cifs, smb - Can't mount (permission denied) or navigate shared folder

mount permissions samba cifs

220,387

Solution 1

I'm pretty sure I ran into this exact same problem today on Ubuntu 16.10 I tried all the suggestions in this thread several times, I could mount the exact same share using Windows Server 2016 and I could browse it using smbclient (smbclient -U brainstrust //WINBOX01/shared). I even tried an external credentials file.

I ended up stumbling on a fix - although I'd created a local user for the share on the Windows box, it was also joined to a domain. Basically setting the domain to be the local machine -o domain=WINBOX01 fixed my problem instantly, so leaving a comment here in the hope that its useful to someone out there.

The complete minimal command I used was:

sudo mount.cifs -v //WINBOX01/shared /home/geoff/winbox01  --verbose -o user=brainstrust,password=topsecret,domain=WINBOX01

Solution 2

I think you have the wrong security type for the server , error 13 means the server isn't letting you in.

You will need to select the right security mode in your mount command add a sec option via -o as follows [reference]:

sec=
   Security mode. Allowed values are:
   ·   none - attempt to connection as a null user (no name)
   ·   krb5 - Use Kerberos version 5 authentication
   ·   krb5i - Use Kerberos authentication and forcibly enable packet 
       signing
   ·   ntlm - Use NTLM password hashing
   ·   ntlmi - Use NTLM password hashing and force packet signing
   ·   ntlmv2 - Use NTLMv2 password hashing
   ·   ntlmv2i - Use NTLMv2 password hashing and force packet signing
   ·   ntlmssp - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message
   ·   ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing

Solution 3

Try to add the "-v" option to get verbose output:

sudo mount -v -t cifs //fileshare1/docs1/user/My\ 
   Documents/shared/Francesco/ /home/frank/mnt_folder -o \
   username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000

Test with these options to the mount command

iocharset=utf8,rw,file_mode=0777,dir_mode=0777:

sudo mount -v -t cifs //fileshare1/docs1/user/My\ 
   Documents/shared/Francesco/ /home/frank/mnt_folder -o 
   username=my_user,password=my_pass,domain=my_domain,\
   iocharset=utf8,rw,file_mode=0777,dir_mode=0777

Test specifying the SMB version option (vers=2.1), see the samba wiki. From the mount.cifs man page:
vers=
SMB protocol version. Allowed values are:
- 1.0 - The classic CIFS/SMBv1 protocol. This is the default.
- 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) that is not supported.
- 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.
- 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.

Finally, try to mount only the first share :

sudo mount -v -t cifs //fileshare1/docs1/ /home/frank/mnt_folder \
   -o username=my_user,password=my_pass,domain=my_domain,\
   iocharset=utf8,rw,file_mode=0777,dir_mode=0777

Any verbose output you can share might help.

Solution 4

For this problem when using cifs higher than 6.0: new version of cifs use the domain variable instead, so creadentials file look like:

username=<your username>
password=<your password>
domain=<your domain>

Solution 5

Adding the option sec=ntlm to the mount command resolved my issue.

eg:

sudo mount -t cifs -o username=administrator,password=123456,sec=ntlm //ip/eeshare /mnt/eeshare/

View more solutions

220,387

Frankmtl

Updated on September 18, 2022

Comments

Frankmtl almost 2 years
I've recently bumped into this problem. I usually navigate through a local network shared folder from a Linux machine via smb (i.e. from file manger using smb: ). Now whenever I try to access the shortcut or typing credential again I keep getting the dialog window asking for user, domain and password.

So I tried mounting the location manually using cisf-utils doing:
```
sudo mount -t cifs //fileshare1/docs1/user/My\ Documents/shared/Francesco/ /home/frank/used_shared/ -o username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000
```
I get mount error(13): Permission denied.

I'm definitely sure my user has permission on that folder cause I can access it from a windows machine.

Also if I try to mount my personal folder on that location through:
```
sudo mount -t cifs //fileshare1/docs5/francesco.azzarello/ /home/frank/mnt_folder -o username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000
```
I can access it with no problem.

For reference I'm using 4.2.0-36-generic kernel and my mount.cifs version is 6.4

Any idea on how to make one of both methods work?

Update Rgarding ponsfrilus answer

number 1: verbose option returns:
```
_mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,uid=1000,gid=1000,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_
```
Number 2 is basically the same thing:
```
_ mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,iocharset=utf8,file_mode=0777,dir_mode=0777,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_
```
And nothing changed with vers=2.1:
```
_mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,vers=2.1,iocharset=utf8,file_mode=0777,dir_mode=0777,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_
```
As for number 4 I can mount docs1 no problem but I can navigate tho get to the shared folder in user.
- emk2203 about 8 years
  
  Try ponsfrilus' tip #3 with vers=3.0, maybe also vers=2.0 or vers=1.0. If this doesn't work, maybe you can allow the server a broader range of smb versions to connect. I had this issue myself because smb3 was set on the server as required. I couldn't connect with linux until the server lowered the required samba version to 2. What OS does the server run?
- Frankmtl about 8 years
  
  I tried all of them. I still get "permission denied" with 3.0, 2.1 and 2.0. While I get "unknown error" with 1.0. I don't know how to check the windows server version as user since I don't have direct access to it.
- emk2203 about 8 years
  
  Can't help you on that, sorry. I had control over the server and my problem went away after relaxing the allowed SMB versions. You can connect to your own share - linux misconfiguration unlikely; you can connect via windows to share - server misconfiguration unlikely. This calls for a real samba guru.
Frankmtl about 8 years

Thank you for you answer. I Didn't find any better way to replay other than update the question. you can find the outputs of those commands in the update
Frankmtl about 8 years

I tried all of them and I receive "permission denied" or "unknown error" depending on the sec type
ponsfrilus about 8 years

@Frankmtl can you compare the folders rights inside docs1 and docs5 fileshare1 ?
Frankmtl about 8 years

Sorry for the late reply. If you mean the folder permissions after i mount them, they both have drwxr-xr-x
Amias over 6 years

given all the recent security issues with SMB I would advice only using it where a lot of additional security measures are in place , such as very up to date virus checking.
laugeo over 6 years

To access a Windows 2012 server share (smb2), you must add ,vers=2.1 after uid=1000 (aka end of line) . I installed also "cifs-utils" package.
dleerob over 5 years

Thanks for leaving this comment here, it helped me out.
Terminality over 5 years

Helped me too. Appears that mount -t cifs suffers from the same problem
Charlie almost 5 years

This is what turned out to be my problem. I already had a ~/.smbcredentials file. I'm horrified to find out my local NAS has let me mount the share with a bad password for a very long time.
Humpity over 4 years

Try using sec=ntlmssp, and make sure your samba server config encrypts the password.
bviktor over 4 years

Oddly enough, we needed to specify the domain NetBIOS name, not the fileserver's hostname. Nevertheless, it does work now, thanks a lot.
chuckedw over 4 years

Saved my day. Actually what I did was just remove the sec=ntlm and then it worked.
Amias over 4 years

You really should move away from SMB these days, it's a near constant source of attacks and privelege escalation.
W.M. about 4 years

The solution for me was indeed no spaces before and after =.
Elysiumplain over 3 years

Note that exclusion of the sec parameter is not the same as some default none or ntlm value.
Kentgrav about 3 years

Thanks mate. Solved my problem. Was missing domain=.
Admin about 2 years

adding sec=ntlm was the final step to get a centos 7 linux box to connect to an old rohde and schwarz SMU200A generator stil running windows xp. Another centos 7 box did not need this flag. weird.