Header Shadow Image


Networking: Sharing folders between Windows and Linux using Samba

Pages: 1 2 3

Q&A

This is a set of questions and problems encountered along the way and what to do when you see each.

  1. Why do I need to use CIFS and not SMB?
  2. Why do I get tree connect failed: NT_STATUS_ACCESS_DENIED or NT_STATUS_BAD_NETWORK_NAME?
  3. Why do I get mount error(13): Permission denied or mount error(6): Permission denied?
  4. It's not working for me.  How can I find out further details on my problems such as log files or increase verbosity on my commands?
  5. Why do I get session request to 192.168.123.42 failed (Called name not present) or session request to 192 failed (Called name not present)?
  6. Isn't there a GUI for this sort of stuff in Linux by now?
  7. How can I control permissions who get's into my share and who doesn't?
  8. When I share a Windows path on Linux or vice versa, how does the SAMBA server know what to do and how to correctly save files in EXT or NTFS or FAT filesystems?
  9. Why do I get Connection to 192.168.1.1 failed (Error NT_STATUS_CONNECTION_REFUSED) when checking my own defined shares?
  10. Why do I get WARNING: [printers] service MUST be printable! when running testparm or similar?
  11. Some of my applications don't let me save to the mapped drive?  What's going on?
  12. What if I have issues other then the ones listed here?
  13. What about sharing a printer?  Can this be done with SAMBA?
  14. I'm receiving Access Denied or NT_STATUS_ACCESS_DENIED listing from SMB?
  15. I'm receiving Error code: 0×80070035 cannot access or Error NT_STATUS_HOST_UNREACHABLE?
  16. I'm getting chcon: failed to change context of  to `system_u:object_r:samba_share_t:s0': Operation not supported  dosfs_t.  What do I do now?
  17. I'm getting Error NT_STATUS_UNSUCCESSFUL.  What do I do about this one?

Why do I need to use CIFS and not SMB?

The reason for this is that CIFS has superceded SMB.  Of course, on older distributions, you would use SMB.  Per the man pages of mount.cifs:

The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other commercial servers and Network Attached Storage appliances as well as by the popular Open Source server Samba.

 For older systems, you would need to replace cifs with smb in the commands below.


Why do I get tree connect failed: NT_STATUS_ACCESS_DENIED or NT_STATUS_BAD_NETWORK_NAME?

You may have attempted to mount a share off of Windows and you see this:

$ smbclient //192.168.9.9/I$  /mnt/winshare-I -o rw,user="MeUser",password="somepassword" -v
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED
$

Or perhaps you are trying to list shares available at an address and you type something like this:

# smbclient //192.168.0.14/I/
Enter root's password:
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
#

One of your first steps I took was to check the source and dig in the man pages for this (This command may take some time):

# man -K NT_STATUS_ACCESS_DENIED
#

Which got me absolutely nowhere.  (Handy to know above command though not always produces results.)  Then in Windows I checked the share name I was using and it was set to the volume name VI (I) not I or I$ as I tried to use:

# smbclient "//192.168.87.27/VI (I)/"
Enter root's password:
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
smb: \> ?
?              allinfo        altname        archive        blocksize
cancel         case_sensitive cd             chmod          chown
close          del            dir            du             echo
exit           get            getfacl        hardlink       help
history        iosize         lcd            link           lock
lowercase      ls             l              mask           md
mget           mkdir          more           mput           newer
open           posix          posix_encrypt  posix_open     posix_mkdir
posix_rmdir    posix_unlink   print          prompt         put
pwd            q              queue          quit           rd
recurse        reget          rename         reput          rm
rmdir          showacls       setmode        stat           symlink
tar            tarmode        translate      unlock         volume
vuid           wdel           logon          listconnect    showconnect
..             !
smb: \> dir
  HomeVideos                          D        0  Sun Jul 26 01:49:32 2009
  RECYCLER                          DHS        0  Mon Oct 20 03:46:35 2008
  Sony HDR-SR7                        D        0  Mon Jul 20 16:22:05 2009
  System Volume Information         DHS        0  Tue Nov 27 11:45:27 2007

                47692 blocks of size 4194304. 2463 blocks available
smb: \>

When using smbclient -L //192.168.0.64 two shares come up:

VI (I)          Disk
I$              Disk      Default share

You will need to use the actual share name as was defined in windows rather then the default share name.
 


Why do I get mount error(13): Permission denied or mount error(6): Permission denied?

When running this command, you get:

$ mount -t cifs //WINPC_NAME/I$ /mnt/winpc_name -I -o username="Tom",password="somepassword"
mount error(13): Permission denied
$

Again, this in my case was related to NT_STATUS_ACCESS_DENIED and NT_STATUS_BAD_NETWORK_NAME that was addressed in above two questions.   Also related:

Jul 13 15:42:25 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:25 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:32 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:42:37 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:37 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:45 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:48:21 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:48:21 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:48:27 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:48:31 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:48:38 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
 

parsing options: rw
mount error: can not change directory into mount target /mnt/somedir
 

# mount -t cifs "//192.168.6.6/VI (IB)/" /mnt/somedir -v
parsing options: rw
Password:

mount.cifs kernel mount options unc=//192.168.6.6\VI (IB),user=root,pass=,ver=1,rw
retrying with upper case share name

mount.cifs kernel mount options unc=//192.168.6.6\VI (IB),user=root,pass=,ver=1,rw
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
#

In this case, the -6 in the error refers to incorrectly specified mount folder.
 


It's not working for me.  How can I find out further details on my problems such as log files or increase verbosity on my commands?

To answer the second part first, most commands in Unix / Linux can be looked up using man <command>.  Having said this, of those having man pages, most will list the -v option to increase verbosity.  But again, lookup the command in the man (short for manual) pages to be sure.

For the first question, check /var/log/messages for the error message you saw with something like:

# tail -n 1500 -f /var/log/messages*|egrep "smb|cifs"
Jul 27 09:47:33 lhs smbd[20537]: [2009/07/27 09:47:33,  0] lib/util_sock.c:get_peer_addr_internal(1676)
Jul 27 09:47:33 lhs smbd[20537]:   getpeername failed. Error was Transport endpoint is not connected
Jul 27 09:47:33 lhs smbd[20537]: [2009/07/27 09:47:33,  0] lib/util_sock.c:read_socket_with_timeout(939)
Jul 27 09:47:33 lhs smbd[20537]: [2009/07/27 09:47:33,  0] lib/util_sock.c:get_peer_addr_internal(1676)
Jul 27 09:47:33 lhs smbd[20537]:   getpeername failed. Error was Transport endpoint is not connected
Jul 27 09:47:33 lhs smbd[20537]:   read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
Jan 13 16:42:49 lhs yum: Updated: gnome-vfs2-smb.i386 2.16.2-2.fc6
Jul 18 01:22:31 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -112
#

In the case of the above error, the IP address was not reachable or the hostname provided to an smb command didn't exist or had no IP associated with it.  Did you forget to change the IP's in commands you see in this post to those matching your configuration?

 


Why do I get session request to 192.168.123.42 failed (Called name not present) or session request to 192 failed (Called name not present)?

$ smbclient -L 192.168.5.3
Enter root's password:
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
.
.
.
.
session request to 192.168.8.17 failed (Called name not present)
session request to 192 failed (Called name not present)
.
.
$

 


Isn't there a GUI for this sort of stuff in Linux by now?

Coincidently, yes there is.  Using the menus, you can get to it by clicking the KDE Start Menu -> Applications -> Administration -> Samba.  The command line executable was /usr/bin/system-config-samba.  The GUI looks like this (Showing sample folder configured):

 SAMBA: GUI Samba configuration manager in KDE

 

SAMBA: Properties of the Linux KDE Samba configuration

 


How can I control permissions who get's into my share and who doesn't?

This is controlled by the server from which a resource is shared.  So if you are sharing a path that resides in windows, you will need to use the properties panel to indicate sharing properties.  See Step 2 in above post for doing just this.  In Linux, you can either use the GUI (above) or specify this in the /etc/samba/smb.conf file as part of the share definition.

 


When I share a Windows path on Linux or vice versa, how does the SAMBA server know what to do and how to correctly save files in EXT or NTFS or FAT filesystems?

SAMBA doesn't know.  SAMBA sends the requests through CIFS to each operating system.  Each operating system then calls the correct filesystem functions to properly save the files.

 


Why do I get Connection to 192.168.1.1 failed (Error NT_STATUS_CONNECTION_REFUSED) when checking my own defined shares?

When trying to list your own shares you have defined on your Linux system, you get this:

# smbclient -L 192.168.1.1
Connection to 192.168.1.1 failed (Error NT_STATUS_CONNECTION_REFUSED)
#

If you had logging enabled in your firewall setup, you're in good shape here because the reason could be in them:

# tail -f /var/log/messages
Jul 20 14:33:06 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=35873 DF PROTO=TCP SPT=38549 DPT=445 WINDOW=32792 RES=0×00 SYN URGP=0
Jul 20 14:33:09 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=35874 DF PROTO=TCP SPT=38549 DPT=445 WINDOW=32792 RES=0×00 SYN URGP=0
Jul 20 14:33:09 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=425 DF PROTO=TCP SPT=50721 DPT=139 WINDOW=32792 RES=0×00 SYN URGP=0
Jul 20 14:33:12 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0×00 PREC=0×00 TTL=64 ID=426 DF PROTO=TCP SPT=50721 DPT=139 WINDOW=32792 RES=0×00 SYN URGP=0

Port 139 and 445 looks to be blocked.  You'll need to modify the rules.  A command to check to see if you have the ports enabled is iptables -nL|egrep "139|445"

# iptables -nL|egrep "139|445"
ACCEPT     tcp  –  192.168.0.0/16       0.0.0.0/0           multiport sports 137,138,514,8009
ACCEPT     tcp  –  192.168.0.0/16       0.0.0.0/0           multiport dports 137,138,514,8009
ACCEPT     udp  –  0.0.0.0/0            192.168.0.0/16      multiport sports 137,138,161,68,67,69,514,44089,8009
ACCEPT     udp  –  0.0.0.0/0            192.168.0.0/16      multiport dports 137,138,161,68,67,69,514,44089,8009
ACCEPT     udp  –  192.168.0.0/16       192.168.0.0/16      multiport dports 137,138

In this case my rules for iptables that needed to be changed were (Added in green):

# vi /etc/sysconfig/iptables
-A INPUT -s 192.168.0.0/16 -p tcp -m multiport –sports 137,138,139,445,514,8009 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m multiport –dports 137,138,139,445,514,8009 -j ACCEPT
-A INPUT -d 192.168.0.0/16 -p udp -m multiport –sports 137,138,139,161,68,67,69,445,514,44089,8009 -j ACCEPT
-A INPUT -d 192.168.0.0/16 -p udp -m multiport –dports 137,138,139,161,68,67,69,445,514,44089,8009 -j ACCEPT
-A INPUT -d 192.168.0.0/16 -s 192.168.0.0/16 -p udp -m multiport –dports 137,138,139,445 -j ACCEPT
#

NOTICE that I'm adding the ports for the local network only.  Check again with:

# iptables -nL|egrep "139|445"

once rules are added:

# iptables -nL|egrep "139|445"
ACCEPT     tcp  –  192.168.0.0/16       0.0.0.0/0           multiport sports 137,138,139,445,514,8009
ACCEPT     tcp  –  192.168.0.0/16       0.0.0.0/0           multiport dports 137,138,139,445,514,8009
ACCEPT     udp  –  0.0.0.0/0            192.168.0.0/16      multiport sports 137,138,139,161,68,67,69,445,514,44089,8009
ACCEPT     udp  –  0.0.0.0/0            192.168.0.0/16      multiport dports 137,138,139,161,68,67,69,445,514,44089,8009
ACCEPT     udp  –  192.168.0.0/16       192.168.0.0/16      multiport dports 137,138,139,445
#

For more on iptables and the Linux firewall, you can visit the page: The Linux Firewall configuration

 


Why do I get WARNING: [printers] service MUST be printable! when running testparm or similar?

To resolve the WARNING above, I realized I did not properly uncomment the ";[HomeVideos]" (I had ; (semicolon) through most of the added configuration options I added above):

; [LinuxHomeVideos]
;        comment = Sony HDR-SR7 Camcorder Home Movies and Images.
;        path = /mnt/LinuxHomeVideos
;        valid users = root
;        public = no
;        writable = yes
;        browseable = yes
        guest ok = no
        printable = no

To resolve the issue and enable the share I had to remove the semicolons in front of the configuration section.   Did that and this resulted in a clean configuration.

 


Some of my applications don't let me save to the mapped drive?  What's going on?

Unfortunately, some of the applications out there grey out fields when you select the mapped drive preventing you from saving anything there.  I'm not sure what the issue here is myself but I suspect it has to do with the options hard coded for that dialog box rather then windows.  In any case, you can always move the file using Windows Explorer even though it adds another step. 

One such application was the Sony HDR-SR7 camcorder I have and it's Sony Motion Picture Browser application.  When synchronizing movies, it did not allow you to save to the mapped drive.  Couldn't determine exactly why at the time.

 


What if I have issues other then the ones listed here?

You could let us know about it.  Flip us a comment in the comments box below and, who knows, just maybe we'll have the answer you need. :)

 


 

What about sharing a printer?  Can this be done with SAMBA?

 

Been there done that: Linux Pixma Printer Configuration: Canon Pixma iP4000 / iP4100

Simply replace the name of the printer there with your own model to get going.

 


I'm receiving Access Denied or NT_STATUS_ACCESS_DENIED listing from SMB?

Aug 28 2012:

When trying to access the configured shares, you get something similar to the following few messages even though all your standard UNIX permissions and folder settings look fine:

# smbclient //192.168.0.14/HTPCBackupXFS -U'root%SECRET' -vvvvv
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.10-116.el6_2]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*

                65535 blocks of size 33553920. 65535 blocks available
smb: \> exit
#

On further inspection, we notice that the folders have additional security settings:

#  ls -lda –author -Z HTPCBackupXFS
drwxr-xr-x. root root system_u:object_r:file_t:s0      HTPCBackupXFS
#  ls -lda –author -Z HTPCFileStorage
drwxr-xr-x. root root system_u:object_r:etc_runtime_t:s0 HTPCFileStorage
#

And these belong to SELinux.  Now one of the ways to get rid of this error is to turn off SELinux but we'll try to play along here with it enabled for SAMBA / CIFS / SMB. 

# chcon -R -t samba_share_t /mnt/FOLDER
# semanage fcontext -a -t samba_share_t "/mnt/FOLDER(/.*)?"            (May need package policycoreutils.x86_64 and policycoreutils-python.x86_64)
# restorecon -R -v /mnt/FOLDER

In my case, this resolved my immediate issue for me.  A great source of information are the man pages using this query:

man samba_selinux

 


I'm receiving Error code: 0×80070035 cannot access or Error NT_STATUS_HOST_UNREACHABLE?

The solution to this issue is covered in our topic at this link:

Linux / Windows: Error code: 0×80070035 cannot access and Error NT_STATUS_HOST_UNREACHABLE

 


I'm getting chcon: failed to change context of to `system_u:object_r:samba_share_t:s0': Operation not supported dosfs_t. What do I do now?

In this case, we can set one of the SELinux boolean values to enable reading of:

# ls -aldZ HDR-SR7/
drwxr-xr-x. root root system_u:object_r:dosfs_t:s0     HDR-SR7/
#

Which is a DOS type FS:

# getsebool samba_export_all_ro
samba_export_all_ro –> off
#
# setsebool -P samba_export_all_ro on
#
# getsebool samba_export_all_ro
samba_export_all_ro –> on
#

A very good source of SAMBA SELinux flags can also be found at this location.

 


I'm getting Error NT_STATUS_UNSUCCESSFUL. What do I do about this one?

(Sep 2012) You may see something like this from your console:

# smbclient -L 192.168.0.10 -U'tom%SECRET'
Connection to 192.168.0.10 failed (Error NT_STATUS_UNSUCCESSFUL)
#

The first thing I did is to toggle disabling then reenabling the firewall.  Woila.  That was the issue in my case.  Either the firewall is up at the target host at .0.10 or SMB / CIFS ports are being blocked in your case.  Follow your firewall procedure to enable the ports for your local network.  Below is an example for Kaspersky Antivirus:

  • Click the Kaspersky Antivirus icon from the tray.
  • Click on Settings at the top right corner of the panel that appears.
  • Click Firewall from the Protection Center List.
  • Click Settings button.
  • Click Packet Rules tab.
  • Click Add and define the rule similarly to the image below:

 

Kaspersky SMB and CIFS Firewall Rules

Another solution is to stop the Windows Firewall service.  From Start, search for Services.  Click the resultant app then search for Windows Firewall.  If disabling the Windows Firewall works, consider amending rules for it to allow such access.  To adjust, browse to Control Panel – All Control Panel Items – Windows Firewall – Allowed Programs then find the following in the list:

File and Printer Sharing

This feature is used for sharing local files and printers with other users on the network. (Uses NetBIOS, LLMNR, SMB and RPC)

And check the Home/Work (Private) network (NOT public, unless the private and domain don't work.  You may need to check your public, private and domain provile definitions.) to allow on your network:

Windows Firewall Adjustment for SAMBA / CIFS

And you should be good to go.  We can see that it was a timeout from port 139 when running a trace (strace smbclient -L 192.168.0.10 -U'tom%SECRET'):

connect(6, {sa_family=AF_INET, sin_port=htons(139), sin_addr=inet_addr("192.168.0.10")}, 16) = -1 EALREADY (Operation already in progress)
poll([{fd=6, events=POLLIN|POLLOUT|POLLHUP}, {fd=3, events=POLLIN|POLLOUT|POLLHUP}, {fd=4, events=POLLIN|POLLHUP}], 3, 255) = 0 (Timeout)
fcntl(3, F_SETFL, O_RDWR)               = 0
fcntl(3, F_GETFL)                       = 0×2 (flags O_RDWR)
fcntl(3, F_GETFL)                       = 0×2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK)    = 0
connect(3, {sa_family=AF_INET, sin_port=htons(445), sin_addr=inet_addr("192.168.0.10")}, 16) = -1 EALREADY (Operation already in progress)
fcntl(6, F_SETFL, O_RDWR)               = 0
fcntl(6, F_GETFL)                       = 0×2 (flags O_RDWR)
fcntl(6, F_GETFL)                       = 0×2 (flags O_RDWR)
fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK)    = 0

So ensure you are using the correct port:

[root@mbpc ~]# grep -Ei "445|139" /etc/samba/smb.conf
        smb ports = 445
[root@mbpc ~]#

And that should get you connected: 

[root@mbpc ~]# smbclient -L //192.168.0.10 -U'root%SECRET' -vvvv
Domain=[TOM-PC] OS=[Windows 7 Home Premium 7601 Service Pack 1] Server=[Windows 7 Home Premium 6.1]

        Sharename       Type      Comment
        ———       —-      ——-
        ADMIN$          Disk      Remote Admin
        C$              Disk      Default share
        CDHelp          Disk
        D$              Disk      Default share
        HomeVideosImages Disk
        IPC$            IPC       Remote IPC
        Q$              Disk      Default share
        TOM-PC-D        Disk
session request to 192.168.0.10 failed (Called name not present)
session request to 192 failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
NetBIOS over TCP disabled — no workgroup available
[root@mbpc ~]#

Let us know your experience.

Cheers!
Tom K.

Pages: 1 2 3

6 Responses to “Networking: Sharing folders between Windows and Linux using Samba”

  1. [...] Tom Kacperski wrote an interesting post today onNetworking: Sharing folders between Windows and Linux using SambaHere’s a quick excerpt [...]

  2. [...] Networking: Sharing folders between Windows and Linux using Samba [...]

  3. [...] Networking: Sharing folders between Windows and Linux using Samba [...]

  4. [...] NT_STATUS_UNSUCCESSFUL Setting up rules in the firewall between server/client for ports 445,139 etc might do it for your [...]

  5. [...] follow us on our Samba / CIFS Connectivity page for the resolution to the issue.  Hope this helps [...]

  6. [...] tips on this Samba / CIFS Connectivity page may [...]

Leave a Reply

 


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License