Mounting SMB (Cifs) sharer on Centos 7

[peteforde]

I have created a SMB share on my TrueNas

I am trying to mount it to CentOS as a SMB share. Using the command:

sudo mount -t cifs //xx.xx.xx.xx/mnt/point /mnt/point

this fails to mount as a root user and also a Active Directory user

mount error(13): Permission denied

Any work arounds

 

[anodos]

//xx.xx.xx.xx/mnt/point

should be "//<ip or netbios name>/<share name>"

root user is not permitted for SMB authentication.

 

[peteforde]

//xx.xx.xx.xx/mnt/point

should be "//<ip or netbios name>/<share name>"

root user is not permitted for SMB authentication.

All of which I have done above. You also have to include the -t option. AD user can also not mount

 

[anodos]

All of which I have done above. You also have to include the -t option. AD user can also not mount

Okay. Check output of `midclt call smb.status AUTH_LOG | jq`. Verify that credentials are being passed correctly. AD creds should be of either form DOMAIN\\username or username@domainname. mount.cifs will should prompt for password.

 

[peteforde]

I do get get prompted for password for user@domain. still not working.

 

[anodos]

I do get get prompted for password for user@domain. still not working.

Does the auth succeed (per our logs)?

 

[peteforde]

interesting:

"timestamp": "2021-12-08T10:24:21.776559-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:xx.xx.xx.xx:445",
"remoteAddress": "ipv4:xx.xx.xx.xx:56076",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "",
"clientAccount": "pete.forde",
"workstation": "",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "pete.forde",
"mappedDomain": "",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"duration": 3107
}
},
{
"timestamp": "2021-12-08T10:31:44.515756-0800",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4625,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_NO_SUCH_USER",
"localAddress": "ipv4:xx.xx.xx.xx:445",
"remoteAddress": "ipv4:xx.xx.xx.xx:58524",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "",
"clientAccount": "pete.forde",
"workstation": "",
"becameAccount": null,
"becameDomain": null,
"becameSid": null,
"mappedAccount": "pete.forde",
"mappedDomain": "",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null,
"passwordType": "NTLMv2",
"duration": 3157

 

[peteforde]

the user is in Active Directory and has Admin rights

 

[anodos]

Maybe malformed string for username in your mount string. Double-check that user is present in `getent passwd` output on NAS. If it's present, do a smoke-test using smbclient:
smbclient //127.0.0.1/<share> -U "<username from getent output>"

 

[peteforde]

user is present in genet passwd


tree connect failed: NT_STATUS_BAD_NETWORK_NAME

 

[Samuel Tai]

Did your TrueNAS machine SID fall out of the tree? Are you joined correctly?

 

[peteforde]

yes I believe we are joined correctly

 

[anodos]

If you see in getent passwd output then you're joined correctly.

NT_STATUS_BAD_NETWORK_NAME

Means there's probably a typo in the share name. Verify that you populate `<share name>` in that command with the share name from `testparm -s` output.

 

[peteforde]

no typo

 

[Samuel Tai]

Are you using the share name or the share path in the UNC? It should be the share name:

Also, do you have any spaces in your name, or special characters?

 

[anodos]

no typo

Another case where NT_STATUS_BAD_NETWORK_NAME can occur is if the share's path no longer exists. Maybe "stat /path/to/share" to make sure it's there. We internally do checks in middleware when generating shares, and in various situations we will remove the share from the running config (like if a dataset gets locked).

 

[anodos]

What is output of "testparm -s"?

 

[peteforde]

testparm -s show the share in questions. Also stat /path/to/share is correct

 

[anodos]

Do you have a username map configured in your smb4.conf? Any auxiliary parameters? Is "use default domain" set in your AD settings?

 

[peteforde]

Do you have a username map configured in your smb4.conf? Any auxiliary parameters? Is "use default domain" set in your AD settings?

I don't actually know: Guidance would be great!