when trying to mount a share on linux client, mount command always fails with error -22(Invalid paramater) [root@sadiecl01vm306 ~]# mount -t cifs //serverfqdn/test_cifs /root/mntest/ -o username=sandy,domain=test.pipeline,sec=ntlmssp Password for sandy@//eagappacc303p3/test_cifs: *********** mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) Error from syslog- Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: Attempting to mount \\serverfqdn\test_cifs Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22 Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: VFS: cifs_mount failed w/return code = -22 If I dont specify sec=ntlmssp then i see the below error in syslog- Oct 16 07:01:37 sadiecl01vm306 kernel: CIFS: VFS: Unable to select appropriate authentication method! Oct 16 07:01:37 sadiecl01vm306 kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22 Oct 16 07:01:37 sadiecl01vm306 kernel: CIFS: VFS: cifs_mount failed w/return code = -22 smb.conf from server- [global] realm = test.pipeline netbios name = test01 server string = CIFS server workgroup = test max protocol = SMB3 min protocol = SMB2_02 durable handles = no security = ads preferred master = no domain master = no local master = no encrypt passwords = yes password server = 192.168.10.1 idmap uid = 4999-9999 idmap gid = 4999-9999 idmap backend = tdb allow trusted domains = no load printers = no printcap name = /dev/null disable spoolss = yes winbind enum users = no winbind enum groups = no winbind use default domain = no log level = 10 passdb:10 auth:10 winbind:3 log file = /var/log/samba/log.%m browseable = yes lanman auth = no ntlm auth = yes client ntlmv2 auth = yes reject md5 servers = yes obey pam restrictions = no kernel change notify = no ea support = no store dos attributes = no host msdfs = yes ldap admin dn = ldap suffix = ldap idmap suffix = ou=cifsidmap map to guest = Never unix extensions = no deadtime = 6 vfs objects = aio read size = 0 aio write size = 0 dfree cache time = 10 kernel share modes = no wide links = yes create mask = 0775 directory mask = 0775 guest account = nobody restrict anonymous = 1 server signing = mandatory pid directory = /run allocation roundup size = 0 interfaces = wins support = no passdb backend = smbpasswd kernel oplocks = no
(In reply to saurabh.singh from comment #0) The invalid argument is probably the 'domain=' , you appear to be using the dns domain and it should be the workgroup, try doing what the error message advises: Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) I would also fix your smb.conf, it contains several errors (see 'testparm -s) and you are putting all your users and groups into the default '*' domain, I would have expected to see lines like these: idmap config SAMDOM : backend = rid idmap config SAMDOM : range = 10000 - 9999999
(In reply to Rowland Penny from comment #1) I was trying with workgroup earlier but it was not working, i tried few other options that also didn't work. I then tried adding domain but that was also not working. I have tried sec=ntlmv2 and that also doesn't work. Here is the output of mount with workgroup- [root@linuxclient ~]# mount -t cifs //serverfqdn/test_cifs /root/mntest/ -o "user=sandy@test.pipeline,password=*******,workgroup=test,sec=ntlmssp" mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) [root@linuxclient ~]# Oct 17 04:46:59 linuxclient kernel: CIFS: Attempting to mount \\serverfqdn\test_cifs Oct 17 04:46:59 linuxclient kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER Oct 17 04:46:59 linuxclient kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22 Oct 17 04:46:59 linuxclient kernel: CIFS: VFS: cifs_mount failed w/return code = -22 These entries mentioned by you are already present in smb.conf on the server idmap config test:default = Yes idmap config test:range = 10000-1000000 idmap config test:backend = rid
smbclient -U "test.pipeline/sandy" -L "\\\\serverfqdn\\test_cifs" works fine and returns the list of cifs shares but mount doesn't work.
(In reply to saurabh.singh from comment #2) The problem is, it works for me on a Samba 4.18.8 client against a Samba 4.17.10 server Can you also point out the 'idmap config' lines in the smb.conf you posted earlier.
(In reply to saurabh.singh from comment #3) That also works for me, but I can mount the share. What OS is this ? What version of Samba ?
(In reply to Rowland Penny from comment #5) Server - RHEL 8.8, Client - RHEL 8.8 samba version is 4.18.3 on the server and 4.17.5 on client. In the smb.conf I had posted earlier, I think somehow I didn't copy the idmap lines and share configuration settings, hence they are not in the description/comment I had posted earlier. But when I confirmed on the server I can see that those entries are present in smb.conf file. Sharing the cifs share configuration from smb.conf on the server as well. [test_cifs] path=/dir1 guest ok=no writeable=yes valid users="test.pipeline\sandy" store dos attributes=yes ea support=yes vfs objects=acl_xattr msdfs root = yes msdfs proxy = \serverfqdn\_test_cifs$\ [_test_cifs$] path=/dir1 guest ok=no writeable=yes valid users="test.pipeline\sandy" store dos attributes=yes ea support=yes vfs objects=acl_xattr
(In reply to saurabh.singh from comment #6) Can you please post the full global section of the smb.conf from the server.
(In reply to Rowland Penny from comment #7) [global] realm = test.pipeline netbios name = test01 server string = CIFS server workgroup = test max protocol = SMB3 min protocol = SMB2_02 durable handles = no security = ads preferred master = no domain master = no local master = no encrypt passwords = yes password server = 192.168.10.1 idmap uid = 4999-9999 idmap gid = 4999-9999 idmap backend = tdb allow trusted domains = no load printers = no printcap name = /dev/null disable spoolss = yes winbind enum users = no winbind enum groups = no winbind use default domain = no log level = 10 passdb:10 auth:10 winbind:3 log file = /var/log/samba/log.%m browseable = yes lanman auth = no ntlm auth = yes client ntlmv2 auth = yes reject md5 servers = yes obey pam restrictions = no kernel change notify = no ea support = no store dos attributes = no host msdfs = yes ldap admin dn = ldap suffix = ldap idmap suffix = ou=cifsidmap map to guest = Never username map script = /cifs/username_map.pl add share command = /cifs/share_command add delete share command = /cifs/share_command delete change share command = /cifs/share_command change machine password timeout = 2147483647 unix extensions = no deadtime = 6 vfs objects = aio read size = 0 aio write size = 0 dfree cache time = 10 dfree command = /cifs/dfree.sh "%D" "%U" kernel share modes = no wide links = yes create mask = 0775 directory mask = 0775 guest account = nobody restrict anonymous = 1 server signing = mandatory pid directory = /run allocation roundup size = 0 template shell = /usr/bin/appshell idmap config test:default = Yes idmap config test:range = 10000-1000000 idmap config test:backend = rid interfaces = wins support = no passdb backend = smbpasswd kernel oplocks = no netbios aliases = include = /etc/samba/%i.smb.conf [test_cifs] path=/dir1 guest ok=no writeable=yes valid users="test.pipeline\sandy" store dos attributes=yes ea support=yes vfs objects=acl_xattr msdfs root = yes msdfs proxy = \serverfqdn\_test_cifs$\ [_test_cifs$] path=/dir1 guest ok=no writeable=yes valid users="test.pipeline\sandy" store dos attributes=yes ea support=yes vfs objects=acl_xattr
In the server logs for this client I do see this error- [2023/10/17 06:10:40.803082, 1, pid=3992824, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/spnego.c:292(gensec_spnego_server_try_fallback) Failed to parse SPNEGO request [2023/10/17 06:10:40.803102, 10, pid=3992824, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send) gensec_update_send: spnego[0x5606198354e0]: subreq: 0x56061983a410 [2023/10/17 06:10:40.803177, 4, pid=3992824, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:444(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2023/10/17 06:10:40.803204, 5, pid=3992824, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:543(gensec_update_done) gensec_update_done: spnego[0x5606198354e0]: NT_STATUS_INVALID_PARAMETER tevent_req[0x56061983a410/../../auth/gensec/spnego.c:1632]: state[3] error[-7963671676338569203 (0x917B5ACDC000000D)] state[struct gensec_spnego_update_state (0x56061983a5d0)] timer[(nil)] finish[../../auth/gensec/spnego.c:1713]
(In reply to saurabh.singh from comment #8) I upgraded the Samba server to 4.18.8 and tried again. If I used the dns domain with the 'domain=' option, I get this: sudo mount -t cifs //testdm12.samdom.example.com/testshare /srv/mntest/ -o username=rowland,domain=samdom.example.com,rw,sec=ntlmssp Password for rowland@//testdm12.samdom.example.com/testshare: mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) Okay, it isn't the error you are getting, but it doesn't work. If I use what I am supposed to use for the 'domain=' option, the workgroup, I get this: sudo mount -t cifs //testdm12.samdom.example.com/testshare /srv/mntest/ -o username=rowland,domain=samdom,rw,sec=ntlmssp Password for rowland@//testdm12.samdom.example.com/testshare: Or to put it another way, it works.
(In reply to Rowland Penny from comment #10) Tried by specifying workgroup in domain but doesn't work- [root@linuxclient ~]# mount -t cifs "\\\\serverfqdn\\cifs_pid2" /root/mntest/ -o "user=sandy@test.pipeline,password=*******,domain=test,sec=ntlmssp" mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) [root@linuxclient ~]# Oct 18 02:14:51 linuxclient kernel: CIFS: Attempting to mount \\serverfqdn\cifs_pid2 Oct 18 02:14:51 linuxclient kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER Oct 18 02:14:51 linuxclient kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22 Oct 18 02:14:51 linuxclient kernel: CIFS: VFS: cifs_mount failed w/return code = -22 [root@linuxclient ~]# mount -t cifs "\\\\eserverfqdn\\cifs_pid2" /root/mntest/ -o "user=sandy,password=*******,domain=test,sec=ntlmssp" mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) [root@sadiecl01vm306 ~]# Oct 18 02:15:04 linuxclient kernel: CIFS: Attempting to mount \\serverfqdn\cifs_pid2 Oct 18 02:15:04 linuxclient kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER Oct 18 02:15:04 linuxclient kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22 Oct 18 02:15:04 linuxclient kernel: CIFS: VFS: cifs_mount failed w/return code = -22
(In reply to saurabh.singh from comment #11) All that output appears to be coming from the kernel on the client, I suggest you examine your client, your problem does not appear to have anything to with Samba.
(In reply to saurabh.singh from comment #11) I have just noticed you are doing this: "user=sandy,password=*******,domain=test,sec=ntlmssp" That makes it just one option, so try it without the double quotes. I have also tried the commands from a Rocky 8 client and I get the same results, it doesn't work with the dns domain, but it does with the workgroup.
(In reply to Rowland Penny from comment #13) I have tried all combinations i.e removing quotes, adding single/double quotes, all combinations of workgroup vs domain and combinations of username. I tried mounting the share from 3 different RHEL clients, but mount is failing with the same error. It has something to do with the server rejecting the mount request as invalid rather than client. I am able to use smbclient from the same client to access the share. [root@linuxclient ~]# smbclient -m smb3 \\\\serverfqdn\\cifs_pid -U test.pipeline/sandy Password for [test.pipeline\sandeep]: Try "help" to get a list of possible commands. smb: \> ls -d NT_STATUS_NO_SUCH_FILE listing \-d smb: \> ls . D 0 Fri Oct 20 03:35:12 2023 .. D 0 Fri Oct 20 02:14:44 2023 1073741824 blocks of size 1024. 1005770271 blocks available smb: \> not able to understand why mount is not working?
Anything that can be done to debug this issue further ?
(In reply to saurabh.singh from comment #15) Not from my point of view, even using your strange smb.conf altered for my set up (basically just names), I can easily mount a share. I would do what Volker has suggested on one of your other bug reports, get someone to look at your setup. Having three bug reports open on the same network is unusual to say the least.
this also works for me - please move further discussion to the samba mailing list or consult commercial support from https://www.samba.org/samba/support/ . We don't want to use Bugzilla to help analyzing individual setup problems but use it strictly a bug tracking tool.