mount.cifs on 13.04 fails to mount a samba share with 13: Permission Denied

dmesg:
[ 1981.928924] FS-Cache: Loaded
[ 1981.986392] FS-Cache: Netfs 'cifs' registered for caching
[ 1981.986826] Key type cifs.spnego registered
[ 1981.986868] Key type cifs.idmap registered
[ 1991.507966] CIFS VFS: Send error in SessSetup = -13
[ 1991.508425] CIFS VFS: cifs_mount failed w/return code = -13

mount.cifs:

mount.cifs kernel mount options: ip=192.168.1.104,unc=\\192.168.1.104\stuff,forceuid,uid=1000,gid=1000,user=admin,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The same mount.cifs works on Ubuntu 12.10 and lower.

Okay, no matter what password I enter, mount.cifs fails with a non-informative moronic error 13, which renders mount.cifs totally useless. Is there another way to mount a samba share, as smbmount is no longer available?

I tried to change the password on server to various simple strings, mount.cifs still rejects to mount them

Note that both Krusader KIO and smbclient works correctly. I tried to enable more verbose debug messages via /proc/fs/cifs/cifsFYI:

[ 3714.113990] /build/buildd/linux-3.8.0/fs/cifs/cifsfs.c: Devname: //192.168.1.104/stuff flags: 0
[ 3714.114087] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Username: admin
[ 3714.114102] /build/buildd/linux-3.8.0/fs/cifs/connect.c: file mode: 0x1ed dir mode: 0x1ed
[ 3714.114398] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 26 with uid: 0
[ 3714.114410] /build/buildd/linux-3.8.0/fs/cifs/connect.c: UNC: \\192.168.1.104\stuff
[ 3714.114471] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Socket created
[ 3714.114486] /build/buildd/linux-3.8.0/fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
[ 3714.117756] /build/buildd/linux-3.8.0/fs/cifs/fscache.c: cifs_fscache_get_client_cookie: (0xe7a8a800/0xe7879120)
[ 3714.117783] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 27 with uid: 0
[ 3714.117793] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Existing smb sess not found
[ 3714.117821] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: secFlags 0x81
[ 3714.117834] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: NTLMSSP only mechanism, enable extended security
[ 3714.117851] /build/buildd/linux-3.8.0/fs/cifs/transport.c: For smb_command 114
[ 3714.117864] /build/buildd/linux-3.8.0/fs/cifs/transport.c: Sending smb: smb_len=78
[ 3714.117986] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Demultiplex PID: 16733
[ 3714.176314] /build/buildd/linux-3.8.0/fs/cifs/connect.c: RFC1002 header 0x61
[ 3714.176373] /build/buildd/linux-3.8.0/fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
[ 3714.176386] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: Dialect: 2
[ 3714.176393] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: negprot rc 0
[ 3714.176400] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -3600
[ 3714.176405] /build/buildd/linux-3.8.0/fs/cifs/sess.c: sess setup type 3
[ 3714.176414] /build/buildd/linux-3.8.0/fs/cifs/sess.c: ntlmssp session setup phase 1
[ 3714.176424] /build/buildd/linux-3.8.0/fs/cifs/transport.c: For smb_command 115
[ 3714.176429] /build/buildd/linux-3.8.0/fs/cifs/transport.c: Sending smb: smb_len=204
[ 3714.178032] /build/buildd/linux-3.8.0/fs/cifs/connect.c: RFC1002 header 0x23
[ 3714.178073] /build/buildd/linux-3.8.0/fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
[ 3714.178083] /build/buildd/linux-3.8.0/fs/cifs/netmisc.c: Mapping smb error code 0x50001 to POSIX err -13
[ 3714.178089] /build/buildd/linux-3.8.0/fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
[ 3714.178096] /build/buildd/linux-3.8.0/fs/cifs/sess.c: ssetup freeing small buf c71f3d40
[ 3714.178101] CIFS VFS: Send error in SessSetup = -13
[ 3714.178111] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 27) rc = -13
[ 3714.178128] /build/buildd/linux-3.8.0/fs/cifs/fscache.c: cifs_fscache_release_client_cookie: (0xe7a8a800/0xe7879120)
[ 3714.178383] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 26) rc = -13
[ 3714.17...

cifs-utils version: 2:5.5-1ubuntu1

Status changed to 'Confirmed' because the bug affects multiple users.

Adding sec=lanman to my mount options works for me, might be worth a shot.

Using SimonH's suggestion to use sec=lanman, it works for me now when using guest (ie, no password) Samba mounting.

Thank you for your tip, adding the "sec=lanman" option to the list of options fixed the problem for me. Note that this security option is not listed in man mount.cifs... Anyway, thanks again!

Yes! I can confirm too, sec=lanman works but now I'd like to know why ;-)

I ran across this issue today and found that when the cifs.ko module is loaded /proc/fs/cifs/SecurityFlags is set differently (0x81) than previous versions of Ubuntu (0x7). Changing the parameter allowed me to connect properly:

echo 0x7 > /proc/fs/cifs/SecurityFlags
cat /proc/fs/cifs/SecurityFlags

The following explains the use of the parameter: https://www.kernel.org/doc/readme/fs-cifs-README

I did a bit of searching, but wasn't able to find a clean way of setting it at boot since on this system I'm not sure that the cifs module will be loaded at boot. I haven't looked at the source, but I'm guessing it's hard coded.

Not that it's relevant here, but my need for the functionality was so XCP could properly mount CIFS shares. To solve my issue, since I couldn't do it at boot, was to patch /usr/lib/xcp/xm/ISOSR.py with the following patch:

--- ISOSR.py.orig 2013-04-09 21:46:13.734220000 -0600
+++ ISOSR.py 2013-04-09 21:46:13.734220000 -0600
@@ -264,6 +264,9 @@
             f.write("username=%s\npassword=%s\n" % (username,password))
             f.close()
             credentials = "credentials=%s" % self.credentials
+ f = open('/proc/fs/cifs/SecurityFlags', 'w')
+ f.write('0x7')
+ f.close()
             mountcmd.extend(["-o", credentials])

     def _cleanupcredentials(self):

Hope this helps.

for me as sec = lanman is ok.

Thank you Simon H

This bug also affected me after upgrading from Kubuntu 12.10 to 13.04. I have been unable to get sec=lanman to work, but changing the value of /proc/fs/cifs/SecurityFlags to 0x7 does work. I would very much like to find a way to change the value at boot or fix the bug.

The sec=lanman didn't work for me, however sec=ntlm did.

Apparently Linux 3.8 dropped support for ntlm.

https://bbs.archlinux.org/viewtopic.php?id=159915

None of the above works for me.
I have changed the sec options to lanman, ntlm, ntlmv2. I have cnaged the security flags as above.
 I cannot even write to the SMB share by browsing the network to the windows share.
I can read all mounted shares, which is OK, but I backup over the network and haven't have a backup for ages now.

Any help appreciated.

sec=ntlm works for me. mount.cifs sould provide a more informative message

sec=ntlm ok for me. lanman nok.

I have tried sec=lanman sec=ntlm sec=ntlmv2 so far, and all these options work for me, so I decided to use sec=ntlmv2

However I get mount error(5) with sec=none, and this is the same error I get without sec.

sec=ntlm works a bit for me, but i could not get write access (for not root users) i am using

//10.10.1.12/andi /media/nas cifs credentials=/root/****,file_mode=0777,dir_mode=0777,sec=ntlm

in /etc/fstab. On 12.10 it works as it should (read an write access to my normal user), i also tried to add "uid=1000" but with no success.

Helo,

the "guest, sec=ntlmv2" work for me.

(client Ubuntu 13.04 x64 with server Ubuntu 12.04 x64 )

//IP/winshare /media/winshare cifs users,noauto,sec=lanman,passwd= 0 0

adding "sec=lanman" worked :)

Xubuntu 13.04 64Bit

I have the following line in my /etc/fstab:

//campus01/mtozses /mnt/t cifs credentials=/root/.mtozses,uid=3339,gid=500,sec=ntlm 0 0

and it didn't work. I tried lanman as well.

Ubuntu 13.04 32 bit

Yes, sec=lanman helps me! Thank you!

+1 for sec=lanman, thanks for the workaround. Server in our case is smbd off Debian Unstable using guest-only access.

it works fine with the new Ubuntu 13.10 saucy.

I am trying with 13.10 and the command that used to work with 13.04 has now stopped working. I tried with sec=lanman,ntlm,ntlmv2 and it either does not work and gives the useless error

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Or it gives with sec=lanman
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

I also could not sudo echo 0x7 > /proc/fs/cifs/SecurityFlags because it said Permission denied. Regardless while the miunt command used to work in 13.04 it does not work on 13.10

I had similar problems accessing a server in a domain and using a credential file. I solved the problem by specifying the domainname separatly (and not like before as part of the username.)

In the older Ubuntu (10.4) I had something like:
sudo mount -t cifs //MyServer/MyShare /mnt -o user=MyDomain\MyName,password=AskTheNSA

Now in 13.10 it did no longer work and I had to change it to:
sudo mount -t cifs //MyServer/MyShare /mnt -o domain=MyDomain,user=MyName,password=AskTheNSA

So if you are still not lucky to mount your share you might give this a try. If your server is not part of a domain, you might be lucky specifying your workgroup ...

For other people stumbling across this thread: the sec=lanman solution also works for my setup using xubuntu 14.04....

I had this issue in 14.04 and specifying the domain seperatly fixed it for me. Here is my /etc/fstab entry

//SERVER.DOMAIN.TLD/SHARE /LOCAL_MOUNT_LOCATION cifs sec=ntlm,domain=DOMAIN,credentials=/root/.servercred,iocharset=utf8,file_mode=0777,dir_mode=0777 0

On 14.04 specifying the domain separately does work also for me. Thanks.

The error message is just based on the errno (13), so it's hard for mount.cifs to modify that. We should update the manpage to mention sec=lanman though.

I had a similiar problem. If I remove the values for pass at the end of the individual shares being mounted in /etc/fstab I am able to mount my shares correctly. It also seems to work if your remove the dump value at the end of the line as well. Before attempting this, I tried everything in this bug report with nothing being mounted and always having a Permission Denied (13) error.

I hope this helps someone.

I have had this problem on various networks which needed samba filesharing services from an Ubuntu or LinuxMint-based file server.

In every case, while the user's samba account had a password and allowed browsing (and manipulating files) of a share through a file manager, fstab mounts did not work.

This is regardless of having set sec=ntlm or sec=ntlmv2 or sec=ntlmssp or any of the various other options typically offered as a "solution" (i.e. such as setting the file_mode or user or gid)

In every case the solution for our installations has ended up being the same: reset the samba user's password and the mount works, regardless of setting options!

I'm not sure what happens when the password is "inherited/converted" from the user's Linux account, but there seems to be a significant problem there, notwithstanding the ability to browse (not mount) a samba share.

Perhaps this approach will help you with your fstab samba mounting challenge. I hope so and good luck.

I likely ran into this bug after having upgraded from ubuntu 12.04 to ubuntu 14.04.

root@my-host:~# mount -t cifs -o username=my-username,password=my-password //192.168.0.123/C\$ /mnt/point
mount: block device //192.168.0.123/C$ is write-protected, mounting read-only
mount: cannot mount block device //192.168.0.123/C$ read-only
root@my-host:~#

This worked on 12.04 without problems.

Specifying the domain separately solved it for me, too.

Migrating from Ubuntu 12.04LTS to 16.04LTS also brokes cifs mount for me. I was having following in my fstab file:

/192.168.10.1/server_share/ /mnt/my_point cifs iocharacterset=utf8,sec=ntlm,credentials=/home/kruno/.smbcredentials,uid=1000,gid=1000 0 0

As I read elsewhere you need to separate username and domain in credential file. I did that too. Still having permission denied errror when try to use "mount -a" command

I also tried to put username, domain and password directly in fstab command. Same errror.
I'm sure that username and password is correct, because following command properly mount drive:

mount -t cifs //192.168.10.1/server_share/ /mnt/my_point -o username=my-username,password=my-password,domain=MYDOMAIN

Finally, found elsewhere that "mount -a -v" command can give more data. After that I got this response:

mount.cifs kernel mount options: ip=192.168.10.1,unc=\\192.168.10.1\server_share,iocharacterset=utf8,sec=ntlmv,uid=1000,gid=1000,user=my-username,,domain=MYDOMAIN,pass=********

Please note double "," between username and domain. Happens with both, using credential files and direct input of username and password trough fstab command line.

My server that I try to cennect to is still on ubuntu 12.04LTS while client is 16.04

I hope that this bit of info can help to solve this bug

In my experience, leaving out the uid and gid parameters results in a "permission denied" error. When I supply those parameters then I am able to successfully mount with cifs.