Bug 5357 - mount error 13 after successful authentication
Summary: mount error 13 after successful authentication
Status: RESOLVED FIXED
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: kernel fs (show other bugs)
Version: 2.4
Hardware: PPC Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-27 14:29 UTC by miketosh
Modified: 2009-05-13 16:23 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description miketosh 2008-03-27 14:29:18 UTC
##### BACKGROUND #####

When using mount.cifs, I get a permission denied error 13.  On the windows 2003 server, I can see a successful logon and logoff as my user coming from the linux machine running samba.  I am running mount.cifs (and mount -t cifs) as root, although I've also run it as a local linux user directly and via sudo.  I must be doing something wrong.

Windows server (ad domain controller) local security policy is set to Send NT and NTLM, Using NTLMv2 if negotiated.


HELP!!!!!!!!!!!!
Thanks,
Mike Tosh


##### CAN VIEW, BUT NOT MAP, VIA SMB #####

# smbclient -V
Version 3.0.28-0.1.95-1624-SUSE-SLES9

# smbclient -L //server/share -A.cifs_creds
WARNING: The "printer admin" option is deprecated
Domain=[DOMAIN] OS=[Windows Server 2003 3790 Service Pack 2]
Server=[Windows Server 2003 5.2]

        Sharename       Type      Comment
        ---------       ----      -------
        share           Disk      Share for everyone

# smbmount //server/share /mnt/share/ -o credentials=.cifs_creds
WARNING: The "printer admin" option is deprecated
cli_negprot: SMB signing is mandatory and we have disabled it.
7959: protocol negotiation failed
SMB connection failed


##### ERROR 13 (PERMISSION DENIED) USING CIFS: ######

# mount -t cifs //server/share /mnt/share -o credentials=.cifs_creds
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

# mount.cifs //server/share /mnt/share -o credentials=.cifs_creds
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

#cat .cifs_creds
username=remoteuser
password=remotepass
domain=DOMAIN

# mount -v -t cifs //server/share /mnt/share -o credentials=.cifs_creds
parsing options: rw,credentials=.cifs_creds

Domain W2K3ADDOMAIN


mount.cifs kernel mount options
unc=//server\share,ip=10.x.x.x,user=remoteuser,domain=DOMAIN,pass=
remotepass,ver=1,rw,credentials=/root/.cifs_creds
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

linuxserver:/var/log # grep CIFS messages warn
warn:Mar 26 12:03:08 proto2 kernel:  CIFS VFS: cifs_mount failed
w/return code = -13
warn:Mar 26 12:03:39 proto2 kernel:  CIFS VFS: cifs_mount failed
w/return code = -13


##### LOGS ON SERVER (and it's a DOMAIN CONTROLLER) #####
Successful Network Logon:
 	User Name:	remoteuser
 	Domain:		DOMAIN
 	Logon ID:		(0x0,0x20544132)
 	Logon Type:	3
 	Logon Process:	NtLmSsp 
 	Authentication Package:	NTLM
 	Workstation Name:	\\10.x.x.x (IP of linux box)
 	Source Network Address:	10.x.x.x (IP of linux box)

##### Then immediately after I see: #####
User Logoff:
 	User Name:	remoteuser
 	Domain:		W2K3ADDOMAIN
 	Logon ID:		(0x0,0x20544132)
 	Logon Type:	3
Comment 1 Ben Smith 2008-07-03 16:08:35 UTC
I am all of a sudden receiving similar errors attempting to mount a w2k3 share with CIFS.  This was working fine for several months.  But I believe the server admin has enabled additional restrictions recently.

Mounting with smbfs has never worked due to the same error you show.  Smbclient continues to work fine, however.

# mount -tcifs '//123.45.6.7/Share' /mnt/drive -o username=ben,password=foobar

# dmesg|tail
 CIFS VFS: Unexpected SMB signature
Status code returned 0xc0000070 NT_STATUS_INVALID_WORKSTATION
 CIFS VFS: Send error in SessSetup = -13
 CIFS VFS: cifs_mount failed w/return code = -13

-Ben

(In reply to comment #0)
> ##### BACKGROUND #####
> 
> When using mount.cifs, I get a permission denied error 13.  On the windows 2003
> server, I can see a successful logon and logoff as my user coming from the
> linux machine running samba.  I am running mount.cifs (and mount -t cifs) as
> root, although I've also run it as a local linux user directly and via sudo.  I
> must be doing something wrong.
> 
> Windows server (ad domain controller) local security policy is set to Send NT
> and NTLM, Using NTLMv2 if negotiated.
> 
> 
> HELP!!!!!!!!!!!!
> Thanks,
> Mike Tosh
> 
> 
> ##### CAN VIEW, BUT NOT MAP, VIA SMB #####
> 
> # smbclient -V
> Version 3.0.28-0.1.95-1624-SUSE-SLES9
> 
> # smbclient -L //server/share -A.cifs_creds
> WARNING: The "printer admin" option is deprecated
> Domain=[DOMAIN] OS=[Windows Server 2003 3790 Service Pack 2]
> Server=[Windows Server 2003 5.2]
> 
>         Sharename       Type      Comment
>         ---------       ----      -------
>         share           Disk      Share for everyone
> 
> # smbmount //server/share /mnt/share/ -o credentials=.cifs_creds
> WARNING: The "printer admin" option is deprecated
> cli_negprot: SMB signing is mandatory and we have disabled it.
> 7959: protocol negotiation failed
> SMB connection failed
> 
> 
> ##### ERROR 13 (PERMISSION DENIED) USING CIFS: ######
> 
> # mount -t cifs //server/share /mnt/share -o credentials=.cifs_creds
> mount error 13 = Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> 
> # mount.cifs //server/share /mnt/share -o credentials=.cifs_creds
> mount error 13 = Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> 
> #cat .cifs_creds
> username=remoteuser
> password=remotepass
> domain=DOMAIN
> 
> # mount -v -t cifs //server/share /mnt/share -o credentials=.cifs_creds
> parsing options: rw,credentials=.cifs_creds
> 
> Domain W2K3ADDOMAIN
> 
> 
> mount.cifs kernel mount options
> unc=//server\share,ip=10.x.x.x,user=remoteuser,domain=DOMAIN,pass=
> remotepass,ver=1,rw,credentials=/root/.cifs_creds
> mount error 13 = Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> 
> linuxserver:/var/log # grep CIFS messages warn
> warn:Mar 26 12:03:08 proto2 kernel:  CIFS VFS: cifs_mount failed
> w/return code = -13
> warn:Mar 26 12:03:39 proto2 kernel:  CIFS VFS: cifs_mount failed
> w/return code = -13
> 
> 
> ##### LOGS ON SERVER (and it's a DOMAIN CONTROLLER) #####
> Successful Network Logon:
>         User Name:      remoteuser
>         Domain:         DOMAIN
>         Logon ID:               (0x0,0x20544132)
>         Logon Type:     3
>         Logon Process:  NtLmSsp 
>         Authentication Package: NTLM
>         Workstation Name:       \\10.x.x.x (IP of linux box)
>         Source Network Address: 10.x.x.x (IP of linux box)
> 
> ##### Then immediately after I see: #####
> User Logoff:
>         User Name:      remoteuser
>         Domain:         W2K3ADDOMAIN
>         Logon ID:               (0x0,0x20544132)
>         Logon Type:     3
> 

Comment 2 Daniele Antolini 2009-01-13 04:17:41 UTC
I tried to mount a samba partition on a NAS with CIFS but I'd the same problem. I resolved it in this way: I replaced kernel from 2.6.18-92.1.22 (modinfo cifs.ko: 1.50) to 2.6.18-53 (modinfo cifs.ko: 1.48aRH) and using sec=krb5, now it works!!!
 
Comment 3 shirishpargaonkar@gmail.com 2009-03-20 09:15:37 UTC
I think this is something specific to your setup because I mount shares
from a Windows 2003 server all the time.

Are you able to run smbclient like this and list the contents (dir command
in smbclient shell)
 smbclient //server_name/share_name -U user_name

You can also turn on cifs debugging by doing
 dmesg -c
 echo 7 > /proc/fs/cifs/cifsFYI
 do the mount
 send the output of the dmesg command

You can also capture either a tcpdump or wireshark trace during mount and 
send that.
Comment 4 Steve French 2009-05-13 16:23:54 UTC
The second error looks straightforward:

"Status code returned 0xc0000070 NT_STATUS_INVALID_WORKSTATION"

Would mean that the administrator of your server restricted which workstations are allowed to access this server (note that the workstation name can be overridden on the client in some cases (e.g. you might try to use "port=139" and specify the client's netbiosname "netbiosname=the-right-client-name")

You may have to enable signing (e.g. specifying mount option sec=ntlmv2i or sec=krb5i) based on your unrelated smbclient message indicating signing is required.