You are not logged in.

#1 2020-01-22 23:31:02

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Mapping CIFS server shares to local drive with autofs

I have been using autofs with no problems for years now at my workplace to access their windows-based server shares.
My auto.cifs-shares file configuration file looks like this:

 LocalDir -fstype=cifs,rw,credentials=/path/to/credentialfile,file_mode=0777,dir_mode=0777,vers=1.0 ://juliet.v87.uthscsa.edu/MyShare

With about 24 hour warning, our IT department migrated the shares to another server and nested the directories in separate folders for user dirs and project dirs.  I can ping this server at ifs.uthscsa.edu, but when I replace the

juliet.v87.uthscsa.edu

with the

ifs.uthscsa.edu 

address and add the prefix for the User (or Project) subfolder, the mount fails.

I can use Dolphin to access the share via smb: protocol by entering the full path (smb://ifs.uthscsa.edu/Department_folder/Users/MyShare)

Can someone help me understand why I am not able to access this path via autofs?  I need this share mapped to a local drive for data access and to run MySQL and R scripts.

Happy to provide additional info, as I am not sure what exactly is relevant.

Offline

#2 2020-01-23 01:23:31

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 629

Re: Mapping CIFS server shares to local drive with autofs

Have a look at this...

https://unix.stackexchange.com/question … -directory

You didn't post any logs so if this doesn't help you might post the journal from a relevant boot.

Offline

#3 2020-01-23 08:26:03

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

,vers=1.0

They might have scratched that?

Offline

#4 2020-01-23 19:13:45

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

Thank you!
I tried every vers= and all the sec= parameters (EDIT: also tried no vers and no sec parameter at all).  I also tried using mount.cifs from the command line, and also tried adding 'nodfs' option

Still not working.  The problem is that I am getting a permission denied error in the output/dmesg

Here is dmesg when I connect successfully to the old server:

[67574.020731] CIFS: Attempting to mount //Juliet.v87.uthscsa.edu/MySHARE
[67574.020749] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[67574.032135] audit: type=1106 audit(1579798178.293:1266): pid=13822 uid=0 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
[67574.032699] audit: type=1104 audit(1579798178.293:1267): pid=13822 uid=0 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_unix,pam_permit,pam_env acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'

And here is dmesg when I try to connect to the new server....note my credentials file never changed between these two mount calls, and I can navigate to the new server using smb protocol in Dolphin

CIFS: Attempting to mount //ifs.uthscsa.edu/Psychiatry/Users/MySHARE
[67586.320120] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[67586.324949] Status code returned 0xc000006d STATUS_LOGON_FAILURE
[67586.324964] CIFS VFS: \\ifs.uthscsa.edu Send error in SessSetup = -13
[67586.324984] CIFS VFS: cifs_mount failed w/return code = -13
[67586.325461] audit: type=1106 audit(1579798190.586:1276): pid=13830 uid=0 auid=1000 ses=2 msg='op=PAM:session_close grantors=pam_limits,pam_unix,pam_permit acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'
[67586.325541] audit: type=1104 audit(1579798190.586:1277): pid=13830 uid=0 auid=1000 ses=2 msg='op=PAM:setcred grantors=pam_unix,pam_permit,pam_env acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/1 res=success'

Last edited by zekebsatx (2020-01-23 19:36:14)

Offline

#5 2020-01-23 20:10:19

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Mapping CIFS server shares to local drive with autofs

Is your credentials file still correct? Maybe you have to add, remove or change the domain?


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#6 2020-01-23 20:17:01

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

progandy wrote:

Is your credentials file still correct? Maybe you have to add, remove or change the domain?

Yes, the credentials file is the same for the success and for the failure (and those were sequential commands).  Also, I can navigate to the share using the same credentials contained in the file via smb protocol using Dolphin (KDE file manager).

Offline

#7 2020-01-23 21:13:49

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

stray blanks in the creds?
https://unix.stackexchange.com/question … lient-uses

Also try "mount -vvv …" for a verbose/r mount

Offline

#8 2020-01-23 21:17:51

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 629

Re: Mapping CIFS server shares to local drive with autofs

Like Seth says

-13 is permission denied.

https://unix.stackexchange.com/question … lient-uses

Formatting of the cred file seems to be a thing.

Edit Seth and I found the same thing.

Last edited by Zod (2020-01-23 21:19:40)

Offline

#9 2020-01-23 22:20:19

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

I have tried just specifying the username and then entering the password via CLI, and that also fails the same way.
Also, this same cred file (haven't even touched it since the problem started) works on the recently decommissioned server, but not on the new one, even though my credentials have not changed.
I am not getting this status code:

Status code returned 0xc000006a NT_STATUS_WRONG_PASSWORD

Instead, I am getting this:

Status code returned 0xc000006d STATUS_LOGON_FAILURE

I also saw this:
https://access.redhat.com/solutions/450913
But I don't get any

Credential formatted incorrectly: (null)

with verbose mount.cifs output.

Here is verbose output for CLI user and password:

[brett@HPZ210Arch ~]$ sudo  mount.cifs //ifs.uthscsa.edu/.../Users/MySHARE /Path/to/localmount -o user=myname -vvv
[sudo] password for brett: 
Password for myname@//ifs.uthscsa.edu/.../Users/MySHARE: 
mount.cifs kernel mount options: ip=10.248.113.231,unc=\\ifs.uthscsa.edu\.,user=myname,prefixpath=Users/MySHARE,pass=********
mount error(13): Permission denied

Using the credentials file returns substantially similar output (just adds the user and redacted password to the command echo)

Offline

#10 2020-01-23 22:46:39

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

progandy wrote:

Maybe you have to add, remove or change the domain?

Offline

#11 2020-01-23 23:24:16

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Mapping CIFS server shares to local drive with autofs

You can also try different security modes with the sec= parameter. There is also the "domainauto" parameter if you use sec=ntlm or "seal" with vers=3

https://jlk.fjfi.cvut.cz/arch/manpages/ … .cifs.8.en


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#12 2020-01-23 23:45:16

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 629

Re: Mapping CIFS server shares to local drive with autofs

https://shocksolution.com/2019/10/23/mo … linux-7-6/

Just something to look at, the error messages have a lot in common.

Edit: From what I've been reading, this seems to be the relevant bit..

sec=ntlmsspi

Last edited by Zod (2020-01-24 00:44:35)

Offline

#13 2020-01-27 22:04:28

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

Thanks, but I have tried every possible combination of the sec= and vers= parameters (all of them), as well as each alone, both with my credentials file (that worked on the old server before the migration) and passing the username and entering the password on the CLI.

It is odd that most of the similar posts on this type of failure include a dmesg error of

NT_STATUS_LOGIN_FAILURE

But I get:

STATUS_LOGIN_FAILURE

That must be relevant somehow?

Edit:  Also, I have no spaces in my credentials file (this has been identified as a source of this problem by some others).  Again, the same credentials file was working on the server before they migrated to a new ifs server.

Last edited by zekebsatx (2020-01-27 22:07:52)

Offline

#14 2020-01-28 07:00:07

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

seth wrote:
progandy wrote:

Maybe you have to add, remove or change the domain?

Offline

#15 2020-01-29 19:59:16

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

I have tried adding a domain option on the CLI as well as adding it to the credentials file.  When I add it to the file, it returns a parameter error.  When I add it as an option, it eliminates the '\' between the domain and the user name.  I played around with formatting it different ways with an IT guy, but it never worked (same permission denied error).

But, it doesn't seem necessary.....Another IT guy spun up a VM on the same NT network running RedHat and provided me user credentials.  Using that account, I was able to mount the shared directory:
Even though it mounted successfully (it was mounted as owned by root:root, so I could not write to my mounted directories, but I think that has to do with some options I usually pass in the mount command), dmesg looked like this:

[857651.911803] Key type dns_resolver registered
[857651.966906] cifs: externally supported module, setting X kernel taint flag.
[857651.967123] FS-Cache: Netfs 'cifs' registered for caching
[857651.967155] Key type cifs.spnego registered
[857651.967158] Key type cifs.idmap registered
[864386.206262] BTRFS info (device sda2): qgroup scan completed (inconsistency flag cleared)
[950785.148649] BTRFS info (device sda2): qgroup scan completed (inconsistency flag cleared)
[1037183.769249] BTRFS info (device sda2): qgroup scan completed (inconsistency flag cleared)
[1123583.007332] BTRFS info (device sda2): qgroup scan completed (inconsistency flag cleared)
[1209980.741632] BTRFS info (device sda2): qgroup scan completed (inconsistency flag cleared)
[1209981.578973] BTRFS info (device sda2): relocating block group 3720347648 flags 34
[1209981.606278] BTRFS info (device sda2): relocating block group 3753902080 flags 34
[1209981.699500] BTRFS info (device sda2): relocating block group 3787456512 flags 34
[1209981.961152] BTRFS info (device sda2): relocating block group 3821010944 flags 34
[1209981.989486] BTRFS info (device sda2): relocating block group 3854565376 flags 34
[1296380.415729] BTRFS info (device sda2): qgroup scan completed (inconsistency flag cleared)
[1353438.473444] CIFS VFS: cifs_mount failed w/return code = -20
[1353469.501891] CIFS VFS: cifs_mount failed w/return code = -20
[1357136.497678] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
[1357136.497694] CIFS VFS: Send error in SessSetup = -13
[1357136.497890] CIFS VFS: cifs_mount failed w/return code = -13
[1358470.026325] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
[1358470.026331] CIFS VFS: Send error in SessSetup = -13
[1358470.026390] CIFS VFS: cifs_mount failed w/return code = -13

So that is weird.  I copied/pasted the same working command from the terminal logged into the VM and pasted into my local terminal, after creating an identical mount path (I only changed the name of the home directory), and it failed with the permission denied error again.  I remain baffled. 

Is there any good reason why a RedHat VM could mount and my up to date Arch on the same network won't using the exact same command?
I noticed this:

 cifs: externally supported module, setting X kernel taint flag.

in the dmesg posted above.  My local machine does not have that flag.

$ dmesg | grep taint
[    6.310670] vboxdrv: loading out-of-tree module taints kernel.
[    6.310853] vboxdrv: module verification failed: signature and/or required key missing - tainting kernel
[   11.515659] nvidia: module license 'NVIDIA' taints kernel.
[   11.515661] Disabling lock debugging due to kernel taint

FWIW, the mount.cifs command that succeeded did not include any sec= or vers= parameters.  Completely bare-metal command with the source, destination, and only the username= option.

Offline

#16 2020-01-29 20:11:20

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 629

Re: Mapping CIFS server shares to local drive with autofs

zekebsatx wrote:

provided me user credentials

What does that mean? Were they not the very same credentials you use daily on the network?

If not, then it's time for the IT guys to start looking at your network account.

Edit: What packages do you have installed in order to accommodate mounting these shares?

Specificly, I'm thinking about this...
https://www.archlinux.org/packages/extr … ifs-utils/

I noticed that the package that redhat supplies has some bug fixes.

Last edited by Zod (2020-01-29 20:26:40)

Offline

#17 2020-01-30 17:46:23

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

Zod wrote:
zekebsatx wrote:

provided me user credentials

What does that mean? Were they not the very same credentials you use daily on the network?

No, they created a temporary user id on a virtual RedHat server they created and gave me those credentials to log into it so I could confirm I could use my network credentials to mount the drive on their VM (duplicating the behavior they saw with their own network credentials on that VM).  I could, but the exact same command failed on my machine.  I tried it in both Arch, and in a SUSE VM I ran on my machine with VBox.

Edit: What packages do you have installed in order to accommodate mounting these shares?

Specificly, I'm thinking about this...
https://www.archlinux.org/packages/extr … ifs-utils/

Yes, that is what I am using to mount the share.  Nothing changed except they migrated the server to a new location/structure (they are vague about what exactly it is, but they seem to be virtual shares on a *Nix based server).

mount worked for the old server location flawlessly, but now I cannot log in to the new location.

I noticed that the package that redhat supplies has some bug fixes.

Hmmmm, so perhaps mount via RedHat has some patches that we don't have in Arch yet?  That could explain why it worked on RedHat but not in Arch or SUSE (though the IT guy says he was able to get it working on a SUSE VM in his hands.  I never got to see that or try my own network credentials on that SUSE VM, just the one I created (which failed).

Offline

#18 2020-01-30 18:34:11

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Mapping CIFS server shares to local drive with autofs

What kernel version is the redhat vm running on? Maybe you could try linux-lts?


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#19 2020-01-30 18:39:39

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

progandy wrote:

What kernel version is the redhat vm running on? Maybe you could try linux-lts?

Ack, I got the uname when I was in it, but I didn't write it down, and he already deleted that temp user so I can't go back and look.
I do know it reported as a RedHat Ceph-osd cluster.

When I have a chance, I will reboot into LTS and try again with that kernel.
EDIT: Tried with the linux-lts kernel (4.19.97) but got the same permission failure.
EDIT(2):  I have tried from a SUSE and a Ubuntu VM from my desktop, and also on my laptop running Arch while logged onto the institution's network.  Same error in all cases.

It seems like this is some sort of issue with mount.cifs?  I would like to file a bug report, but with every distro I have tried except RHEL failing, I am not sure where I should file it?

Last edited by zekebsatx (2020-02-03 20:16:24)

Offline

#20 2020-02-03 22:46:24

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

RHEL is probably a rather ancient software stack?
Since it's not in the kernel version, maybe it's the cifs-utils (which provides mount.cifs)?
Tried to downgrade that package?
Can you access the share w/ smbclient?

Offline

#21 2020-02-03 22:54:46

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

seth, now that you mention it, the critical package would seem to be cifs-utils.

I can navigate via smbclient (I use Dolphin in KDE DE for that) and I can read and write with no problems. One workaround the IT guy tried was to map the smb share to an NFS share.  I was able to connect to it via NFS, but had no read/write access to the contents. I could chown to my local username and read/write, but that broke smb browsing.  We have given up trying to sync with NFS though because it isn't very robust and seems very fickle regarding username/NTP sync issues.

Is there any way to match which Arch package version is like the cifs-utils version on his RHEL VM if I asked him for the number?

Offline

#22 2020-02-03 23:02:34

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

You can fetch the old version from https://wiki.archlinux.org/index.php/Arch_Linux_Archive
nB. that partial updates (downgrades) are unsupported - this might, but does not have to fail.

This is the package history:https://git.archlinux.org/svntogit/packages.git/log/trunk?h=packages/cifs-utils

Offline

#23 2020-02-03 23:05:56

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

Thanks.  Is there a way to guess how far back I should try to downgrade to in order to match the version on his RHEL VM? 
It isn't that the current version doesn't work, it worked with the old server until it was taken offline.  It it just something about the new server, so I have no idea how far back I might need to regress.

Offline

#24 2020-02-03 23:11:24

seth
Member
Registered: 2012-09-03
Posts: 49,966

Re: Mapping CIFS server shares to local drive with autofs

You want to ask the IT guy which RHEL version was used during the successful test, you can then check which cifs-utils version that release provides (though it would be simpler to just check on the RHEL installation/VM - if it still exists)

Offline

#25 2020-02-05 16:02:06

zekebsatx
Member
Registered: 2016-01-29
Posts: 64

Re: Mapping CIFS server shares to local drive with autofs

I checked with him and got the version number (cifs-utils-6.5-8.9.x86_64).  So I installed the closest version in the archive (v6.5-1), but the outcome was the same -  Permission denied.

Oddly, I had an old RPi running Arch Linux ARM, and I was able to mount with that, but the disk image got corrupted and now I can't boot it again. When I created a new image on another sd card, I got the same Permission Denied error.
I got the same error when I installed Raspbian on a third card, so again, it does not appear to be specific to Arch. 
So far, the only reliable success was from a RHEL VM that might have been resident on the server itself (not sure about whether it was a physically different machine or not).

Offline

Board footer

Powered by FluxBB