# [SOLVED] mount.cifs ( 6.6 ) - error(13): Permission denied

## log_null

mount.cifs fails to access MS Windows share when smbclient goes on fine, using the same credentials ( with samba service running ). The credfile have the following structure :

```
username=administrator

password=mysecretpass

domain=mydomain
```

# mount.cifs  -vvv -o credentials=/home/lognull/.credfile //remote.windows.box/c$ /mnt/windows/

```
mount.cifs kernel mount options: ip=192.168.1.183,unc=\\remote.windows.box\c$,user=administrator,,domain=mydomain,pass=********

mount error(13): Permission denied

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
```

The kernel debug says :

```
[  835.914446] CIFS VFS: mdfour: Crypto md4 allocation error -2

[  835.932724] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE

[  835.932731] CIFS VFS: Send error in SessSetup = -13

[  835.932853] CIFS VFS: cifs_mount failed w/return code = -13
```

When tried with sec=ntlm :

# mount.cifs  -vvv -o credentials=/home/lognull/.credfile,sec=ntlm //remote.windows.box/c$ /mnt/windows/

```
domain=ok

mount.cifs kernel mount options: ip=192.168.1.183,unc=\\remote.windows.box\c$,sec=ntlm,user=administrator,,domain=mydomain,pass=********

mount error(2): No such file or directory

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
```

And the following messages at dmesg :

```
[  976.940177] CIFS VFS: mdfour: Crypto md4 allocation error -2

[  976.940181] CIFS VFS: Error -2 during NTLM authentication

[  976.940183] CIFS VFS: Send error in SessSetup = -2

[  976.940238] CIFS VFS: cifs_mount failed w/return code = -2
```

When trying with smbclient :

# smbclient -A /home/lognull/.credfile -L //remote.windows.box 

```
Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7600] Server=[Windows Server 2008 R2 Enterprise 6.1]

        Sharename       Type      Comment

        ---------       ----      -------

        ADMIN$          Disk      Remote Admin

        C$              Disk      Default share

        IPC$            IPC       Remote IPC

        Publish$        Disk      

Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7600] Server=[Windows Server 2008 R2 Enterprise 6.1]

        Server               Comment

        ---------            -------

        Workgroup            Master

        ---------            -------

```

# smbclient -A /home/lognull/.credfile -L //remote.windows.box/c$ -c 'ls'

```
Domain=[MYDOMAIN] OS=[Windows Server 2008 R2 Enterprise 7600] Server=[Windows Server 2008 R2 Enterprise 6.1]

  $Recycle.Bin                      DHS        0  Wed Mar 22 13:49:22 2017

  Config.Msi                        DHS        0  Thu Jul 21 17:41:00 2016

  Documents and Settings            DHS        0  Tue Jul 14 02:06:44 2009

  inetpub                             D        0  Mon Jan 23 10:38:42 2017

  pagefile.sys                      AHS 4397260800  Fri Mar 24 00:08:24 2017

  PerfLogs                            D        0  Tue Jul 14 00:20:08 2009

  Program Files                      DR        0  Thu May  8 10:11:19 2014

  Program Files (x86)                DR        0  Tue Jan 24 15:40:48 2017

  ProgramData                        DH        0  Thu Nov 17 16:31:48 2016

  Recovery                          DHS        0  Thu Jun 20 00:12:16 2013

  System Volume Information         DHS        0  Thu Mar 16 00:44:52 2017

  temp                                D        0  Sat Mar 11 18:13:51 2017

  Users                              DR        0  Wed Mar 22 13:49:06 2017

  Windows                             D        0  Fri Aug  5 11:19:49 2016

                20945407 blocks of size 4096. 13978451 blocks available
```

Packages versions and USE :

```
 * Found these USE flags for net-fs/cifs-utils-6.6:

 U I

 + + acl     : Add support for Access Control Lists

 + + ads     : Enable Active Directory support and create cifs.idmap binary - idmap support

 + + caps    : libcap support

 + + caps-ng : libcap-ng support

 + + creds   : cifs credentials support
```

```
 * Found these USE flags for net-fs/samba-4.2.14:

 U I

 - - abi_x86_32               : 32-bit (x86) libraries

 - - acl                      : Add support for Access Control Lists

 - - addc                     : Enable Active Directory Domain Controller support

 - - addns                    : Enable AD DNS integration

 - - ads                      : Enable Active Directory support

 - - aio                      : Enable asynchronous IO support

 - - avahi                    : Add avahi/Zeroconf support

 + + client                   : Enables the client part

 - - cluster                  : Enable support for clustering

 - - cups                     : Add support for CUPS (Common Unix Printing System)

 - - dmapi                    : Enable support for DMAPI. This currently works only in combination with XFS.

 - - fam                      : Enable FAM (File Alteration Monitor) support

 + + gnutls                   : Add support for net-libs/gnutls (TLS 1.0 and SSL 3.0 support)

 - - iprint                   : Enabling iPrint technology by Novell

 - - ldap                     : Add LDAP support (Lightweight Directory Access Protocol)

 + + pam                      : Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip

 + + python_targets_python2_7 : Build with Python 2.7

 - - quota                    : Enables support for user quotas

 - - syslog                   : Enable support for syslog

 + + system-mitkrb5           : Use app-crypt/mit-krb5 instead of app-crypt/heimdal.

 - - systemd                  : Enable use of systemd-specific libraries and features like socket activation or session tracking

 - - test                     : Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore

 + + winbind                  : Enables support for the winbind auth daemon
```

# egrep -i  'cifs|fuse' /boot/config-4.4.39-gentoo :

```
CONFIG_FUSE_FS=m

CONFIG_CIFS=m

CONFIG_CIFS_STATS=y

CONFIG_CIFS_STATS2=y

CONFIG_CIFS_WEAK_PW_HASH=y

CONFIG_CIFS_UPCALL=y

CONFIG_CIFS_XATTR=y

CONFIG_CIFS_POSIX=y

# CONFIG_CIFS_ACL is not set

CONFIG_CIFS_DEBUG=y

# CONFIG_CIFS_DEBUG2 is not set

CONFIG_CIFS_DFS_UPCALL=y

# CONFIG_CIFS_SMB2 is not set

# CONFIG_CIFS_FSCACHE is not set
```

lsmod:

```
Module                  Size  Used by

cifs                  238415  0

snd_usb_audio         132342  0

snd_usbmidi_lib        19323  1 snd_usb_audio

snd_rawmidi            17917  1 snd_usbmidi_lib
```

Full kernel config is here

Does anyone got the same behavior ? Thanks in advance.Last edited by log_null on Fri Mar 31, 2017 2:51 pm; edited 1 time in total

----------

## Roman_Gruber

 *Quote:*   

>  mount error(2): No such file or directory 

 

mount needs user root (or more like noobish phrased, daemon which gives root, allows it)

Sorry for my ignorance:

why not use fstab entry?

with users as option?

I do not use windows, but usually fstab with users should work (or the config file in question !)

--

Guys hate me to always refer to external guides anyway

https://wiki.gentoo.org/wiki/Samba

 *Quote:*   

> CIFS share
> 
> Mount the shared content
> 
> Once the client is fully configured, the shares can soon be accessed.
> ...

 

Do you have this in your kernel?

 *Quote:*   

> Symbol: CRYPTO_ECB [=y]                                                                                                                                             │  
> 
>   │ Type  : tristate                                                                                                                                                    │  
> 
>   │ Prompt: ECB support                                                                                                                                                 │  
> ...

 

https://www.centos.org/forums/viewtopic.php?t=58796

 *Quote:*   

> 
> 
> It turned out in my case to be a Group policy which was set to Send NTLMv2 responses only. Refuse LM and NTLM. I changed this to Send LM & NTLM -use NTLMv2 session security if negotiated.
> 
> Located at: Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options. The policy is called: Network Security: Lan Manager authentication level.

 

----------

## log_null

Thanks for your help, Roman_Gruber :

1 - Yes, I'm doing as root ;

2 - mount.cifs must work before add to fstab ( since it extends from mount ). The users options makes no effect related to this issue.

3 - About samba guide : I'm doing the same syntax

4 - Yes, I have CRYPTO_ECB [=y] ( builtin ) This was a good advice. Thanks again!

5 - NTLMv2 is not possible for me since I can't change any configuration at Windows boxes.

NOTE : I used the same commands I mentioned before with a Slackware 14 box. It goes fine. 

I'll compare both kernel configs and try to figure out what's happening here ... (sob)

----------

## log_null

Solved after system and kernel upgrade ( 4.4.39  to 4.9.16 ) ...  =_=

----------

