Package: cifs-utils Version: 2:7.0-2 We have one share here which can be opened by smbclient, but not mounted using mount.cifs:
smbclient -A ~alain/.smbcredentials-admin //work03.gouv.etat.lu/aev => succeeds # mount.cifs -o credentials=/home/alain/.smbcredentials-admin //work03.gouv.etat.lu/aev /media/windows/work03 mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg) kernel log shows: 2023-12-22T11:58:37.212890+01:00 alainpc kernel: [10807.375685] CIFS: fs/smb/client/fs_context.c: CIFS: parsing cifs mount option 'source' 2023-12-22T11:58:37.212910+01:00 alainpc kernel: [10807.375702] CIFS: fs/smb/client/fs_context.c: CIFS: parsing cifs mount option 'ip' 2023-12-22T11:58:37.212913+01:00 alainpc kernel: [10807.375710] CIFS: fs/smb/client/fs_context.c: CIFS: parsing cifs mount option 'unc' 2023-12-22T11:58:37.212914+01:00 alainpc kernel: [10807.375715] CIFS: fs/smb/client/fs_context.c: CIFS: parsing cifs mount option 'user' 2023-12-22T11:58:37.212916+01:00 alainpc kernel: [10807.375720] CIFS: fs/smb/client/fs_context.c: CIFS: parsing cifs mount option 'pass' 2023-12-22T11:58:37.212917+01:00 alainpc kernel: [10807.375726] CIFS: fs/smb/client/cifsfs.c: Devname: \\work03.gouv.etat.lu\aev flags: 0 2023-12-22T11:58:37.212919+01:00 alainpc kernel: [10807.375733] CIFS: fs/smb/client/connect.c: Username: xxxxxx_admin 2023-12-22T11:58:37.212921+01:00 alainpc kernel: [10807.375736] CIFS: fs/smb/client/connect.c: file mode: 0755 dir mode: 0755 2023-12-22T11:58:37.212924+01:00 alainpc kernel: [10807.375743] CIFS: fs/smb/client/connect.c: VFS: in mount_get_conns as Xid: 79 with uid: 0 2023-12-22T11:58:37.212926+01:00 alainpc kernel: [10807.375748] CIFS: fs/smb/client/connect.c: UNC: \\work03.gouv.etat.lu\aev 2023-12-22T11:58:37.212928+01:00 alainpc kernel: [10807.375756] CIFS: fs/smb/client/connect.c: generic_ip_connect: connecting to 148.110.208.152:445 2023-12-22T11:58:37.212959+01:00 alainpc kernel: [10807.375774] CIFS: fs/smb/client/connect.c: Socket created 2023-12-22T11:58:37.212962+01:00 alainpc kernel: [10807.375777] CIFS: fs/smb/client/connect.c: sndbuf 16384 rcvbuf 131072 rcvtimeo 0x6d6 2023-12-22T11:58:37.232875+01:00 alainpc kernel: [10807.396428] CIFS: fs/smb/client/connect.c: cifs_get_tcp_session: next dns resolution scheduled for 600 seconds in the future 2023-12-22T11:58:37.232893+01:00 alainpc kernel: [10807.396441] CIFS: fs/smb/client/connect.c: VFS: in cifs_get_smb_ses as Xid: 80 with uid: 0 2023-12-22T11:58:37.232896+01:00 alainpc kernel: [10807.396447] CIFS: fs/smb/client/connect.c: Existing smb sess not found 2023-12-22T11:58:37.232897+01:00 alainpc kernel: [10807.396455] CIFS: fs/smb/client/smb2pdu.c: Negotiate protocol 2023-12-22T11:58:37.232899+01:00 alainpc kernel: [10807.396467] CIFS: fs/smb/client/transport.c: wait_for_free_credits: remove 1 credits total=0 2023-12-22T11:58:37.232901+01:00 alainpc kernel: [10807.396484] CIFS: fs/smb/client/connect.c: Demultiplex PID: 13815 2023-12-22T11:58:37.232903+01:00 alainpc kernel: [10807.396494] CIFS: fs/smb/client/transport.c: Sending smb: smb_len=252 2023-12-22T11:58:37.252865+01:00 alainpc kernel: [10807.418048] CIFS: fs/smb/client/connect.c: RFC1002 header 0x134 2023-12-22T11:58:37.252887+01:00 alainpc kernel: [10807.418071] CIFS: fs/smb/client/smb2misc.c: SMB2 data length 114 offset 128 2023-12-22T11:58:37.252889+01:00 alainpc kernel: [10807.418076] CIFS: fs/smb/client/smb2misc.c: SMB2 len 242 2023-12-22T11:58:37.252892+01:00 alainpc kernel: [10807.418079] CIFS: fs/smb/client/smb2misc.c: length of negcontexts 60 pad 6 2023-12-22T11:58:37.252894+01:00 alainpc kernel: [10807.418086] CIFS: fs/smb/client/smb2ops.c: smb2_add_credits: added 1 credits total=1 2023-12-22T11:58:37.252895+01:00 alainpc kernel: [10807.418177] CIFS: fs/smb/client/transport.c: cifs_sync_mid_result: cmd=0 mid=0 state=64 2023-12-22T11:58:37.252897+01:00 alainpc kernel: [10807.418199] CIFS: fs/smb/client/misc.c: Null buffer passed to cifs_small_buf_release 2023-12-22T11:58:37.252899+01:00 alainpc kernel: [10807.418205] CIFS: fs/smb/client/smb2pdu.c: mode 0x3 2023-12-22T11:58:37.252902+01:00 alainpc kernel: [10807.418208] CIFS: fs/smb/client/smb2pdu.c: negotiated smb3.1.1 dialect 2023-12-22T11:58:37.252904+01:00 alainpc kernel: [10807.418218] CIFS: fs/smb/client/smb2pdu.c: decoding 2 negotiate contexts 2023-12-22T11:58:37.252907+01:00 alainpc kernel: [10807.418221] CIFS: fs/smb/client/smb2pdu.c: decode SMB3.11 encryption neg context of len 4 2023-12-22T11:58:37.252909+01:00 alainpc kernel: [10807.418224] CIFS: fs/smb/client/smb2pdu.c: SMB311 cipher type:2 2023-12-22T11:58:37.252910+01:00 alainpc kernel: [10807.418229] CIFS: fs/smb/client/connect.c: cifs_setup_session: channel connect bitmap: 0x1 2023-12-22T11:58:37.252931+01:00 alainpc kernel: [10807.418234] CIFS: fs/smb/client/connect.c: Security Mode: 0x3 Capabilities: 0x30005f TimeAdjust: 0 2023-12-22T11:58:37.252935+01:00 alainpc kernel: [10807.418239] CIFS: fs/smb/client/smb2pdu.c: Session Setup 2023-12-22T11:58:37.252938+01:00 alainpc kernel: [10807.418243] CIFS: fs/smb/client/smb2pdu.c: sess setup type 2 2023-12-22T11:58:37.252939+01:00 alainpc kernel: [10807.418248] CIFS: fs/smb/client/smb2pdu.c: Fresh session. Previous: 0 2023-12-22T11:58:37.252941+01:00 alainpc kernel: [10807.418254] CIFS: fs/smb/client/transport.c: wait_for_free_credits: remove 1 credits total=0 2023-12-22T11:58:37.252943+01:00 alainpc kernel: [10807.418273] CIFS: fs/smb/client/transport.c: Sending smb: smb_len=136 2023-12-22T11:58:37.277074+01:00 alainpc kernel: [10807.439279] CIFS: fs/smb/client/connect.c: RFC1002 header 0x106 2023-12-22T11:58:37.277100+01:00 alainpc kernel: [10807.439298] CIFS: fs/smb/client/smb2misc.c: SMB2 data length 190 offset 72 2023-12-22T11:58:37.277103+01:00 alainpc kernel: [10807.439303] CIFS: fs/smb/client/smb2misc.c: SMB2 len 262 2023-12-22T11:58:37.277105+01:00 alainpc kernel: [10807.439309] CIFS: fs/smb/client/smb2ops.c: smb2_add_credits: added 130 credits total=130 2023-12-22T11:58:37.277106+01:00 alainpc kernel: [10807.439381] CIFS: fs/smb/client/transport.c: cifs_sync_mid_result: cmd=1 mid=1 state=64 2023-12-22T11:58:37.277108+01:00 alainpc kernel: [10807.439394] CIFS: Status code returned 0xc0000016 STATUS_MORE_PROCESSING_REQUIRED 2023-12-22T11:58:37.277110+01:00 alainpc kernel: [10807.439407] CIFS: fs/smb/client/smb2maperror.c: Mapping SMB2 status code 0xc0000016 to POSIX err -5 2023-12-22T11:58:37.277112+01:00 alainpc kernel: [10807.439421] CIFS: fs/smb/client/misc.c: Null buffer passed to cifs_small_buf_release 2023-12-22T11:58:37.277115+01:00 alainpc kernel: [10807.439428] CIFS: fs/smb/client/sess.c: decode_ntlmssp_challenge: negotiate=0xe2088235 challenge=0x60898235 2023-12-22T11:58:37.277117+01:00 alainpc kernel: [10807.439434] CIFS: fs/smb/client/smb2pdu.c: rawntlmssp session setup challenge phase 2023-12-22T11:58:37.277119+01:00 alainpc kernel: [10807.439440] CIFS: fs/smb/client/smb2pdu.c: Fresh session. Previous: 0 2023-12-22T11:58:37.277121+01:00 alainpc kernel: [10807.439494] CIFS: fs/smb/client/transport.c: wait_for_free_credits: remove 1 credits total=129 2023-12-22T11:58:37.277123+01:00 alainpc kernel: [10807.439516] CIFS: fs/smb/client/transport.c: Sending smb: smb_len=388 2023-12-22T11:58:37.300823+01:00 alainpc kernel: [10807.462731] CIFS: fs/smb/client/connect.c: RFC1002 header 0x49 2023-12-22T11:58:37.300852+01:00 alainpc kernel: [10807.462755] CIFS: fs/smb/client/smb2misc.c: SMB2 data length 0 offset 0 2023-12-22T11:58:37.300854+01:00 alainpc kernel: [10807.462760] CIFS: fs/smb/client/smb2misc.c: SMB2 len 73 2023-12-22T11:58:37.300856+01:00 alainpc kernel: [10807.462766] CIFS: fs/smb/client/smb2ops.c: smb2_add_credits: added 130 credits total=259 2023-12-22T11:58:37.300858+01:00 alainpc kernel: [10807.462844] CIFS: fs/smb/client/transport.c: cifs_sync_mid_result: cmd=1 mid=2 state=64 2023-12-22T11:58:37.300859+01:00 alainpc kernel: [10807.462857] CIFS: Status code returned 0xc000006e STATUS_ACCOUNT_RESTRICTION 2023-12-22T11:58:37.300861+01:00 alainpc kernel: [10807.462870] CIFS: fs/smb/client/smb2maperror.c: Mapping SMB2 status code 0xc000006e to POSIX err -13 2023-12-22T11:58:37.300864+01:00 alainpc kernel: [10807.462877] CIFS: fs/smb/client/misc.c: Null buffer passed to cifs_small_buf_release 2023-12-22T11:58:37.300866+01:00 alainpc kernel: [10807.462887] CIFS: VFS: \\work03.gouv.etat.lu Send error in SessSetup = -13 2023-12-22T11:58:37.300868+01:00 alainpc kernel: [10807.462895] CIFS: fs/smb/client/connect.c: VFS: leaving cifs_get_smb_ses (xid = 80) rc = -13 2023-12-22T11:58:37.300871+01:00 alainpc kernel: [10807.462904] CIFS: fs/smb/client/dfs_cache.c: cache_refresh_path: search path: \work03.gouv.etat.lu\aev 2023-12-22T11:58:37.300873+01:00 alainpc kernel: [10807.462912] CIFS: fs/smb/client/dfs_cache.c: get_dfs_referral: get an DFS referral for \work03.gouv.etat.lu\aev 2023-12-22T11:58:37.300906+01:00 alainpc kernel: [10807.462932] CIFS: fs/smb/client/connect.c: VFS: leaving mount_put_conns (xid = 79) rc = 0 2023-12-22T11:58:37.300909+01:00 alainpc kernel: [10807.462937] CIFS: VFS: cifs_mount failed w/return code = -13 I tried to gather a network trace and analyze it with wireshark. The first difference is that mount.cifs' Session Setup Request packet is annotated with NTLMSSP_NEGOTIATE whereas smbclient's isn't This packet contains a Security Blob which for smbclient is 1706 bytes long, and has a GSS-API sub block. For mount.cifs, the Security Blob is a mere 44 bytes long, and contains an NTLM Secure Service Provider block. How can I convince mount.cifs to use GSS-API too? N.B. it does work with another user in mount.cifs too, but this is not satisfactory, as that other user has not enough rights for the stuff we need. The user for whom it breaks has an underscore in his name, and is 12 characters long (vs the other with just 6 characters and nothing special), could this be a factor? Thanks, -- Alain Knaff Service Informatique LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG Ministère de l'Environnement, du Climat et de la Biodiversité Administration de l'environnement 1, avenue du Rock'n'Roll . L-4361 Esch-sur-Alzette Tél. (+352) 40 56 56-309 E-Mail: alain.kn...@aev.etat.lu www.emwelt.lu . www.environnement.public.lu . www.luxembourg.lu
