I some > home work to do to make it work > > > Paul > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >