SMB authentication error

Greetings all,

I have a smb share on a UNIX machine. I am trying to access it from FreeBSD by:
Code:
mount_smbfs -I 192.XXX.XXX.XXX //user@SERVER/share /mnt
Password:
mount_smbfs: unable to open connection: syserr = Authentication error
.

Interestingly
Code:
ssh user@192.XXX.XXX.XXX
Password:
works.

Access from a Windows machine and/or Linux machine works. Any help would be appreciated.

Kindest regards,

M
 
Samba and the host may not use the same user database, as such there's no guarantee the password used for ssh(1) is the same one that's needed for Samba. You probably need to create the user on the Samba side of things.
 
Hi SirDice,

Yes, I am aware of that, but for the initial setup, I have a single user with the same password for both services. And, as noted, Linux and Windows machines have no problem with the same user's credentials.

A simple search shows that I am not the only one with this problem, unfortunately, none of the different solutions, e.g., capitalization, adding -W flag, etc., has worked. This is a significant problem for me because my data are centralized on a server.

Kindest regards,

M
 
Greetings all,

can the problem be mismatched uid, gid? The response to the id user on the UNIX server is:
Code:
uid=100(user) gid=1(other) groups=1(other)
and on the FreeBSD client:
Code:
uid=1001 (user) gid=1001 (user) groups=1001 (user), 0(wheel)
If so, how do I correct this?

Kindest regards,

M
 
A pdbedit -L and pdbedit -Lv would be helpful. That would show the mapping of info in Samba's database to the system UID and should help tell us if the info you've shown is a problem or not.
 
Hi junovitch,

I cannot find such a command. However, I found this information about the user:
idmap show -v unixuser:user

Code:
unixuser:user-> usid:S-1-5-21-1877258731-2306597144-4292716028-1100
Source: Cache
Method: Local SID

Kindest regards,

M
 
Greetings all,

I have an additional piece of information, the smb is complaining
Code:
smb-maperror: NetBIOS name is invalid
However, the network sees the correct NetBios name:

nbtstat -A 192.XXX.XXX.XXX

Code:
Local Area Connection:
Node IpAddress: [192.YYY.YYY.YYY] Scope Id: []

  NetBIOS Remote Machine Name Table

  Name  Type  Status
  ---------------------------------------------
  SERVER  <00>  UNIQUE  Registered
  SERVER  <20>  UNIQUE  Registered
  WORKGROUP  <00>  GROUP  Registered

  MAC Address = ab-cd-ef-gh-ij-kl
I can also ping by both the IP address and the reported NetBios name.

Kindest regards,

M
 
Greetings all,

although it appears that I am talking to myself, I continue posting in regards to this problem in a hope that someone can make sense from my rambling because I really need to solve it. I have made some interesting discovery.

The LAN has two Linux-based NASs boxes (Buffalo brand), having a built-in default guest account. I am able to connect to the first one by:
Code:
mount_smbfs -I 192.XXX.XXX.XXX //guest@SERVER1/share /mnt
Password:
when I just press "Enter" when asked for the password. The very same procedure does not work for the second server, I still receive the:
Code:
mount_smbfs: unable to open connection: syserr = Authentication error
However, if remove the "guest", I am able to connect:
Code:
mount_smbfs -I 192.XXX.XXX.XXX //@SERVER2/share /mnt
Password:
I have checked the Buffalo boxes, and they are configured identically; therefore, I wonder if there is some mistake in the mount_smbfs implementation.

Is there a log that I could consult?

Kindest regards,

M
 
Are the Buffalo NAS's truly identical? Or is one running firmware newer than the other that may have fixed a bug? It may be worth looking closer at NAS firmware versions if one works and the other doesn't work.
 
Hi junovitch,

the firmware is, indeed, different. However, given the fact that both are configured in the same manner, i.e., having a guest account and an administrator account, which are mountable/accessible by other OSs, by the proper manner, does it make a difference?

Kindest regards,

M
 
mefizto

Can´t say it´ll work, but this is how I do to map a SMB share in FreeBSD:

# smbutil crypt <YOUR_PASSWORD>

Code:
# cat >> /etc/nsmb.conf << EOF
[<HOSTNAME>]
addr=<FQDN>
[<HOSTNAME>:<USER>]
workgroup=<WORKGROUP>
password=$$<HASHED_PASSWORD>
EOF

# chmod 600 /etc/nsmb.conf

# mount_smbfs -N -I <FQDN> //<USER>@<HOSTNAME>/<SHARE> /mnt/
 
Does connecting with smbclient(1) work?

Try running smblient -U guest -I 192.XXX.XXX.XXX //SERVER2/share. You can add -d 2 to get some debug information (increase the number for more).
 
Hi Tobik,

thank you. I do not know if your suggestion works, I have never tried that, but I will tonight.

Kindest regards,

M
 
Hi junovitch,

the firmware is, indeed, different. However, given the fact that both are configured in the same manner, i.e., having a guest account and an administrator account, which are mountable/accessible by other OSs, by the proper manner, does it make a difference?

Kindest regards,

M

I'm not at all familiar with Buffalo products. It may be just fine or it may be a big assumption that the same config would have the exact same effect. It could be entirely different versions of Samba underneath assuming it is Samba at all. It would be worth reviewing the change logs for firmware to get an idea on just what changed between revisions.
 
Hi tobik,

thank you very much for the suggestion, the problem appears to be the interpretation of the zfs naming convention by SMB.

On the UNIX server, I have created a pool tank. The pool tank then has two zfs systems zfs01 and zfs02. When I tried mounting the share as smbclient -U user -I 192.XXX.XXX.XXX //SERVER/tank/zfs01 /mnt per your suggestion, the mount was failing, because smbclient -L shows the sharename to be interpreted as
Code:
tank_zfs01
although zpool list returns
Code:
/tank/zfs01
Kindest regards,

M
 
smbclient -U user -I 192.XXX.XXX.XXX //SERVER/tank/zfs01 /mnt
smbclient is an FTP-like client that tries to connect to your server. It does not mount anything, so you don't need to specify a mount point. The /mnt parameter you gave it is interpreted as the password which is probably not really your password.

That being said if the share name is tank_zfs01 use //SERVER/tank_zfs01 instead of //SERVER`/tank/zfs01. The share name does not have to literally reflect the mount point of your ZFS dataset. I'm not sure but I don't think that having a / in a share name is legal in SMB, so it makes sense that it is replaced by _.
 
Greetings all,

well, my happiness was premature.

Code:
mount_smbfs -I 192.XXX.XXX.XXX //user@SERVER/tank_zfs01 /mnt
Password:
mount_smbfs: unable to open connection: syserr = Permission denied
So now I do not have an "Authentication error", but a "Permission denied".

Kindest regards,

M
 
Greetings all,

I have, in third world sort of manner, moved forward by noticing that a file manager recognized the network and all the computers on it. When I clicked on the SERVER and tank_zfs01 a window appeared asking for a password, which was accepted and the tank_zfs01 was mounted and visible in the file manager.

Now I am really confused.

Is the file manager using a different mechanism to access the smb share? It says
Code:
smb://SERVER/tank_zfs1
in the file manager. If not, why does the file manager access work and the command line does not? Is it perhaps a bug?

Also, I cannot figure out, where is the share mounted.

Kindest regards,

M
 
Hi,

I know this is an old thread, but I had the same problem. First, your file-manager isn't really mounting it the way you would think it does (sadly). Its using probaply gvs or kio, depending on the toolkit the filemanager is developed in. What those normally do is connect to the fileshare and download the files you are interested in in a temporary location, when you modifiy it they copy it back to the share.

I don't like it either, I would rather like they mount it as a real mount, but ....

What I think might be your problem is the windows domain, what I had to do to get the mount_smb to work is specify the domain like this:

Code:
sudo mount_smbfs -I <IP> -U <Windows User> -W <Windows Domain>  "//<NETBIOSNAME>/<SHARE>" <MOUNTPOINT>

I did not try it but maybe you also could do:
Code:
 "//<DOMAIN>\<USER>@<NETBIOSNAME>"
or
Code:
"//<DOMAIN>/<USER>@<NETBIOSNAME>"

Best
 
Now I am really confused.

Is the file manager using a different mechanism to access the smb share? It says
Code:
smb://SERVER/tank_zfs1
in the file manager. If not, why does the file manager access work and the command line does not? Is it perhaps a bug?

Also, I cannot figure out, where is the share mounted.

Kindest regards,

M
Yes, these are two different mechanisms. File browser uses GVFS and samba port while mount_smbfs uses mount.
 
Nobody knows the solution?

mount_smbfs -I 192.168.1.105 -U joan //192.168.1.105/disc1 /mnt/
Password:
mount_smbfs: unable to open connection: syserr = Authentication error
 
Hi SirDice, I am not using Windows.

My samba server is a FreeBSD 11, and my samba client is a FreeBSD 12. And I can't mount the directories.

On the other clients I can do it perfectly: from a FreeBSD 11 using KDE and from a laptop with Ubuntu using Gnome Classic.
 
Back
Top