Am Donnerstag, 17. Mai 2012, 05:19:09 schrieb Shirish Pargaonkar: > On Wed, May 16, 2012 at 5:29 PM, <[email protected]> wrote: > > Steve said: > >> Do you have the cifs-utils package installed? > > > > cifs-utils is installed (2:5.1-1ubuntu1) > > > > Shirish said: > >> What is the Windows server? > > > > I don't really have visibility into the specifics here -- it is a NAS > > appliance of some kind managed by our IT and not under my control. > > However, smbclient identifies it as: OS=[EMC-SNAS:T5.6.50.205] > > Server=[NT1] > > > >> Can you try a command like > >> mount -t cifs //servername/sharename <mount_point> -o > >> sec=ntlmsspi, user=<username>,pass=<password> > > > > ntlmsspi results in "operation not supported" but it doesn't seem to > > object to either the default ntlm or ntlmv2 as specified below: > > > > $ sudo mount -t cifs //pc************.com/D******NAS2 /mnt/temp --verbose > > -o > > domain=a******as,user=scott_purcell,password='******!***',uid=scott,gid > > =scott,rw,sec=ntlmv2 > > > > mount.cifs kernel mount options: > > ip=10.30.25.221,unc=\\pc************.com/D******NAS2,sec=ntlmv2,uid=1000 > > ,gid=1000,ver=1,user=scott_purcell,domain=a******as,pass=******** mount > > error(13): Permission denied > > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > > >> You can paste your smb.conf that smbclient uses as well. > > > > With comments and blank lines stripped: > > > > $ grep -v ^# /etc/samba/smb.conf |grep -v ^$ |grep -v ^\; > > [global] > > workgroup = WORKGROUP > > server string = %h server (Samba, Ubuntu) > > dns proxy = no > > log file = /var/log/samba/log.%m > > max log size = 1000 > > syslog = 0 > > panic action = /usr/share/samba/panic-action %d > > encrypt passwords = true > > passdb backend = tdbsam > > obey pam restrictions = yes > > unix password sync = yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *Enter\snew\s*\spassword:* %n\n > > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam > > password change = yes > > map to guest = bad user > > usershare allow guests = yes > > [printers] > > comment = All Printers > > browseable = no > > path = /var/spool/samba > > printable = yes > > guest ok = no > > read only = yes > > create mask = 0700 > > [print$] > > comment = Printer Drivers > > path = /var/lib/samba/printers > > browseable = yes > > read only = yes > > guest ok = no > > > > > > I can invoke smbclient successfully by either referring it to my > > credentials file: > > > > > > $ sudo smbclient //pc************.com/D******NAS2 -A /etc/.smb_creds.txt > > Domain=[A*****S] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] > > smb: \> ls training/ > > NT_STATUS_ACCESS_DENIED listing \training\ > > smb: \> cd training > > smb: \training\> ls > > . DA 0 Tue Jan 10 13:17:11 2012 > > .. DA 0 Thu Sep 1 11:54:48 2011 > > Enterprise DA 0 Fri Oct 21 07:03:08 2011 > > enterprise_services_offering DA 0 Mon Jun 13 16:31:21 2011 > > Flash_Beta DA 0 Wed Apr 14 13:46:40 2010 > > Functions DA 0 Sat Feb 27 09:47:17 2010 > > GCSS DA 0 Wed Apr 14 13:46:49 2010 > > > > > > Or by specifying my authentication at the command line: > > > > $ sudo smbclient //pc************.com/D******NAS2 --workgroup=a******as > > --user=scott_purcell Enter scott_purcell's password: > > Domain=[A******AS] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] > > smb: \> cd training > > smb: \training\> ls > > . DA 0 Tue Jan 10 13:17:11 2012 > > .. DA 0 Thu Sep 1 11:54:48 2011 > > Enterprise DA 0 Fri Oct 21 07:03:08 2011 > > enterprise_services_offering DA 0 Mon Jun 13 16:31:21 2011 > > Flash_Beta DA 0 Wed Apr 14 13:46:40 2010 > > Functions DA 0 Sat Feb 27 09:47:17 2010 > > GCSS DA 0 Wed Apr 14 13:46:49 2010 > > > > > > Hope that helps... > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > Scott, you can try sec=ntlmssp instead. > Perhaps the NAS box does not support smb signing. > > What would also help is either a wireshark trace or tcpdump output > in both the cases, smbclient and cifs client. > tcpdump -s 0 -w <filename.pcap> can be used to gather the data. > > Regards, > > Shirish
i also guess using "sec=ntlmssp" could solve the issue. Using defaults - current cifs vfs does not offer the "extended security negotiation" bit in flags2 during negprot... So atm "sec=..." stuff is needed. Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
