cifs, smb - Can't mount (permission denied) or navigate shared folder
Solution 1
I'm pretty sure I ran into this exact same problem today on Ubuntu 16.10 I tried all the suggestions in this thread several times, I could mount the exact same share using Windows Server 2016 and I could browse it using smbclient (smbclient -U brainstrust //WINBOX01/shared
). I even tried an external credentials file.
I ended up stumbling on a fix - although I'd created a local user for the share on the Windows box, it was also joined to a domain. Basically setting the domain to be the local machine -o domain=WINBOX01
fixed my problem instantly, so leaving a comment here in the hope that its useful to someone out there.
The complete minimal command I used was:
sudo mount.cifs -v //WINBOX01/shared /home/geoff/winbox01 --verbose -o user=brainstrust,password=topsecret,domain=WINBOX01
Solution 2
I think you have the wrong security type for the server , error 13 means the server isn't letting you in.
You will need to select the right security mode in your mount command add a sec option via -o as follows [reference]:
sec=
Security mode. Allowed values are:
· none - attempt to connection as a null user (no name)
· krb5 - Use Kerberos version 5 authentication
· krb5i - Use Kerberos authentication and forcibly enable packet
signing
· ntlm - Use NTLM password hashing
· ntlmi - Use NTLM password hashing and force packet signing
· ntlmv2 - Use NTLMv2 password hashing
· ntlmv2i - Use NTLMv2 password hashing and force packet signing
· ntlmssp - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message
· ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing
Solution 3
-
Try to add the "-v" option to get verbose output:
sudo mount -v -t cifs //fileshare1/docs1/user/My\ Documents/shared/Francesco/ /home/frank/mnt_folder -o \ username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000
-
Test with these options to the mount command
iocharset=utf8,rw,file_mode=0777,dir_mode=0777:
sudo mount -v -t cifs //fileshare1/docs1/user/My\ Documents/shared/Francesco/ /home/frank/mnt_folder -o username=my_user,password=my_pass,domain=my_domain,\ iocharset=utf8,rw,file_mode=0777,dir_mode=0777
-
Test specifying the SMB version option (vers=2.1), see the samba wiki. From the mount.cifs man page:
vers=
SMB protocol version. Allowed values are:1.0 - The classic CIFS/SMBv1 protocol. This is the default.
2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) that is not supported.
2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.
3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.
-
Finally, try to mount only the first share :
sudo mount -v -t cifs //fileshare1/docs1/ /home/frank/mnt_folder \ -o username=my_user,password=my_pass,domain=my_domain,\ iocharset=utf8,rw,file_mode=0777,dir_mode=0777
Any verbose output you can share might help.
Solution 4
For this problem when using cifs higher than 6.0: new version of cifs use the domain variable instead, so creadentials file look like:
username=<your username>
password=<your password>
domain=<your domain>
Solution 5
Adding the option sec=ntlm
to the mount command resolved my issue.
eg:
sudo mount -t cifs -o username=administrator,password=123456,sec=ntlm //ip/eeshare /mnt/eeshare/
Related videos on Youtube
![Frankmtl](https://i.stack.imgur.com/AH7bh.jpg?s=256&g=1)
Frankmtl
Updated on September 18, 2022Comments
-
Frankmtl almost 2 years
I've recently bumped into this problem. I usually navigate through a local network shared folder from a Linux machine via smb (i.e. from file manger using smb: ). Now whenever I try to access the shortcut or typing credential again I keep getting the dialog window asking for user, domain and password.
So I tried mounting the location manually using cisf-utils doing:
sudo mount -t cifs //fileshare1/docs1/user/My\ Documents/shared/Francesco/ /home/frank/used_shared/ -o username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000
I get
mount error(13): Permission denied
.I'm definitely sure my user has permission on that folder cause I can access it from a windows machine.
Also if I try to mount my personal folder on that location through:
sudo mount -t cifs //fileshare1/docs5/francesco.azzarello/ /home/frank/mnt_folder -o username=my_user,password=my_pass,domain=my_domain,gid=1000,uid=1000
I can access it with no problem.
For reference I'm using 4.2.0-36-generic kernel and my mount.cifs version is 6.4
Any idea on how to make one of both methods work?
Update Rgarding ponsfrilus answer
number 1: verbose option returns:
_mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,uid=1000,gid=1000,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=******** mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_
Number 2 is basically the same thing:
_ mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,iocharset=utf8,file_mode=0777,dir_mode=0777,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=******** mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_
And nothing changed with vers=2.1:
_mount.cifs kernel mount options: ip=xxx.xxx.xxx.xxx,unc=\\fileshare1\docs1,vers=2.1,iocharset=utf8,file_mode=0777,dir_mode=0777,user=my_user,,domain=my_domain,prefixpath=user/My Documents/shared/Francesco/,pass=******** mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)_
As for number 4 I can mount docs1 no problem but I can navigate tho get to the shared folder in user.
-
emk2203 about 8 yearsTry ponsfrilus' tip #3 with
vers=3.0
, maybe alsovers=2.0
orvers=1.0
. If this doesn't work, maybe you can allow the server a broader range of smb versions to connect. I had this issue myself because smb3 was set on the server as required. I couldn't connect with linux until the server lowered the required samba version to 2. What OS does the server run? -
Frankmtl about 8 yearsI tried all of them. I still get "permission denied" with 3.0, 2.1 and 2.0. While I get "unknown error" with 1.0. I don't know how to check the windows server version as user since I don't have direct access to it.
-
emk2203 about 8 yearsCan't help you on that, sorry. I had control over the server and my problem went away after relaxing the allowed SMB versions. You can connect to your own share - linux misconfiguration unlikely; you can connect via windows to share - server misconfiguration unlikely. This calls for a real samba guru.
-
-
Frankmtl about 8 yearsThank you for you answer. I Didn't find any better way to replay other than update the question. you can find the outputs of those commands in the update
-
Frankmtl about 8 yearsI tried all of them and I receive "permission denied" or "unknown error" depending on the sec type
-
ponsfrilus about 8 years@Frankmtl can you compare the folders rights inside docs1 and docs5 fileshare1 ?
-
Frankmtl about 8 yearsSorry for the late reply. If you mean the folder permissions after i mount them, they both have drwxr-xr-x
-
Amias over 6 yearsgiven all the recent security issues with SMB I would advice only using it where a lot of additional security measures are in place , such as very up to date virus checking.
-
laugeo over 6 yearsTo access a Windows 2012 server share (smb2), you must add
,vers=2.1
after uid=1000 (aka end of line) . I installed also "cifs-utils" package. -
dleerob over 5 yearsThanks for leaving this comment here, it helped me out.
-
Terminality over 5 yearsHelped me too. Appears that mount -t cifs suffers from the same problem
-
Charlie almost 5 yearsThis is what turned out to be my problem. I already had a
~/.smbcredentials
file. I'm horrified to find out my local NAS has let me mount the share with a bad password for a very long time. -
Humpity over 4 yearsTry using sec=ntlmssp, and make sure your samba server config encrypts the password.
-
bviktor over 4 yearsOddly enough, we needed to specify the domain NetBIOS name, not the fileserver's hostname. Nevertheless, it does work now, thanks a lot.
-
chuckedw over 4 yearsSaved my day. Actually what I did was just remove the sec=ntlm and then it worked.
-
Amias over 4 yearsYou really should move away from SMB these days, it's a near constant source of attacks and privelege escalation.
-
W.M. about 4 yearsThe solution for me was indeed no spaces before and after
=
. -
Elysiumplain over 3 yearsNote that exclusion of the
sec
parameter is not the same as some defaultnone
orntlm
value. -
Kentgrav about 3 yearsThanks mate. Solved my problem. Was missing domain=.
-
Admin about 2 yearsadding sec=ntlm was the final step to get a centos 7 linux box to connect to an old rohde and schwarz SMU200A generator stil running windows xp. Another centos 7 box did not need this flag. weird.