Networking: Sharing folders between Windows and Linux using Samba
This is a set of questions and problems encountered along the way and what to do when you see each.
- Why do I need to use CIFS and not SMB?
- Why do I get tree connect failed: NT_STATUS_ACCESS_DENIED or NT_STATUS_BAD_NETWORK_NAME?
- Why do I get mount error(13): Permission denied or mount error(6): Permission denied?
- It's not working for me. How can I find out further details on my problems such as log files or increase verbosity on my commands?
- Why do I get session request to 192.168.123.42 failed (Called name not present) or session request to 192 failed (Called name not present)?
- Isn't there a GUI for this sort of stuff in Linux by now?
- How can I control permissions who get's into my share and who doesn't?
- When I share a Windows path on Linux or vice versa, how does the SAMBA server know what to do and how to correctly save files in EXT or NTFS or FAT filesystems?
- Why do I get Connection to 192.168.1.1 failed (Error NT_STATUS_CONNECTION_REFUSED) when checking my own defined shares?
- Why do I get WARNING: [printers] service MUST be printable! when running testparm or similar?
- Some of my applications don't let me save to the mapped drive? What's going on?
- What if I have issues other then the ones listed here?
- What about sharing a printer? Can this be done with SAMBA?
- I'm receiving Access Denied or NT_STATUS_ACCESS_DENIED listing from SMB?
- I'm receiving Error code: 0x80070035 cannot access or Error NT_STATUS_HOST_UNREACHABLE?
- I'm getting chcon: failed to change context of to `system_u:object_r:samba_share_t:s0': Operation not supported dosfs_t. What do I do now?
- I'm getting Error NT_STATUS_UNSUCCESSFUL. What do I do about this one?
Why do I need to use CIFS and not SMB?
The reason for this is that CIFS has superceded SMB. Of course, on older distributions, you would use SMB. Per the man pages of mount.cifs:
The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other commercial servers and Network Attached Storage appliances as well as by the popular Open Source server Samba.
For older systems, you would need to replace cifs with smb in the commands below.
Why do I get tree connect failed: NT_STATUS_ACCESS_DENIED or NT_STATUS_BAD_NETWORK_NAME?
You may have attempted to mount a share off of Windows and you see this:
$ smbclient //192.168.9.9/I$ /mnt/winshare-I -o rw,user="MeUser",password="somepassword" -v
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_ACCESS_DENIED
$
Or perhaps you are trying to list shares available at an address and you type something like this:
# smbclient //192.168.0.14/I/
Enter root's password:
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
#
One of your first steps I took was to check the source and dig in the man pages for this (This command may take some time):
# man -K NT_STATUS_ACCESS_DENIED
#
Which got me absolutely nowhere. (Handy to know above command though not always produces results.) Then in Windows I checked the share name I was using and it was set to the volume name VI (I) not I or I$ as I tried to use:
# smbclient "//192.168.87.27/VI (I)/"
Enter root's password:
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
smb: \> ?
? allinfo altname archive blocksize
cancel case_sensitive cd chmod chown
close del dir du echo
exit get getfacl hardlink help
history iosize lcd link lock
lowercase ls l mask md
mget mkdir more mput newer
open posix posix_encrypt posix_open posix_mkdir
posix_rmdir posix_unlink print prompt put
pwd q queue quit rd
recurse reget rename reput rm
rmdir showacls setmode stat symlink
tar tarmode translate unlock volume
vuid wdel logon listconnect showconnect
.. !
smb: \> dir
HomeVideos D 0 Sun Jul 26 01:49:32 2009
RECYCLER DHS 0 Mon Oct 20 03:46:35 2008
Sony HDR-SR7 D 0 Mon Jul 20 16:22:05 2009
System Volume Information DHS 0 Tue Nov 27 11:45:27 2007
47692 blocks of size 4194304. 2463 blocks available
smb: \>
When using smbclient -L //192.168.0.64 two shares come up:
VI (I) Disk
I$ Disk Default share
You will need to use the actual share name as was defined in windows rather then the default share name.
Why do I get mount error(13): Permission denied or mount error(6): Permission denied?
When running this command, you get:
$ mount -t cifs //WINPC_NAME/I$ /mnt/winpc_name -I -o username="Tom",password="somepassword"
mount error(13): Permission denied
$
Again, this in my case was related to NT_STATUS_ACCESS_DENIED and NT_STATUS_BAD_NETWORK_NAME that was addressed in above two questions. Also related:
Jul 13 15:42:25 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:25 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:32 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:42:37 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:37 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:42:45 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:48:21 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:48:21 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -6
Jul 13 15:48:27 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:48:31 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
Jul 13 15:48:38 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -13
parsing options: rw
mount error: can not change directory into mount target /mnt/somedir
# mount -t cifs "//192.168.6.6/VI (IB)/" /mnt/somedir -v
parsing options: rw
Password:
mount.cifs kernel mount options unc=//192.168.6.6\VI (IB),user=root,pass=,ver=1,rw
retrying with upper case share name
mount.cifs kernel mount options unc=//192.168.6.6\VI (IB),user=root,pass=,ver=1,rw
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
#
In this case, the -6 in the error refers to incorrectly specified mount folder.
To answer the second part first, most commands in Unix / Linux can be looked up using man <command>. Having said this, of those having man pages, most will list the -v option to increase verbosity. But again, lookup the command in the man (short for manual) pages to be sure.
For the first question, check /var/log/messages for the error message you saw with something like:
# tail -n 1500 -f /var/log/messages*|egrep "smb|cifs"
Jul 27 09:47:33 lhs smbd[20537]: [2009/07/27 09:47:33, 0] lib/util_sock.c:get_peer_addr_internal(1676)
Jul 27 09:47:33 lhs smbd[20537]: getpeername failed. Error was Transport endpoint is not connected
Jul 27 09:47:33 lhs smbd[20537]: [2009/07/27 09:47:33, 0] lib/util_sock.c:read_socket_with_timeout(939)
Jul 27 09:47:33 lhs smbd[20537]: [2009/07/27 09:47:33, 0] lib/util_sock.c:get_peer_addr_internal(1676)
Jul 27 09:47:33 lhs smbd[20537]: getpeername failed. Error was Transport endpoint is not connected
Jul 27 09:47:33 lhs smbd[20537]: read_socket_with_timeout: client 0.0.0.0 read error = Connection reset by peer.
Jan 13 16:42:49 lhs yum: Updated: gnome-vfs2-smb.i386 2.16.2-2.fc6
Jul 18 01:22:31 lhs kernel: CIFS VFS: cifs_mount failed w/return code = -112
#
In the case of the above error, the IP address was not reachable or the hostname provided to an smb command didn't exist or had no IP associated with it. Did you forget to change the IP's in commands you see in this post to those matching your configuration?
$ smbclient -L 192.168.5.3
Enter root's password:
Domain=[WINPC_NAME] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
.
.
.
.
session request to 192.168.8.17 failed (Called name not present)
session request to 192 failed (Called name not present)
.
.
$
Isn't there a GUI for this sort of stuff in Linux by now?
Coincidently, yes there is. Using the menus, you can get to it by clicking the KDE Start Menu -> Applications -> Administration -> Samba. The command line executable was /usr/bin/system-config-samba. The GUI looks like this (Showing sample folder configured):
How can I control permissions who get's into my share and who doesn't?
This is controlled by the server from which a resource is shared. So if you are sharing a path that resides in windows, you will need to use the properties panel to indicate sharing properties. See Step 2 in above post for doing just this. In Linux, you can either use the GUI (above) or specify this in the /etc/samba/smb.conf file as part of the share definition.
SAMBA doesn't know. SAMBA sends the requests through CIFS to each operating system. Each operating system then calls the correct filesystem functions to properly save the files.
When trying to list your own shares you have defined on your Linux system, you get this:
# smbclient -L 192.168.1.1
Connection to 192.168.1.1 failed (Error NT_STATUS_CONNECTION_REFUSED)
#
If you had logging enabled in your firewall setup, you're in good shape here because the reason could be in them:
# tail -f /var/log/messages
Jul 20 14:33:06 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35873 DF PROTO=TCP SPT=38549 DPT=445 WINDOW=32792 RES=0x00 SYN URGP=0
Jul 20 14:33:09 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35874 DF PROTO=TCP SPT=38549 DPT=445 WINDOW=32792 RES=0x00 SYN URGP=0
Jul 20 14:33:09 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=425 DF PROTO=TCP SPT=50721 DPT=139 WINDOW=32792 RES=0x00 SYN URGP=0
Jul 20 14:33:12 lhs kernel: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.0.14 DST=192.168.0.14 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=426 DF PROTO=TCP SPT=50721 DPT=139 WINDOW=32792 RES=0x00 SYN URGP=0
Port 139 and 445 looks to be blocked. You'll need to modify the rules. A command to check to see if you have the ports enabled is iptables -nL|egrep "139|445":
# iptables -nL|egrep "139|445"
ACCEPT tcp — 192.168.0.0/16 0.0.0.0/0 multiport sports 137,138,514,8009
ACCEPT tcp — 192.168.0.0/16 0.0.0.0/0 multiport dports 137,138,514,8009
ACCEPT udp — 0.0.0.0/0 192.168.0.0/16 multiport sports 137,138,161,68,67,69,514,44089,8009
ACCEPT udp — 0.0.0.0/0 192.168.0.0/16 multiport dports 137,138,161,68,67,69,514,44089,8009
ACCEPT udp — 192.168.0.0/16 192.168.0.0/16 multiport dports 137,138
In this case my rules for iptables that needed to be changed were (Added in green):
# vi /etc/sysconfig/iptables
-A INPUT -s 192.168.0.0/16 -p tcp -m multiport –sports 137,138,139,445,514,8009 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m multiport –dports 137,138,139,445,514,8009 -j ACCEPT
-A INPUT -d 192.168.0.0/16 -p udp -m multiport –sports 137,138,139,161,68,67,69,445,514,44089,8009 -j ACCEPT
-A INPUT -d 192.168.0.0/16 -p udp -m multiport –dports 137,138,139,161,68,67,69,445,514,44089,8009 -j ACCEPT
-A INPUT -d 192.168.0.0/16 -s 192.168.0.0/16 -p udp -m multiport –dports 137,138,139,445 -j ACCEPT
#
NOTICE that I'm adding the ports for the local network only. Check again with:
# iptables -nL|egrep "139|445"
once rules are added:
# iptables -nL|egrep "139|445"
ACCEPT tcp — 192.168.0.0/16 0.0.0.0/0 multiport sports 137,138,139,445,514,8009
ACCEPT tcp — 192.168.0.0/16 0.0.0.0/0 multiport dports 137,138,139,445,514,8009
ACCEPT udp — 0.0.0.0/0 192.168.0.0/16 multiport sports 137,138,139,161,68,67,69,445,514,44089,8009
ACCEPT udp — 0.0.0.0/0 192.168.0.0/16 multiport dports 137,138,139,161,68,67,69,445,514,44089,8009
ACCEPT udp — 192.168.0.0/16 192.168.0.0/16 multiport dports 137,138,139,445
#
For more on iptables and the Linux firewall, you can visit the page: The Linux Firewall configuration
Why do I get WARNING: [printers] service MUST be printable! when running testparm or similar?
To resolve the WARNING above, I realized I did not properly uncomment the ";[HomeVideos]" (I had ; (semicolon) through most of the added configuration options I added above):
; [LinuxHomeVideos]
; comment = Sony HDR-SR7 Camcorder Home Movies and Images.
; path = /mnt/LinuxHomeVideos
; valid users = root
; public = no
; writable = yes
; browseable = yes
guest ok = no
printable = no
To resolve the issue and enable the share I had to remove the semicolons in front of the configuration section. Did that and this resulted in a clean configuration.
Some of my applications don't let me save to the mapped drive? What's going on?
Unfortunately, some of the applications out there grey out fields when you select the mapped drive preventing you from saving anything there. I'm not sure what the issue here is myself but I suspect it has to do with the options hard coded for that dialog box rather then windows. In any case, you can always move the file using Windows Explorer even though it adds another step.
One such application was the Sony HDR-SR7 camcorder I have and it's Sony Motion Picture Browser application. When synchronizing movies, it did not allow you to save to the mapped drive. Couldn't determine exactly why at the time.
What if I have issues other then the ones listed here?
You could let us know about it. Flip us a comment in the comments box below and, who knows, just maybe we'll have the answer you need. 🙂
What about sharing a printer? Can this be done with SAMBA?
Been there done that: Linux Pixma Printer Configuration: Canon Pixma iP4000 / iP4100
Simply replace the name of the printer there with your own model to get going.
I'm receiving Access Denied or NT_STATUS_ACCESS_DENIED listing from SMB?
Aug 28 2012:
When trying to access the configured shares, you get something similar to the following few messages even though all your standard UNIX permissions and folder settings look fine:
# smbclient //192.168.0.14/HTPCBackupXFS -U'root%SECRET' -vvvvv
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.10-116.el6_2]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
65535 blocks of size 33553920. 65535 blocks available
smb: \> exit
#
On further inspection, we notice that the folders have additional security settings:
# ls -lda –author -Z HTPCBackupXFS
drwxr-xr-x. root root system_u:object_r:file_t:s0 HTPCBackupXFS
# ls -lda –author -Z HTPCFileStorage
drwxr-xr-x. root root system_u:object_r:etc_runtime_t:s0 HTPCFileStorage
#
And these belong to SELinux. Now one of the ways to get rid of this error is to turn off SELinux but we'll try to play along here with it enabled for SAMBA / CIFS / SMB.
# chcon -R -t samba_share_t /mnt/FOLDER
# semanage fcontext -a -t samba_share_t "/mnt/FOLDER(/.*)?" (May need package policycoreutils.x86_64 and policycoreutils-python.x86_64)
# restorecon -R -v /mnt/FOLDER
In my case, this resolved my immediate issue for me. A great source of information are the man pages using this query:
man samba_selinux
I'm receiving Error code: 0x80070035 cannot access or Error NT_STATUS_HOST_UNREACHABLE?
The solution to this issue is covered in our topic at this link:
Linux / Windows: Error code: 0×80070035 cannot access and Error NT_STATUS_HOST_UNREACHABLE
In this case, we can set one of the SELinux boolean values to enable reading of:
# ls -aldZ HDR-SR7/
drwxr-xr-x. root root system_u:object_r:dosfs_t:s0 HDR-SR7/
#
Which is a DOS type FS:
# getsebool samba_export_all_ro
samba_export_all_ro –> off
#
# setsebool -P samba_export_all_ro on
#
# getsebool samba_export_all_ro
samba_export_all_ro –> on
#
Likewise for fusefs filesystems:
# chcon -R -t samba_share_t /n
chcon: failed to change context of 'nfs-ganesha-test.txt' to 'system_u:object_r:samba_share_t:s0': Operation not supported
# ls -altrda –author -Z /n
drwxr-xr-x. root root system_u:object_r:fusefs_t:s0 /n
# getsebool samba_share_fusefs
samba_share_fusefs –> off
# setsebool -P samba_share_fusefs on
# getsebool samba_share_fusefs
samba_share_fusefs –> on
#
Likewise, for NFS shares, you'll need the following to allow sharing out of NFS shares:
# getsebool samba_share_nfs
samba_share_nfs –> off
# setsebool -P samba_share_nfs on
# getsebool samba_share_nfs
samba_share_nfs –> on
#
A very good source of SAMBA SELinux flags can also be found at this location.
I'm getting Error NT_STATUS_UNSUCCESSFUL. What do I do about this one?
(Sep 2012) You may see something like this from your console:
# smbclient -L 192.168.0.10 -U'tom%SECRET'
Connection to 192.168.0.10 failed (Error NT_STATUS_UNSUCCESSFUL)
#
The first thing I did is to toggle disabling then reenabling the firewall. Woila. That was the issue in my case. Either the firewall is up at the target host at .0.10 or SMB / CIFS ports are being blocked in your case. Follow your firewall procedure to enable the ports for your local network. Below is an example for Kaspersky Antivirus:
- Click the Kaspersky Antivirus icon from the tray.
- Click on Settings at the top right corner of the panel that appears.
- Click Firewall from the Protection Center List.
- Click Settings button.
- Click Packet Rules tab.
- Click Add and define the rule similarly to the image below:
Another solution is to stop the Windows Firewall service. From Start, search for Services. Click the resultant app then search for Windows Firewall. If disabling the Windows Firewall works, consider amending rules for it to allow such access. To adjust, browse to Control Panel – All Control Panel Items – Windows Firewall – Allowed Programs then find the following in the list:
File and Printer Sharing
This feature is used for sharing local files and printers with other users on the network. (Uses NetBIOS, LLMNR, SMB and RPC)
And check the Home/Work (Private) network (NOT public, unless the private and domain don't work. You may need to check your public, private and domain provile definitions.) to allow on your network:
And you should be good to go. We can see that it was a timeout from port 139 when running a trace (strace smbclient -L 192.168.0.10 -U'tom%SECRET'):
connect(6, {sa_family=AF_INET, sin_port=htons(139), sin_addr=inet_addr("192.168.0.10")}, 16) = -1 EALREADY (Operation already in progress)
poll([{fd=6, events=POLLIN|POLLOUT|POLLHUP}, {fd=3, events=POLLIN|POLLOUT|POLLHUP}, {fd=4, events=POLLIN|POLLHUP}], 3, 255) = 0 (Timeout)
fcntl(3, F_SETFL, O_RDWR) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(445), sin_addr=inet_addr("192.168.0.10")}, 16) = -1 EALREADY (Operation already in progress)
fcntl(6, F_SETFL, O_RDWR) = 0
fcntl(6, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(6, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0
So ensure you are using the correct port:
[root@mbpc ~]# grep -Ei "445|139" /etc/samba/smb.conf
smb ports = 445
[root@mbpc ~]#
And that should get you connected:
[root@mbpc ~]# smbclient -L //192.168.0.10 -U'root%SECRET' -vvvv
Domain=[TOM-PC] OS=[Windows 7 Home Premium 7601 Service Pack 1] Server=[Windows 7 Home Premium 6.1]
Sharename Type Comment
——— —- ——-
ADMIN$ Disk Remote Admin
C$ Disk Default share
CDHelp Disk
D$ Disk Default share
HomeVideosImages Disk
IPC$ IPC Remote IPC
Q$ Disk Default share
TOM-PC-D Disk
session request to 192.168.0.10 failed (Called name not present)
session request to 192 failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
NetBIOS over TCP disabled — no workgroup available
[root@mbpc ~]#
Let us know your experience.
Cheers!
Tom K.
[…] Tom Kacperski wrote an interesting post today onNetworking: Sharing folders between Windows and Linux using SambaHere’s a quick excerpt […]
[…] Networking: Sharing folders between Windows and Linux using Samba […]
[…] Networking: Sharing folders between Windows and Linux using Samba […]
[…] NT_STATUS_UNSUCCESSFUL Setting up rules in the firewall between server/client for ports 445,139 etc might do it for your […]
[…] it's all said and done then shared with the rest of the network , including a new Nexus 7 running Android through AndSMB, and tweaked for quick data transfers it […]
[…] Networking: Sharing folders between Windows and Linux using Samba Fedora Update: undefined symbol: DRIOpenDRMMaster […]
[…] Windows and Linux: Samba / CIFS Network Sharing […]
[…] follow us on our Samba / CIFS Connectivity page for the resolution to the issue. Hope this helps […]
[…] tips on this Samba / CIFS Connectivity page may […]
[…] Windows and Linux: Samba / CIFS Network Sharing […]
[…] can also enable SMB / Samba file sharing on the individual cluster hosts and allow visibility to the Gluster FS / NFS – Ganesha […]