Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: HP on November 16, 2020, 01:57:56 PM

Title: [SME9.x] mount.cifs =>> mount error(13): Permission denied [solved]
Post by: HP on November 16, 2020, 01:57:56 PM: [edit: 2020-11-16@22h03 (SGT)]

Possible simple working solution to the problem presented below:

- https://forums.contribs.org/index.php/topic,54322.msg284217.html#msg284217 (https://forums.contribs.org/index.php/topic,54322.msg284217.html#msg284217)

[/edit]

Hi there, :)

I have a SME server 9.x (x=2 if I am not wrong) configured in server only, behind a residential gateway (aka "Wi-Fi Router") with necessary ports open to use it as a web server ; SME's DHCP server = off ; Everything connected is using static IPAddresses.

I am used to successfully mount "smb" shares between other Linux machines from the same local network, the following way:

Code: [Select]
# mount.cifs //192.168.123.45/share /mnt/smb/machine/share -o username=RemoteUserName,password=PassWord
Unfortunately, it doesn't seem to work with my actual SME server box:

Code: [Select]
mount error(13): Permission denied Refer to the mount.cifs( manual page (e.g. man mount.cifs)

After searching for a while, I also tried the following alternative method involving a "credentials" file located in '/root/password' in which file there is the following:

Code: [Select]
username=RemoteUserName password=PassWord domain=192.168.1.2
192.168.1.2 being the IPAddress of my SME server on the LAN.

Since SME-Server as certain particular ways to do certain things, I am wondering what could be wrong with what I have done, so far ?

I am thinking about something wrong about the Domain, while I only use WorkGroup mode...

Else, do I need to have exactly the same 'username' and 'password' on both Linux machines ?
(I tried that too, it didn't work either)

Regards,
H.P.

P.S.
What I tried has been done on '/mnt/smb/machine/share', to check if things were working fine before attempting the same in an 'ibay/html' location as I actually need on LAN only restricted access ibay.

Search done on http://Contribs.org (http://Contribs.org) brought me to the following readings:
- https://wiki.contribs.org/index.php?title=Special:Search&search=mount+in+ibay (https://wiki.contribs.org/index.php?title=Special:Search&search=mount+in+ibay)
- - https://wiki.contribs.org/AddExtraHardDisk (https://wiki.contribs.org/AddExtraHardDisk)
- - https://wiki.contribs.org/SharedFolders (https://wiki.contribs.org/SharedFolders)
- - https://wiki.contribs.org/SharedFolders/fr (https://wiki.contribs.org/SharedFolders/fr)
- - https://wiki.contribs.org/Useful_Commands (https://wiki.contribs.org/Useful_Commands) (something about ACL ...)
- - https://wiki.contribs.org/Mount_Network_Shares (https://wiki.contribs.org/Mount_Network_Shares)

Search done on http://forums.Contribs.org (http://forum.Contribs.org) brought me to no answer. So, I am posting here.

Search on Google didn't help me much. Just found some things about the '/root/.password/credentials' method.
- https://www.google.com/search?q=Status+code+returned+0xc000006d+NT_STATUS_LOGON_FAILURE (https://www.google.com/search?q=Status+code+returned+0xc000006d+NT_STATUS_LOGON_FAILURE)

P.P.S.
# tail | dmesg gave me only this:

Code: [Select]
... Key type cifs.spnego registered Key type cifs.idmap registered Registering the dns_resolver key type Key type dns_resolver registered Slow work thread pool: Starting up Slow work thread pool: Ready Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE CIFS VFS: Send error in SessSetup = -13 CIFS VFS: cifs_mount failed w/return code = -13 ... ... .. Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE CIFS VFS: Send error in SessSetup = -13 CIFS VFS: cifs_mount failed w/return code = -13 ...

Edits:
- 2020-11-16 @ 22h03 (SGT) : Added link to solution
- 2020-11-18 @ 06h39 (SGT) : Typos fixes + Added [solved] to original message title + this section here.
Title: Re: [SME9.x] mount.cifs =>> mount error(13): Permission denied [Solved ?]
Post by: HP on November 16, 2020, 02:55:02 PM: Finally found a working solution:

Code: [Select]
# mount.cifs //192.168.123.45/share /mnt/smb/machine/share -o username=RemoteUserName,password=PassWord,sec=ntlmssp

The usual 'mount.cifs' command needed the following extra parameter: sec=ntlmssp

Reliable source of information:
- https://stackoverflow.com/questions/45589931/mount-a-networkdrive-in-centos-7-mount-error13-permission-denie

Found using the following keywords in Google:
- https://www.google.com/search?q=cifs+mount+error(13)+permission+denied+centos
Title: Re: [SME9.x] mount.cifs =>> mount error(13): Permission denied
Post by: ReetP on November 16, 2020, 03:46:07 PM: FWIW I have to use this in my /etc/security/pam_mount.conf.xml file on *buntu

Code: [Select]
<volume fstype = "cifs" server = "my.server.net" path = "directorypath" mountpoint = "/home/e-smith/files/users/%(USER)/Mounts/somefileshare" options = "uid=%(USER),nosuid,nodev,noexec,sec=ntlmssp,vers=1.0" user = "*" sgrp = "dt-admins"/>
After some changes a while back I had to add the "sec=ntlmssp,vers=1.0" part.

I have modified the wiki page to reflect it.

https://wiki.contribs.org/Client_Authentication:Ubuntu_via_sssd/ldap
Title: Re: [SME9.x] mount.cifs =>> mount error(13): Permission denied
Post by: HP on November 17, 2020, 10:53:03 PM: Hi ReetP,

Thank you for your sharing.

Quote from: ReetP on November 16, 2020, 03:46:07 PM
FWIW I have to use this in my /etc/security/pam_mount.conf.xml file on *buntu

Code: [Select]
<volume fstype = "cifs" server = "my.server.net" path = "directorypath" mountpoint = "/home/e-smith/files/users/%(USER)/Mounts/somefileshare" options = "uid=%(USER),nosuid,nodev,noexec,sec=ntlmssp,vers=1.0" user = "*" sgrp = "dt-admins"/>
After some changes a while back I had to add the "sec=ntlmssp,vers=1.0" part.

I have modified the wiki page to reflect it.

https://wiki.contribs.org/Client_Authentication:Ubuntu_via_sssd/ldap (https://wiki.contribs.org/Client_Authentication:Ubuntu_via_sssd/ldap)

Well, so "far", what I have done seems to keep working.
So, with what you said, the need for this extra 'sec=ntlmssp' parameter for very basic mount.cifs command seems to be confirmed, I guess. :wink:

Just for feedback information, about the Wiki link mentioned above, there may be something wrong with the edit version displayed, as I do not see what you put in your post:

Code: [Select]
cat <<'_EOF' >/etc/security/pam_mount.conf.xml <pam_mount> <debug enable = "0" /> <mntoptions allow = "nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,noexec" /> <mntoptions require = "nosuid,nodev,noexec" /> <logout wait = "5" hup = "0" term="yes" kill="0" /> <mkmountpoint enable = "1" remove = "true" /> <volume fstype = "cifs" server = "sme.server.com" path = "%(USER)" mountpoint = "/home/e-smith/files/users/%(USER)/Partages/Personnel" options = "uid=%(USER),nosuid,nodev,noexec" user = "*" sgrp = "admins"/> <volume fstype = "cifs" server = "sme.server.com" path = "artwork" mountpoint = "/home/e-smith/files/users/%(USER)/Mounts/artwork" options = "uid=%(USER),nosuid,nodev,noexec" user = "*" sgrp = "admins"/> </pam_mount>_EOF
Best regards,
H.P.
Title: Re: [SME9.x] mount.cifs =>> mount error(13): Permission denied [solved]
Post by: ReetP on November 18, 2020, 10:28:52 AM: It does say this just below :-)

Quote
You may need to add a 'sec' option like this:

options = "uid=%(USER),nosuid,nodev,noexec,sec=ntlmssp,vers=1.0"
Title: Re: [SME9.x] mount.cifs =>> mount error(13): Permission denied [solved]
Post by: HP on November 19, 2020, 03:01:18 PM: Quote from: ReetP on November 18, 2020, 10:28:52 AM
It does say this just below :)

Oups !
My bad !! :(

I didn't read everything carefully, I only focused on the code snippets... :roll: :-?

Well, nothing to add for now.

Have fun everyone ! :wink:

Regards,
H.P.