mount.cifs on 13.04 fails to mount a samba share with 13: Permission Denied

Bug #1113395 reported by Martin Vysny on 2013-02-02
176
This bug affects 34 people
Affects Status Importance Assigned to Milestone
cifs-utils (Ubuntu)
Medium
Jelmer Vernooij

Bug Description

I mount my samba shares with the following command:

sudo mount -t cifs -o user=admin,password=very.long.password.with.dot //server/sharename /pub/disk

On 12.10, the command works flawlessly and correctly mounts the share. After I upgraded to 13.04, the command no longer worked and always produced the following output:

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Note that accessing the samba mount with krusader works correctly (I have to input the username/password of course).
I am no longer on Ubuntu 13.04 so I cannot provide exact versions of packages. But the error is reproducible on a fully updated Ubuntu 13.04 x86-32. My guess is that the error occurs because the password contains a dot character and the -o parameter gets parsed incorrectly. Or perhaps the password is too long (27 characters).
Thank you

Martin Vysny (vyzivus) wrote :

dmesg:
[ 1981.928924] FS-Cache: Loaded
[ 1981.986392] FS-Cache: Netfs 'cifs' registered for caching
[ 1981.986826] Key type cifs.spnego registered
[ 1981.986868] Key type cifs.idmap registered
[ 1991.507966] CIFS VFS: Send error in SessSetup = -13
[ 1991.508425] CIFS VFS: cifs_mount failed w/return code = -13

mount.cifs:

mount.cifs kernel mount options: ip=192.168.1.104,unc=\\192.168.1.104\stuff,forceuid,uid=1000,gid=1000,user=admin,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The same mount.cifs works on Ubuntu 12.10 and lower.

Martin Vysny (vyzivus) wrote :

Okay, no matter what password I enter, mount.cifs fails with a non-informative moronic error 13, which renders mount.cifs totally useless. Is there another way to mount a samba share, as smbmount is no longer available?

Martin Vysny (vyzivus) wrote :

I tried to change the password on server to various simple strings, mount.cifs still rejects to mount them

Martin Vysny (vyzivus) wrote :
Download full text (3.2 KiB)

Note that both Krusader KIO and smbclient works correctly. I tried to enable more verbose debug messages via /proc/fs/cifs/cifsFYI:

[ 3714.113990] /build/buildd/linux-3.8.0/fs/cifs/cifsfs.c: Devname: //192.168.1.104/stuff flags: 0
[ 3714.114087] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Username: admin
[ 3714.114102] /build/buildd/linux-3.8.0/fs/cifs/connect.c: file mode: 0x1ed dir mode: 0x1ed
[ 3714.114398] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 26 with uid: 0
[ 3714.114410] /build/buildd/linux-3.8.0/fs/cifs/connect.c: UNC: \\192.168.1.104\stuff
[ 3714.114471] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Socket created
[ 3714.114486] /build/buildd/linux-3.8.0/fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x6d6
[ 3714.117756] /build/buildd/linux-3.8.0/fs/cifs/fscache.c: cifs_fscache_get_client_cookie: (0xe7a8a800/0xe7879120)
[ 3714.117783] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 27 with uid: 0
[ 3714.117793] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Existing smb sess not found
[ 3714.117821] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: secFlags 0x81
[ 3714.117834] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: NTLMSSP only mechanism, enable extended security
[ 3714.117851] /build/buildd/linux-3.8.0/fs/cifs/transport.c: For smb_command 114
[ 3714.117864] /build/buildd/linux-3.8.0/fs/cifs/transport.c: Sending smb: smb_len=78
[ 3714.117986] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Demultiplex PID: 16733
[ 3714.176314] /build/buildd/linux-3.8.0/fs/cifs/connect.c: RFC1002 header 0x61
[ 3714.176373] /build/buildd/linux-3.8.0/fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4
[ 3714.176386] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: Dialect: 2
[ 3714.176393] /build/buildd/linux-3.8.0/fs/cifs/cifssmb.c: negprot rc 0
[ 3714.176400] /build/buildd/linux-3.8.0/fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -3600
[ 3714.176405] /build/buildd/linux-3.8.0/fs/cifs/sess.c: sess setup type 3
[ 3714.176414] /build/buildd/linux-3.8.0/fs/cifs/sess.c: ntlmssp session setup phase 1
[ 3714.176424] /build/buildd/linux-3.8.0/fs/cifs/transport.c: For smb_command 115
[ 3714.176429] /build/buildd/linux-3.8.0/fs/cifs/transport.c: Sending smb: smb_len=204
[ 3714.178032] /build/buildd/linux-3.8.0/fs/cifs/connect.c: RFC1002 header 0x23
[ 3714.178073] /build/buildd/linux-3.8.0/fs/cifs/transport.c: cifs_sync_mid_result: cmd=115 mid=2 state=4
[ 3714.178083] /build/buildd/linux-3.8.0/fs/cifs/netmisc.c: Mapping smb error code 0x50001 to POSIX err -13
[ 3714.178089] /build/buildd/linux-3.8.0/fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
[ 3714.178096] /build/buildd/linux-3.8.0/fs/cifs/sess.c: ssetup freeing small buf c71f3d40
[ 3714.178101] CIFS VFS: Send error in SessSetup = -13
[ 3714.178111] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 27) rc = -13
[ 3714.178128] /build/buildd/linux-3.8.0/fs/cifs/fscache.c: cifs_fscache_release_client_cookie: (0xe7a8a800/0xe7879120)
[ 3714.178383] /build/buildd/linux-3.8.0/fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 26) rc = -13
[ 3714.17...

Read more...

Martin Vysny (vyzivus) wrote :

cifs-utils version: 2:5.5-1ubuntu1

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cifs-utils (Ubuntu):
status: New → Confirmed
SimonH (simon-m-hewitt) wrote :

Adding sec=lanman to my mount options works for me, might be worth a shot.

Christopher Townsend (townsend) wrote :

Using SimonH's suggestion to use sec=lanman, it works for me now when using guest (ie, no password) Samba mounting.

Martin Vysny (vyzivus) wrote :

Thank you for your tip, adding the "sec=lanman" option to the list of options fixed the problem for me. Note that this security option is not listed in man mount.cifs... Anyway, thanks again!

Fiorenzo De Santis (fiod3s) wrote :

Yes! I can confirm too, sec=lanman works but now I'd like to know why ;-)

Steve Jordahl (sjordahl) wrote :

I ran across this issue today and found that when the cifs.ko module is loaded /proc/fs/cifs/SecurityFlags is set differently (0x81) than previous versions of Ubuntu (0x7). Changing the parameter allowed me to connect properly:

echo 0x7 > /proc/fs/cifs/SecurityFlags
cat /proc/fs/cifs/SecurityFlags

The following explains the use of the parameter: https://www.kernel.org/doc/readme/fs-cifs-README

I did a bit of searching, but wasn't able to find a clean way of setting it at boot since on this system I'm not sure that the cifs module will be loaded at boot. I haven't looked at the source, but I'm guessing it's hard coded.

Not that it's relevant here, but my need for the functionality was so XCP could properly mount CIFS shares. To solve my issue, since I couldn't do it at boot, was to patch /usr/lib/xcp/xm/ISOSR.py with the following patch:

--- ISOSR.py.orig 2013-04-09 21:46:13.734220000 -0600
+++ ISOSR.py 2013-04-09 21:46:13.734220000 -0600
@@ -264,6 +264,9 @@
             f.write("username=%s\npassword=%s\n" % (username,password))
             f.close()
             credentials = "credentials=%s" % self.credentials
+ f = open('/proc/fs/cifs/SecurityFlags', 'w')
+ f.write('0x7')
+ f.close()
             mountcmd.extend(["-o", credentials])

     def _cleanupcredentials(self):

Hope this helps.

Gonzalez Desiderio (dexigon) wrote :

for me as sec = lanman is ok.

Thank you Simon H

Allen Crider (software-eng) wrote :

This bug also affected me after upgrading from Kubuntu 12.10 to 13.04. I have been unable to get sec=lanman to work, but changing the value of /proc/fs/cifs/SecurityFlags to 0x7 does work. I would very much like to find a way to change the value at boot or fix the bug.

Phil Hannent (phil-hannent) wrote :

The sec=lanman didn't work for me, however sec=ntlm did.

Apparently Linux 3.8 dropped support for ntlm.

https://bbs.archlinux.org/viewtopic.php?id=159915

SkinlessGorgon (peemickuk) wrote :

None of the above works for me.
I have changed the sec options to lanman, ntlm, ntlmv2. I have cnaged the security flags as above.
 I cannot even write to the SMB share by browsing the network to the windows share.
I can read all mounted shares, which is OK, but I backup over the network and haven't have a backup for ages now.

Any help appreciated.

Domfe (domfe) wrote :

sec=ntlm works for me. mount.cifs sould provide a more informative message

Blue Duck (blueduck) wrote :

sec=ntlm ok for me. lanman nok.

Fiorenzo De Santis (fiod3s) wrote :

I have tried sec=lanman sec=ntlm sec=ntlmv2 so far, and all these options work for me, so I decided to use sec=ntlmv2

However I get mount error(5) with sec=none, and this is the same error I get without sec.

Andreas H. (guitar1) wrote :

sec=ntlm works a bit for me, but i could not get write access (for not root users) i am using

//10.10.1.12/andi /media/nas cifs credentials=/root/****,file_mode=0777,dir_mode=0777,sec=ntlm

in /etc/fstab. On 12.10 it works as it should (read an write access to my normal user), i also tried to add "uid=1000" but with no success.

Carlos A. Gómez Bravo (cagb) wrote :

Helo,

the "guest, sec=ntlmv2" work for me.

(client Ubuntu 13.04 x64 with server Ubuntu 12.04 x64 )

asgard2 (kamp000x) wrote :

//IP/winshare /media/winshare cifs users,noauto,sec=lanman,passwd= 0 0

adding "sec=lanman" worked :)

Xubuntu 13.04 64Bit

I have the following line in my /etc/fstab:

//campus01/mtozses /mnt/t cifs credentials=/root/.mtozses,uid=3339,gid=500,sec=ntlm 0 0

and it didn't work. I tried lanman as well.

Ubuntu 13.04 32 bit

DimanNe (dimanne) wrote :

Yes, sec=lanman helps me! Thank you!

Kristian Rink (kawazu) wrote :

+1 for sec=lanman, thanks for the workaround. Server in our case is smbd off Debian Unstable using guest-only access.

Gonzalez Desiderio (dexigon) wrote :

it works fine with the new Ubuntu 13.10 saucy.

harijay (harijay) wrote :

I am trying with 13.10 and the command that used to work with 13.04 has now stopped working. I tried with sec=lanman,ntlm,ntlmv2 and it either does not work and gives the useless error

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Or it gives with sec=lanman
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

I also could not sudo echo 0x7 > /proc/fs/cifs/SecurityFlags because it said Permission denied. Regardless while the miunt command used to work in 13.04 it does not work on 13.10

Dieter Burghardt (dburghardt) wrote :

I had similar problems accessing a server in a domain and using a credential file. I solved the problem by specifying the domainname separatly (and not like before as part of the username.)

In the older Ubuntu (10.4) I had something like:
sudo mount -t cifs //MyServer/MyShare /mnt -o user=MyDomain\MyName,password=AskTheNSA

Now in 13.10 it did no longer work and I had to change it to:
sudo mount -t cifs //MyServer/MyShare /mnt -o domain=MyDomain,user=MyName,password=AskTheNSA

So if you are still not lucky to mount your share you might give this a try. If your server is not part of a domain, you might be lucky specifying your workgroup ...

draptik (patrick-pdrechsler) wrote :

For other people stumbling across this thread: the sec=lanman solution also works for my setup using xubuntu 14.04....

Jet Wilda (jet-wilda) wrote :

I had this issue in 14.04 and specifying the domain seperatly fixed it for me. Here is my /etc/fstab entry

//SERVER.DOMAIN.TLD/SHARE /LOCAL_MOUNT_LOCATION cifs sec=ntlm,domain=DOMAIN,credentials=/root/.servercred,iocharset=utf8,file_mode=0777,dir_mode=0777 0

Gabriel Rota (gabriel-rota) wrote :

On 14.04 specifying the domain separately does work also for me. Thanks.

Jelmer Vernooij (jelmer) wrote :

The error message is just based on the errno (13), so it's hard for mount.cifs to modify that. We should update the manpage to mention sec=lanman though.

Changed in cifs-utils (Ubuntu):
assignee: nobody → Jelmer Vernooij (jelmer)
Bruce Pieterse (octoquad) wrote :

I had a similiar problem. If I remove the values for pass at the end of the individual shares being mounted in /etc/fstab I am able to mount my shares correctly. It also seems to work if your remove the dump value at the end of the line as well. Before attempting this, I tried everything in this bug report with nothing being mounted and always having a Permission Denied (13) error.

I hope this helps someone.

tags: added: trusty
FBachofner (fxlix) wrote :

I have had this problem on various networks which needed samba filesharing services from an Ubuntu or LinuxMint-based file server.

In every case, while the user's samba account had a password and allowed browsing (and manipulating files) of a share through a file manager, fstab mounts did not work.

This is regardless of having set sec=ntlm or sec=ntlmv2 or sec=ntlmssp or any of the various other options typically offered as a "solution" (i.e. such as setting the file_mode or user or gid)

In every case the solution for our installations has ended up being the same: reset the samba user's password and the mount works, regardless of setting options!

I'm not sure what happens when the password is "inherited/converted" from the user's Linux account, but there seems to be a significant problem there, notwithstanding the ability to browse (not mount) a samba share.

Perhaps this approach will help you with your fstab samba mounting challenge. I hope so and good luck.

Changed in cifs-utils (Ubuntu):
importance: Undecided → Medium
Jan Skarvall (jan-skarvall) wrote :

I likely ran into this bug after having upgraded from ubuntu 12.04 to ubuntu 14.04.

root@my-host:~# mount -t cifs -o username=my-username,password=my-password //192.168.0.123/C\$ /mnt/point
mount: block device //192.168.0.123/C$ is write-protected, mounting read-only
mount: cannot mount block device //192.168.0.123/C$ read-only
root@my-host:~#

This worked on 12.04 without problems.

Specifying the domain separately solved it for me, too.

Kruno (krunof) wrote :

Migrating from Ubuntu 12.04LTS to 16.04LTS also brokes cifs mount for me. I was having following in my fstab file:

/192.168.10.1/server_share/ /mnt/my_point cifs iocharacterset=utf8,sec=ntlm,credentials=/home/kruno/.smbcredentials,uid=1000,gid=1000 0 0

As I read elsewhere you need to separate username and domain in credential file. I did that too. Still having permission denied errror when try to use "mount -a" command

I also tried to put username, domain and password directly in fstab command. Same errror.
I'm sure that username and password is correct, because following command properly mount drive:

mount -t cifs //192.168.10.1/server_share/ /mnt/my_point -o username=my-username,password=my-password,domain=MYDOMAIN

Finally, found elsewhere that "mount -a -v" command can give more data. After that I got this response:

mount.cifs kernel mount options: ip=192.168.10.1,unc=\\192.168.10.1\server_share,iocharacterset=utf8,sec=ntlmv,uid=1000,gid=1000,user=my-username,,domain=MYDOMAIN,pass=********

Please note double "," between username and domain. Happens with both, using credential files and direct input of username and password trough fstab command line.

My server that I try to cennect to is still on ubuntu 12.04LTS while client is 16.04

I hope that this bit of info can help to solve this bug

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers