[arch-general] clients can no longer mount.cifs the '/' samba share from current Arch server (long)
David C. Rankin
drankinatty at suddenlinkmail.com
Tue Jan 7 22:20:06 EST 2014
On 01/07/2014 03:51 AM, Martti Kühne wrote:
> I fail to see sec=ntlm in both your failing commands. Is that
> intentional or uncautious paste?
>
> cheers!
> mar77i
Marti,
ntlm was apparently dropped for kernels >= 3.8, but I've tried that as well:
[14:09 providence:/home/david] # mount.cifs //phoinix/config /mnt/phx-cfg -v -o
username=david,domain=RLFPLLC,uid=1000,credentials=/home/david/.dcr/mountcfile,noperm,sec=ntlm
mount.cifs kernel mount options:
ip=192.168.7.16,unc=\\phoinix\config,noperm,sec=ntlm,uid=1000,user=david,,domain=RLFPLLC,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Something else is at play here that is specific to allowing the '/' share from
(hostname phoinix) to be mounted. All other shares ([homes] [samba]} mount just
fine:
[14:09 providence:/home/david] # mount
<snip>
//phoinix/samba on /mnt/phx type cifs
(rw,relatime,vers=1.0,sec=ntlm,cache=loose,unc=\\phoinix\samba,username=david,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.7.16,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1)
//phoinix/david on /mnt/phx-david type cifs
(rw,relatime,vers=1.0,sec=ntlm,cache=loose,unc=\\phoinix\david,username=david,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.7.16,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1)
smbclient reports all public shares as well:
[14:10 providence:/home/david] # smbclient -L phoinix -U%
Domain=[RLFPLLC] OS=[Unix] Server=[Samba 4.1.3]
Sharename Type Comment
--------- ---- -------
samba Disk Phoinix - Law
print$ Disk
pdf-gen Printer PDF Generator print-pdf
IPC$ IPC IPC Service (Phoinix Samba 4.1.3)
dcr4100n Printer HP Laserjet 4100n
SharpM355N Printer Sharp AR-M355N
Sharp_AR-505 Printer Sharp AR-505
HPLJ4200 Printer HP Laserjet 4200
Domain=[RLFPLLC] OS=[Unix] Server=[Samba 4.1.3]
Server Comment
--------- -------
NEMESIS Samba 3.4.5-5.1-2300-SUSE-SL11.0
PHOINIX Phoinix Samba 4.1.3
PROVIDENCE Samba 3.6.7
RECEPTION Reception
Workgroup Master
--------- -------
RLFPLLC PHOINIX
It is a bizarre issue. You can set up a test share easily with the config I
posted. I have successfully used this config for the past decade at least and
I've never had an issue with the mount until this box. For example, on an Arch
server not yet updated to systemd (hostname nirvana (separate subnet)), the
mount of the config share works fine:
18:33 nirvana:/home/samba/law/rankin/clients> smbclient -U% -Llocalhost
Domain=[RLFPLLC] OS=[Unix] Server=[Samba 3.6.6]
Sharename Type Comment
--------- ---- -------
samba Disk Nirvana - Skyline, Pictures, Law
print$ Disk
pdf-gen Printer PDF Generator print-pdf
IPC$ IPC IPC Service (Samba 3.6.6)
LaserJet Printer Home Office Laserjet 4
Domain=[RLFPLLC] OS=[Unix] Server=[Samba 3.6.6]
Server Comment
--------- -------
DCRGX dcrgx
KILLERZ
LAKEHOUSE Samba 3.3.4-0.1.146-2113-SUSE-SL10.3
NIRVANA Samba 3.6.6
RIPPER XP2800
SUPERSFF Samba 3.6.12
Workgroup Master
--------- -------
RLFPLLC NIRVANA
[14:18 nirvana:/home/david/tmp] # smbd -V
Version 3.6.6
mount.cifs version: 5.5
[17:48 alchemy:/etc] # mount
<snip>
//nirvana/config/ on /mnt/nv type cifs
(rw,relatime,unc=\\nirvana\config,username=david,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.6.17,posixpaths,serverino,acl,rsize=16384,wsize=57344,actimeo=1)
//lakehouse/config/ on /mnt/lake type cifs
(rw,relatime,unc=\\lakehouse\config,username=david,domain=rlfpllc,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.6.105,posixpaths,acl,rsize=16384,wsize=57344,actimeo=1)
Another older Arch box (hostname supersff)
[19:53 supersff:/var/log/samba] # smbd -V
Version 3.6.12
mount.cifs version: 5.9
[19:46 alchemy:/mnt] # mount.cifs //supersff/config /mnt/sff -v -o
username=david,uid=1000,domain=rlfpllc,credentials=/home/david/.dcr/mountcfile,noperm
mount.cifs kernel mount options:
ip=192.168.6.109,unc=\\supersff\config,credentials=/home/david/.dcr/mountcfile,noperm,uid=1000,ver=1,user=david,domain=rlfpllc,pass=********
[19:47 alchemy:/mnt] # mount
<snip>
//supersff/config/ on /mnt/sff type cifs
(rw,relatime,unc=\\supersff\config,username=david,domain=rlfpllc,uid=1000,forceuid,gid=0,noforcegid,addr=192.168.6.109,posixpaths,serverino,acl,rsize=16384,wsize=57344,actimeo=1)
On all other boxes, the mount command (regardless of various options just work
in the form:
mount.cifs //server/share /mnt/mpoint
If I'm reading the level 10 correctly, when the connection occurs, the server
finds user david and determines that david is OK for share //phoinix/config:
[2014/01/07 20:32:58.157111, 5, pid=5405, effective(0, 0), real(0, 0)]
../source3/lib/username.c:181(Get_Pwnam_alloc)
Finding user david
<snip>
[2014/01/07 20:32:58.158932, 10, pid=5405, effective(0, 0), real(0, 0)]
../source3/smbd/share_access.c:237(user_ok_token)
user_ok_token: share config is ok for unix user david
But the problem comes in when it does it's magical (switch to user root). Then
we get:
[2014/01/07 20:32:58.159036, 5, pid=5405, effective(0, 0), real(0, 0)]
../source3/lib/username.c:181(Get_Pwnam_alloc)
Finding user root
<snip a whole bunch of stuff>
[2014/01/07 20:32:58.176304, 10, pid=5405, effective(0, 0), real(0, 0)]
../source3/smbd/share_access.c:215(user_ok_token)
User root not in 'valid users'
<snip>
[2014/01/07 20:32:58.176620, 3, pid=5405, effective(0, 0), real(0, 0)]
../source3/smbd/error.c:82(error_packet_set)
NT error packet at ../source3/smbd/reply.c(952) cmd=117 (SMBtconX)
NT_STATUS_ACCESS_DENIED
So this is starting to look more like a smb problem after all. Got any other
thoughts?
--
David C. Rankin, J.D.,P.E.
More information about the arch-general
mailing list