Mount remote CIFS share - return “mount error 13 = Permission denied’

parkerc · April 11, 2021, 5:39pm

I’ve been struggling with this all day, and always get a ‘mount error 13 = Permission denied’

I have an old openwrt box (my Vera Home Control)

cat /etc/openwrt_release
DISTRIB_ID="OpenWrt"
DISTRIB_RELEASE="10.03.1"
DISTRIB_CODENAME="backfire"
DISTRIB_DESCRIPTION="OpenWrt Backfire 10.03.1" 

cat /proc/version
Linux version 2.6.37.1 (builder@builder.micasaverde.com) (gcc version 4.3.3 (GCC) ) #2 Fri Feb 22 04:07:32 PST 2013

I have all cifs packages installed, and I’ve created a directory on the openwrt unit called "mnt/nas", with full permissions (777)

mkdir /mnt/nas

root@MiOS_12345678:/mnt# ls -la
drwxr-xr-x    1 root     root             0 Apr 11 13:30 .
drwxr-xr-x    1 root     root             0 Aug 18  2016 ..
drwxrwxrwx    2 root     root             0 Apr 11 13:30 nas

And on an raspberry pi, I created an SMB share called "myshare", with the credential username ‘pi’ and password ‘raspberry’ with full permissions (777).

sudo apt-get install samba samba-common-bin
mkdir /home/pi/shared

pi@raspberrypi:~ $ ls -la
drwxr-xr-x 17 pi   pi   4096 Apr  4 21:40 .
drwxr-xr-x  3 root root 4096 Mar  4 22:47 ..
drwxrwxrwx  2 pi   pi   4096 Apr  8 10:10 shared

sudo nano /etc/samba/smb.conf

[myshare]
path = /home/pi/shared
writeable=Yes
create mask=0777
directory mask=0777
public=no

sudo smbpasswd -a pi

The challenge I have is when I try to mount "myshare" onto the openwrt unit, it returns a permission denied error 13 message. See command below..

root@MiOS_12345678:/# mount -t cifs //192.168.102.215/myshare /mnt/nas -o user=pi,password=raspberry
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
mount error 13 = Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
mount: mounting //192.168.102.215/myshare on /mnt/nas failed: Permission denied

I’ve tried many different variations of the mount command, but still the same mount error result. Any ideas ??

Here are some of the online resources I found mount commands - but no luck.

FYI : I granted full permission (777) to both directories to try and address the permission issues.

Here are some of the mount variations I’ve tried, subtle difference to these have been made too, all basically return the same permission error.

mount.cifs //192.168.102.215/myshare /mnt/nas -o user=pi,pass=raspberry
mount -t cifs -o user=pi,pass=raspberry,nounix,noserverino //192.168.102.215/myshare /mnt/nas/
mount -t cifs //192.168.102.215/myshare /mnt/nas/ osec=ntlmv2,user=pi,pass=raspberry
mount -t cifs //192.168.102.215/myshare /mnt/nas -o user=pi,password=raspberry
mount -t cifs //192.168.102.215/myshare /mnt/nas -o unc=\\\\192.168.102.215\\myshare,ip=192.168.102.215,user=pi,pass=raspberry,dom=raspberrypi
mount -t cifs //192.168.102.215/myshare /mnt/nas -ousername=pi,password=raspberry,file_mode=0644,dir_mode=0755,uid=pi

FYI - I can connect to the ‘myshare’ from other devices so the issue seems with the openwrt

eduperez · April 11, 2021, 8:51pm

Try to debug the connection on the server, and see what messages appear on the log when the client tries to connect. Also, check what SMB versions are supported on the client and the server, I would bet the server no longer supports the SMB version on the client.

parkerc · April 11, 2021, 9:19pm

Many thanks for responding @eduperez

I can run the following ‘ smbstatus ’ on the pi, and I get the following..

pi@raspberrypi:/ $ sudo smbstatus

Samba version 4.9.5-Debian

But I can’t find the equivalent for my openwrt ?
If it helps, I had installed the following..

opkg install kmod-fs-cifs kmod-nls-base kmod-nls-utf8 kmod-crypto-hmac kmod-crypto-md5 cifsmount
Package kmod-fs-cifs (2.6.37.1-1) installed in root is up to date.
Package kmod-nls-base (2.6.37.1-1) installed in root is up to date.
Package kmod-nls-utf8 (2.6.37.1-1) installed in root is up to date.
Package kmod-crypto-hmac (2.6.37.1-1) installed in root is up to date.
Package cifsmount (1.5-2) installed in root is up to date.

slh · April 11, 2021, 10:28pm

You have a rather current device (RPi) on one end, with likely contemporary samba4 and 'strong preferences' for the SMB 3.x protocol - and a truly ancient vendor fork roughly based on OpenWrt on the other (and no support in OpenWrt for this device either), which has no idea about modern security standards. Besides the point that Barrier Breaker is seven years old and EOL for six of those, with four (and a half-) OpenWrt release inbetween, there isn't a whole lot we can help you with your vendor fork - please contact the vendor instead.

eduperez · April 12, 2021, 6:18am

Watch the logs on the RPi when the client tries to connect.

pavelgl · April 12, 2021, 6:31am

Open the samba server config file and add/change the following in the [global] section.

[global]
    ntlm auth = yes

Restart the service and try again.

parkerc · April 12, 2021, 7:56am

Hi slh - I totally understand, and I know this is a long shot, but after spending ages trying to get this to work, I felt I had to reach out to see if someone more experienced/knowledgeable than me could think of other things I could try.

Hi @eduperez & @pavelgl - thanks so much for not leaving me behind. The sign of a great forum/community is not dismissing what might seem like a lost cause so quickly; and I readily admit, it may end up being that, I’d just like to think I’ve tried everything possible - thanks again..

parkerc · April 12, 2021, 8:17am

pi@raspberrypi:/ $ cat var/log/samba/log.192.168.102.26

I placed the loglevel to highest possible (3) and tried to connect again, and it has returned a lot of information, which is way over my head, but it does potentially point to something to do with authentication not being successful and ntlm , which leads me nicely on to trying @pavelgl suggestion...

parkerc · April 12, 2021, 8:29am

sudo nano /etc/samba/smb.conf edited to include the above under Global and samba restarted

sudo systemctl restart smbd

I’ve deleted the current log file to see how things may have changed when trying the connection again.

sudo rm var/log/samba/log.192.168.102.26

Trying the connection again from the openwrt client and IT WORKED !!!!

Thanks so much for all your help, a quick look in the log shows successful authentication now,

I hope this thread helps others too..

parkerc · April 12, 2021, 8:40am

Additional - I did a bit of a google search after this and found the following, which may be of interest - https://www.samba.org/samba/history/samba-4.5.0.html

                   =============================
                   Release Notes for Samba 4.5.0
                           September 7, 2016
                   =============================


This is the first stable release of the Samba 4.5 release series.


UPGRADING
========= 

NTLMv1 authentication disabled by default
-----------------------------------------

In order to improve security we have changed
the default value for the "ntlm auth" option from
"yes" to "no". This may have impact on very old
clients which doesn't support NTLMv2 yet.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

By default, Samba will only allow NTLMv2 via NTLMSSP now,
as we have the following default "lanman auth = no",
"ntlm auth = no" and "raw NTLMv2 auth = no".

system · April 22, 2021, 8:40am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.