挂载 CIFS - 权限被拒绝

挂载 CIFS - 权限被拒绝

我尝试挂载 Windows 10 共享的文件夹。Win10 客户端是企业域的一部分。用户登录也是域的一部分(域策略禁止本地用户)。使用smbclient,可以毫无问题地访问该文件夹:

user@NAS:~$ smbclient //server/folder -A /logincred

Domain=[DOMAIN] OS=[] Server=[]
smb: \>

登录凭证文件的格式如下:

username=USER
password=********
domain=DOMAIN

当尝试使用相同的凭据文件挂载相同的文件夹时,我收到权限错误:

fd_admin@FDNAS:~$sudo mount -t cifs //server/folder /mnt/smbshare -o vers=3.0,credentials=/.logincred --verbose
Password:
domain=DOMAIN
mount.cifs kernel mount options: ip=[IP],unc=\\server\folder,vers=3.0,user=USER,,domain=DOMAIN,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

内核日志没有提供更多信息:

NAS kernel: [2513666.498825] CIFS VFS: Send error in SessSetup = -13
NAS kernel: [2513666.504632] CIFS VFS: cifs_mount failed w/return code = -13

用户、域和密码在 mount.cifs 打印输出中正确显示。我还尝试了所有可能的 sec 参数。服务器上的 SMB v1 被阻止。

  • 内核版本 - 3.10.105
  • mount.cifs 版本:5.5

知道为什么 smbclient 可以工作但安装失败吗?

[更新]

SMBclient 版本:4.4.16

我不知道服务器是否需要 SMB 加密。如何才能知道它是否需要?

这是所要求的详细打印输出。-d auth:7对我来说不起作用所以我执行了 -d 7 如下:

admin@NAS:~$ smbclient //server/folder -d 7 -A /logincred
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Cannot opendir for custom conf
Processing section "[global]"
Can't find include file /var/tmp/nginx/smb.netbios.aliases.conf
/etc/samba/smb.reserved.conf not found
Cannot opendir for custom conf
find syno address:
        [0]: XXX.YYY.196.21
        [1]: VVV.ZZZ.126.36
        [2]: VVV.ZZZ.3.29
        [3]: VVV.ZZZ.19.246
added interface ovs_eth0 ip=XXX.YYY.196.21 bcast=XXX.YYY.199.255 netmask=255.255.252.0
added interface ovs_eth2 ip=VVV.ZZZ.3.29 bcast=VVV.ZZZ.255.255 netmask=255.255.0.0
added interface ovs_eth3 ip=VVV.ZZZ.19.246 bcast=VVV.ZZZ.255.255 netmask=255.255.0.0
added interface ovs_eth1 ip=VVV.ZZZ.126.36 bcast=VVV.ZZZ.255.255 netmask=255.255.0.0
Client started (version 4.4.16).
tdb(/run/samba/gencache.tdb): tdb_open_ex: could not open file /run/samba/gencache.tdb: Permission denied
resolve_hosts: Attempting host lookup for name SERVER<0x20>
Connecting to XXX.YYY.200.189 at port 445
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
gensec_update [NT_STATUS_MORE_PROCESSING_REQUIRED]
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
gensec_update [NT_STATUS_MORE_PROCESSING_REQUIRED]
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
gensec_update [NT_STATUS_OK]
Domain=[DOMAIN] OS=[] Server=[]
smb: \>

答案1

花了很长时间,但事实证明,这种行为与//serverDFS 命名空间有关。Mount-CIFS 显然无法处理这种情况。

解决方案是仅挂载“带有目标的文件夹”,如这份微软文档,然后直接使用实际文件夹目标。在 Windows 中,可以在“DFS”文件夹属性中查看它们。只需从列表中选择一个活动文件夹即可。

相关内容