Can't mount CIFS share but can navigate it

0

I have been given access to a network share on a Windows 2000 server, which I need to access from a CentOs 7 machine.

I have created the credentials file:

username=MYUSER
password=MYPASS
domain=DOMAIN

and I can list the share correctly:

[root@localhost ~]# smbclient -L //share.domain.com -E -A /root/.credentials
Domain=[DOMAIN_NT_DOM1] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
...

Even though sometimes I get an intermittent error saying:

Connection to share.domain.com failed (Error NT_STATUS_IO_DEVICE_ERROR)
NetBIOS over TCP disabled -- no workgroup available

I can even copy the files locally with the -Tc switch.

However, when trying to mount the share, I get a "permission denied" error:

[root@localhost ~]# mount.cifs //share.domain.com/folder/folder2 /root/shared -o 'credentials=/root/.credentials,sec=ntlmv2' -v
domain=domain.com
mount.cifs kernel mount options: ip=172.16.70.4,unc=\\share.domain.com\folder,sec=ntlmv2,user=MYSUER,,domain=domain.com,prefixpath=folder2,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Why can I list and tar files with smbclient but cannot mount the share?

Matteo Tassinari

Posted 2017-07-25T08:57:16.303

Reputation: 247

Are you sure that your server uses "ntlmv2" as the authentication protocol? – testeaxeax – 2017-07-25T13:58:52.210

Actually, no, but I have tried them all, the result is always the same. – Matteo Tassinari – 2017-07-25T14:05:52.463

Just to be sure you tried all possible parameters of "sec" as listed in your local manual accessible through man mount.cifs?You could also try to set the option "vers" to "1.0", "2.0", "2.1", "3.0", maybe you're using the wrong protocol version. – testeaxeax – 2017-07-25T14:27:18.330

Yes, tried all possible combinations of sec and vers, error message went from Permission denied to Operation not supported or Unknown error 524, still no good. – Matteo Tassinari – 2017-07-25T15:22:11.580

Why do your errors show that domain=domain.com?Shouldn't it be domain=BERCO_NT_DOM1 as shown by smbclient(Domain=[BERCO_NT_DOM1] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager])? – testeaxeax – 2017-07-25T15:45:19.460

I was told the domain is registered as domain.com however it has a different NETBIOS (?) name, I tried to use that too, same error. – Matteo Tassinari – 2017-07-25T15:55:39.543

Try mount.cifs //share.domain.com/folder/folder2 /root/shared -o username=yourusername,sec=yourauthprotocol, does it work?Also try yourdomain\\yourusername as your username. – testeaxeax – 2017-07-25T16:00:33.437

You found it! I do not know why, but removing the domain from the credentials file allowed me to mount the share! It seems that, in this setup, the domain is required by smbclient (it won't connect without) but not for mount.cifs. – Matteo Tassinari – 2017-07-25T16:10:24.780

Glad that it works. – testeaxeax – 2017-07-25T16:12:03.447

Does it also work with the credentials file? – testeaxeax – 2017-07-25T16:17:25.630

If I remove the domain, yes it does. If you'll make it an answer I'd gladly upvote/accept it. – Matteo Tassinari – 2017-07-25T16:23:03.553

Answers

2

The problem was fixed by removing the domain option from the mount.cifs command or rather by removing it from the credentials file.

Example:

In the credentials file before modification:

username=MYUSER
password=MYPASS
domain=DOMAIN

In the credentials file after modification:

username=MYUSER
password=MYPASS

Before command modification:
mount.cifs //share.domain.com/folder/folder2 /root/shared -o username=yourusername,sec=yourauthprotocol,domain=yourdomain

After command modification:
mount.cifs //share.domain.com/folder/folder2 /root/shared -o username=yourusername,sec=yourauthprotocol

testeaxeax

Posted 2017-07-25T08:57:16.303

Reputation: 1 315

Asked: 2017-07-25T08:57:16.303

Viewed: 1 767 times

Active: 2017-07-25T16:33:36.820