Bug 15496 - mounting a samba share on redhat fails with error -22(Invalid parameter)
Summary: mounting a samba share on redhat fails with error -22(Invalid parameter)
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.18.3
Hardware: x64 Linux
: P5 critical (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-16 14:10 UTC by saurabh.singh
Modified: 2023-11-01 20:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description saurabh.singh 2023-10-16 14:10:23 UTC
when trying to mount a share on linux client, mount command always fails with error -22(Invalid paramater)
[root@sadiecl01vm306 ~]# mount -t cifs //serverfqdn/test_cifs /root/mntest/ -o username=sandy,domain=test.pipeline,sec=ntlmssp
Password for sandy@//eagappacc303p3/test_cifs:  ***********
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Error from syslog-
Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: Attempting to mount \\serverfqdn\test_cifs
Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER
Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22
Oct 16 06:58:18 sadiecl01vm306 kernel: CIFS: VFS: cifs_mount failed w/return code = -22

If I dont specify sec=ntlmssp then i see the below error in syslog-
Oct 16 07:01:37 sadiecl01vm306 kernel: CIFS: VFS: Unable to select appropriate authentication method!
Oct 16 07:01:37 sadiecl01vm306 kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22
Oct 16 07:01:37 sadiecl01vm306 kernel: CIFS: VFS: cifs_mount failed w/return code = -22

smb.conf from server-

[global]
    realm = test.pipeline
netbios name = test01
    server string = CIFS server
    workgroup = test
    max protocol = SMB3
    min protocol = SMB2_02
    durable handles = no
    security = ads
    preferred master = no
domain master = no
    local master = no
    encrypt passwords = yes
    password server = 192.168.10.1
    idmap uid = 4999-9999
    idmap gid = 4999-9999
    idmap backend = tdb
    allow trusted domains = no
    load printers = no
    printcap name = /dev/null
    disable spoolss = yes
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = no
    log level = 10 passdb:10 auth:10 winbind:3
    log file = /var/log/samba/log.%m
    browseable = yes
    lanman auth = no
    ntlm auth = yes
    client ntlmv2 auth = yes
    reject md5 servers = yes
    obey pam restrictions = no
    kernel change notify = no
    ea support = no
    store dos attributes = no
    host msdfs = yes
    ldap admin dn =
    ldap suffix =
    ldap idmap suffix = ou=cifsidmap
    map to guest = Never
    unix extensions = no
    deadtime = 6
    vfs objects =
    aio read size = 0
    aio write size = 0
    dfree cache time = 10
    kernel share modes = no
    wide links = yes
    create mask =  0775
    directory mask =  0775
    guest account = nobody
    restrict anonymous = 1
    server signing = mandatory
    pid directory =  /run
    allocation roundup size =  0
interfaces =
wins support = no
  passdb backend = smbpasswd
  kernel oplocks = no
Comment 1 Rowland Penny 2023-10-17 10:52:37 UTC
(In reply to saurabh.singh from comment #0)
The invalid argument is probably the 'domain=' , you appear to be using the dns domain and it should be the workgroup, try doing what the error message advises:

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

I would also fix your smb.conf, it contains several errors (see 'testparm -s) and you are putting all your users and groups into the default '*' domain, I would have expected to see lines like these:

        idmap config SAMDOM : backend = rid
        idmap config SAMDOM : range = 10000 - 9999999
Comment 2 saurabh.singh 2023-10-17 12:06:55 UTC
(In reply to Rowland Penny from comment #1)
I was trying with workgroup earlier but it was not working, i tried few other options that also didn't work. I then tried adding domain but that was also not working. I have tried sec=ntlmv2 and that also doesn't work.

Here is the output of mount with workgroup-

[root@linuxclient ~]# mount -t cifs //serverfqdn/test_cifs /root/mntest/ -o "user=sandy@test.pipeline,password=*******,workgroup=test,sec=ntlmssp"
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
[root@linuxclient ~]# Oct 17 04:46:59 linuxclient kernel: CIFS: Attempting to mount \\serverfqdn\test_cifs
Oct 17 04:46:59 linuxclient kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER
Oct 17 04:46:59 linuxclient kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22
Oct 17 04:46:59 linuxclient kernel: CIFS: VFS: cifs_mount failed w/return code = -22

These entries mentioned by you are already present in smb.conf on the server
    idmap config test:default = Yes
    idmap config test:range = 10000-1000000
    idmap config test:backend = rid
Comment 3 saurabh.singh 2023-10-17 12:25:15 UTC
smbclient -U "test.pipeline/sandy" -L "\\\\serverfqdn\\test_cifs" works fine and returns the list of cifs shares but mount doesn't work.
Comment 4 Rowland Penny 2023-10-17 13:18:30 UTC
(In reply to saurabh.singh from comment #2)
The problem is, it works for me on a Samba 4.18.8 client against a Samba 4.17.10 server

Can you also point out the 'idmap config' lines in the smb.conf you posted earlier.
Comment 5 Rowland Penny 2023-10-17 13:23:52 UTC
(In reply to saurabh.singh from comment #3)
That also works for me, but I can mount the share.

What OS is this ?
What version of Samba ?
Comment 6 saurabh.singh 2023-10-17 14:25:40 UTC
(In reply to Rowland Penny from comment #5)
Server - RHEL 8.8, Client - RHEL 8.8

samba version is 4.18.3 on the server and 4.17.5 on client.

In the smb.conf I had posted earlier, I think somehow I didn't copy the idmap lines and share configuration settings, hence they are not in the description/comment I had posted earlier. But when I confirmed on the server I can see that those entries are present in smb.conf file.

Sharing the cifs share configuration from smb.conf on the server as well.

[test_cifs]
    path=/dir1
    guest ok=no
    writeable=yes
    valid users="test.pipeline\sandy"
    store dos attributes=yes
    ea support=yes
    vfs objects=acl_xattr
    msdfs root = yes
    msdfs proxy = \serverfqdn\_test_cifs$\

[_test_cifs$]
    path=/dir1
    guest ok=no
    writeable=yes
    valid users="test.pipeline\sandy"
    store dos attributes=yes
    ea support=yes
    vfs objects=acl_xattr
Comment 7 Rowland Penny 2023-10-17 15:47:02 UTC
(In reply to saurabh.singh from comment #6)
Can you please post the full global section of the smb.conf from the server.
Comment 8 saurabh.singh 2023-10-17 16:16:45 UTC
(In reply to Rowland Penny from comment #7)
[global]
    realm = test.pipeline
netbios name = test01
    server string = CIFS server
    workgroup = test
    max protocol = SMB3
    min protocol = SMB2_02
    durable handles = no
    security = ads
    preferred master = no
domain master = no
    local master = no
    encrypt passwords = yes
    password server = 192.168.10.1
    idmap uid = 4999-9999
    idmap gid = 4999-9999
    idmap backend = tdb
    allow trusted domains = no
    load printers = no
    printcap name = /dev/null
    disable spoolss = yes
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = no
    log level = 10 passdb:10 auth:10 winbind:3
    log file = /var/log/samba/log.%m
    browseable = yes
    lanman auth = no
    ntlm auth = yes
    client ntlmv2 auth = yes
    reject md5 servers = yes
    obey pam restrictions = no
    kernel change notify = no
    ea support = no
    store dos attributes = no
    host msdfs = yes
    ldap admin dn =
    ldap suffix =
    ldap idmap suffix = ou=cifsidmap
    map to guest = Never
    username map script = /cifs/username_map.pl
    add share command = /cifs/share_command add
    delete share command = /cifs/share_command delete
    change share command = /cifs/share_command change
    machine password timeout = 2147483647
    unix extensions = no
    deadtime = 6
    vfs objects =
    aio read size = 0
    aio write size = 0
    dfree cache time = 10
    dfree command = /cifs/dfree.sh "%D" "%U"
    kernel share modes = no
    wide links = yes
    create mask =  0775
    directory mask =  0775
    guest account = nobody
    restrict anonymous = 1
    server signing = mandatory
    pid directory =  /run
    allocation roundup size =  0
    template shell =  /usr/bin/appshell
    idmap config test:default = Yes
    idmap config test:range = 10000-1000000
    idmap config test:backend = rid
interfaces =
wins support = no
  passdb backend = smbpasswd
  kernel oplocks = no
netbios aliases =
  include = /etc/samba/%i.smb.conf


[test_cifs]
    path=/dir1
    guest ok=no
    writeable=yes
    valid users="test.pipeline\sandy"
    store dos attributes=yes
    ea support=yes
    vfs objects=acl_xattr
    msdfs root = yes
    msdfs proxy = \serverfqdn\_test_cifs$\

[_test_cifs$]
    path=/dir1
    guest ok=no
    writeable=yes
    valid users="test.pipeline\sandy"
    store dos attributes=yes
    ea support=yes
    vfs objects=acl_xattr
Comment 9 saurabh.singh 2023-10-17 16:18:53 UTC
In the server logs for this client I do see this error-

[2023/10/17 06:10:40.803082,  1, pid=3992824, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/spnego.c:292(gensec_spnego_server_try_fallback)
  Failed to parse SPNEGO request
[2023/10/17 06:10:40.803102, 10, pid=3992824, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:456(gensec_update_send)
  gensec_update_send: spnego[0x5606198354e0]: subreq: 0x56061983a410
[2023/10/17 06:10:40.803177,  4, pid=3992824, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:444(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2023/10/17 06:10:40.803204,  5, pid=3992824, effective(0, 0), real(0, 0), class=auth] ../../auth/gensec/gensec.c:543(gensec_update_done)
  gensec_update_done: spnego[0x5606198354e0]: NT_STATUS_INVALID_PARAMETER tevent_req[0x56061983a410/../../auth/gensec/spnego.c:1632]: state[3] error[-7963671676338569203 (0x917B5ACDC000000D)]  state[struct gensec_spnego_update_state (0x56061983a5d0)] timer[(nil)] finish[../../auth/gensec/spnego.c:1713]
Comment 10 Rowland Penny 2023-10-18 07:37:55 UTC
(In reply to saurabh.singh from comment #8)
I upgraded the Samba server to 4.18.8 and tried again.

If I used the dns domain with the 'domain=' option, I get this:

sudo mount -t cifs //testdm12.samdom.example.com/testshare /srv/mntest/ -o username=rowland,domain=samdom.example.com,rw,sec=ntlmssp
Password for rowland@//testdm12.samdom.example.com/testshare: 
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Okay, it isn't the error you are getting, but it doesn't work.

If I use what I am supposed to use for the 'domain=' option, the workgroup, I get this:

sudo mount -t cifs //testdm12.samdom.example.com/testshare /srv/mntest/ -o username=rowland,domain=samdom,rw,sec=ntlmssp
Password for rowland@//testdm12.samdom.example.com/testshare:

Or to put it another way, it works.
Comment 11 saurabh.singh 2023-10-18 09:23:42 UTC
(In reply to Rowland Penny from comment #10)
Tried by specifying workgroup in domain but doesn't work-

[root@linuxclient ~]# mount -t cifs "\\\\serverfqdn\\cifs_pid2" /root/mntest/ -o "user=sandy@test.pipeline,password=*******,domain=test,sec=ntlmssp"
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
[root@linuxclient ~]# Oct 18 02:14:51 linuxclient kernel: CIFS: Attempting to mount \\serverfqdn\cifs_pid2
Oct 18 02:14:51 linuxclient kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER
Oct 18 02:14:51 linuxclient kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22
Oct 18 02:14:51 linuxclient kernel: CIFS: VFS: cifs_mount failed w/return code = -22

[root@linuxclient ~]# mount -t cifs "\\\\eserverfqdn\\cifs_pid2" /root/mntest/ -o "user=sandy,password=*******,domain=test,sec=ntlmssp"
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
[root@sadiecl01vm306 ~]# Oct 18 02:15:04 linuxclient kernel: CIFS: Attempting to mount \\serverfqdn\cifs_pid2
Oct 18 02:15:04 linuxclient kernel: CIFS: Status code returned 0xc000000d STATUS_INVALID_PARAMETER
Oct 18 02:15:04 linuxclient kernel: CIFS: VFS: \\serverfqdn Send error in SessSetup = -22
Oct 18 02:15:04 linuxclient kernel: CIFS: VFS: cifs_mount failed w/return code = -22
Comment 12 Rowland Penny 2023-10-18 14:06:54 UTC
(In reply to saurabh.singh from comment #11)
All that output appears to be coming from the kernel on the client, I suggest you examine your client, your problem does not appear to have anything to with Samba.
Comment 13 Rowland Penny 2023-10-18 15:37:13 UTC
(In reply to saurabh.singh from comment #11)
I have just noticed you are doing this:

"user=sandy,password=*******,domain=test,sec=ntlmssp"

That makes it just one option, so try it without the double quotes.

I have also tried the commands from a Rocky 8 client and I get the same results, it doesn't work with the dns domain, but it does with the workgroup.
Comment 14 saurabh.singh 2023-10-20 10:55:42 UTC
(In reply to Rowland Penny from comment #13)
I have tried all combinations i.e removing quotes, adding single/double quotes, all combinations of workgroup vs domain and combinations of username. I tried mounting the share from 3 different RHEL clients, but mount is failing with the same error. It has something to do with the server rejecting the mount request as invalid rather than client.

I am able to use smbclient from the same client to access the share.

[root@linuxclient ~]# smbclient -m smb3  \\\\serverfqdn\\cifs_pid -U test.pipeline/sandy
Password for [test.pipeline\sandeep]:
Try "help" to get a list of possible commands.
smb: \> ls -d
NT_STATUS_NO_SUCH_FILE listing \-d
smb: \> ls
  .                                   D        0  Fri Oct 20 03:35:12 2023
  ..                                  D        0  Fri Oct 20 02:14:44 2023

                1073741824 blocks of size 1024. 1005770271 blocks available
smb: \>

not able to understand why mount is not working?
Comment 15 saurabh.singh 2023-10-30 11:34:26 UTC
Anything that can be done to debug this issue further ?
Comment 16 Rowland Penny 2023-10-31 09:25:53 UTC
(In reply to saurabh.singh from comment #15)
Not from my point of view, even using your strange smb.conf altered for my set up (basically just names), I can easily mount a share.

I would do what Volker has suggested on one of your other bug reports, get someone to look at your setup.

Having three bug reports open on the same network is unusual to say the least.
Comment 17 Björn Jacke 2023-11-01 20:10:00 UTC
this also works for me - please move further discussion to the samba mailing list or consult commercial support from https://www.samba.org/samba/support/ . We don't want to use Bugzilla to help analyzing individual setup problems but use it strictly a bug tracking tool.