One of my servers is set up to automatically mount a Windows directory using fstab. However, after my last reboot it stopped working. The line in fstab is:
//myserver/myfolder /mnt/backup cifs credentials=home/myfolder/.Smbcredentials
The .Smbcredentials file is:
username=myaccount password=mypassword domain=mydomain
I do a mount -a and I receive mount error 13 = Permission denied. If I do this enough it will lock out my Windows account, so I know it’s trying. I’ve checked that my password is correct.
What am i doing wrong?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
A couple of things to check out. I do something similar and you can test mount it directly using the mount command to make sure you have things setup right.
Permissions on credentials file
Make sure that this file is permissioned right.
$ sudo ls -l /etc/smb_credentials.txt -rw-------. 1 root root 54 Mar 24 13:19 /etc/smb_credentials.txt
Verbose mount
You can coax more info out of mount using the -v switch which will often times show you where things are getting tripped up.
$ sudo mount -v -t cifs //server/share /mnt
-o credentials=/etc/smb_credentials.txt
Resulting in this output if it works:
mount.cifs kernel mount options: ip=192.168.1.14,unc=\servershare,credentials=/etc/smb_credentials.txt,ver=1,user=someuser,domain=somedom,pass=********
Check the logs
After running the above mount command take a look inside your dmesg and /var/log/messages or /var/log/syslog files for any error messages that may have been generated when you attempted the mount.
Type of security
You can pass a lot of extra options via the -o .. switch to mount. These options are technology specific, so in your case they’re applicable to mount.cifs specifically. Take a look at the mount.cifs man page for more on all the options you can pass.
I would suspect you’re missing an option to sec=.... Specifically one of these options:
sec=
Security mode. Allowed values are:
· none - attempt to connection as a null user (no name)
· krb5 - Use Kerberos version 5 authentication
· krb5i - Use Kerberos authentication and forcibly enable packet
signing
· ntlm - Use NTLM password hashing
· ntlmi - Use NTLM password hashing and force packet signing
· ntlmv2 - Use NTLMv2 password hashing
· ntlmv2i - Use NTLMv2 password hashing and force packet signing
· ntlmssp - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP
message
· ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw
NTLMSSP message, and force packet signing
The default in mainline kernel versions prior to v3.8 was sec=ntlm.
In v3.8, the default was changed to sec=ntlmssp.
You may need to adjust the sec=... option so that it’s either sec=ntlm or sec=ntlmssp.
References
Method 2
Thanks, but some more googling turned up the solution. It was using the wrong security type by default; this command worked:
$ sudo mount -t cifs //172.16.1.5/myshare/ /mnt/myshare
-osec=ntlmv2,domain=MYDOMAIN,username=myusername,password=mypassword
Method 3
I ran into this problem and the issue turned out to be not formatting the values in my credentials file correctly. I tried:
username=DOMAINmylogin password=<password> domain=FULLY.QUALIFIED.DOMAIN
I also tried:
<a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2f5a5c4a5d414e424a1242564a424e46434e4b4b5d4a5c5c6f5c40424a5f434e4c4a014c4042">[email protected]</a> password=<password> domain=FULLY.QUALIFIED.DOMAIN
And:
username=FULLY.QUALIFIED.DOMAINmylogin password=<password> domain=FULLY.QUALIFIED.DOMAIN
Once I just used my login username only:
username=mylogin password=<password> domain=FULLY.QUALIFIED.DOMAIN
I was able to get my cifs mount to succeed.
Method 4
This add works on scientific Linux 6.6 (RedHat 6.6)
edit /etc/fstab
create file = .credentials (e.g. in /etc ) with this details :
username=value password=value domain=value //SERVER/SHARE1 /mnt/SHARE1 cifs credentials=/etc/.credentials,rw,uid=1000,gid=1000,nounix,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0
Method 5
For an AD environment, I have to leave and rejoin the domain.
net ads leave -U domain-admin-username kinit domain-admin-username net ads join -U domain-admin-username systemctl restart smbd nmbd winbind
Not sure why this was necessary, but happened after a routine reboot for updates. There were no other indications of any AD related issues while receiving this error.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0