Samba on Mac OS and Win 10: Can’t mount SMB share, permission denied.
So you’re getting this:
permission denied
When trying to mount an SMB file share on a Mac OS or Win 10? You’re likely running into the UPN limitation with users such as sam@domain.com. Though this is a single user, the Mac OS CLI interprets this as a <user>@<host> , which is not the case. No escaping is possible using the @ sign, not even in passwords.
So you’ll need to use user maps to solve this one. Keep reading.
[ Mac OS – Fails ]
[2020/02/21 00:03:16.960566, 5, pid=12382, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
Mapping user [mds.xyz]\[joe] from workstation [SERVER-PBM]
[ Win 10 – Works ]
[2020/02/20 23:58:01.059514, 5, pid=11929, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth_util.c:126(make_user_info_map)
Mapping user []\[joe@mds.xyz] from workstation [JOHN-PC]
In fact, none of these worked either from a Mac OS book:
5 mkdir samba
6 mount -t smbfs //joe@mds.xyz@192.168.0.125/NFS-joe samba
7 mount -t smbfs //mds.xyz\joe@192.168.0.125/NFS-joe samba
8 mount -t smbfs //joe\@mds.xyz@192.168.0.125/NFS-joe samba
9 mount -t smbfs //“joe\@mds.xyz”@192.168.0.125/NFS-joe samba
10 mount -t smbfs //192.168.0.125/NFS-joe samba
11 mount -t smbfs //192.168.0.125/NFS-joe samba -U “joe@mds.xyz”
12 mount -t smbfs //192.168.0.125/NFS-joe samba -u “joe@mds.xyz”
13 mount -t smbfs //192.168.0.125/NFS-joe samba -o user=“joe@mds.xyz”
14 mount -t smbfs //192.168.0.125/NFS-joe samba -o user=joe@mds.xyz
15 mount -t smbfs //192.168.0.125/NFS-joe samba -o rw,user=joe
16 mount -t cifs //192.168.0.125/NFS-joe samba -o rw,user=joe
17 mount -t smbfs //192.168.0.125/NFS-joe samba
18 id joe@mds.xyz
19 mount -t cifs //192.168.0.125/NFS-joe samba -o username=“joe@mds.xyz”
20 mount -t cifs //192.168.0.125/NFS-joe samba -o username=joe@mds.xyz
21 mount -t smbfs //192.168.0.125/NFS-joe samba -o username=joe@mds.xyz
22 mount -t smbfs //192.168.0.125/NFS-joe samba -o username=“joe@mds.xyz”,password=”<JOESPASS>”
23 mount -t smbfs //192.168.0.125/NFS-joe -o username=joe,password=”<JOESPASS>”,domain=mds.xyz
24 mount -t smbfs //192.168.0.125/NFS-joe -o user=joe,password=”<JOESPASS>”,domain=mds.xyz
25 smbclient -U joe@mds.xyz //192.168.0.125 -L //NFS-joe
26 mount -t -o username=joe@mds.xyz //192.168.0.125/NFS-joe samba
27 mount -t smbfs -o username=joe@mds.xyz //192.168.0.125/NFS-joe samba
28 mount -t smbfs -o user=joe@mds.xyz //192.168.0.125/NFS-joe samba
29 mount -t smbfs -o usr=joe@mds.xyz //192.168.0.125/NFS-joe samba
30 mount -t smbfs -o username=joe@mds.xyz //192.168.0.125/NFS-joe samba
31 mount -V
32 mount –version
33 mount -v
34 mount -t smbfs -o username=joe@mds.xyz //192.168.0.125/NFS-joe samba
35 mount_smbfs //joe@mds.xyz:<JOESPASS>@192.168.0.125/NFS-joe samba
36 mount_smbfs //joe@mds.xyz:”<JOESPASS>”@192.168.0.125/NFS-joe samba
37 ping 192.168.0.125
38 mount_smbfs //joe@mds.xyz:”<JOESPASS>”@192.168.0.125/joe@mds.xyz samba
39 mount_smbfs //“joe@mds.xyz”:”<JOESPASS>”@192.168.0.125/NFS-joe samba
40 mount_smbfs //joe:abc”@192.168.0.125/NFS-joe samba
41 mount_smbfs //joe:abc@192.168.0.125/NFS-joe samba
42 mount_smbfs //joe\@mds.xyz:”<JOESPASS>”@192.168.0.125/NFS-joe samba
43 mount_smbfs //joe’@’mds.xyz:”<JOESPASS>”@192.168.0.125/NFS-joe samba
44 mount_smbfs //mds.xyz\joe:”<JOESPASS>”@192.168.0.125/NFS-joe samba
45 mount_smbfs //mds.xyz\joe@192.168.0.125/NFS-joe samba
46 mount_smbfs //mds.xyz\joe@192.168.0.125/NFS-joe samba
47 mount_smbfs //mds.xyz;joe:@192.168.0.125/NFS-joe samba
48 mount_smbfs //mds.xyz;joe:”<JOESPASS>”@192.168.0.125/NFS-joe samba
49 mount_smbfs smb://mds.xyz;joe:”<JOESPASS>”@192.168.0.125/NFS-joe samba
50 mount_smbfs //joe:”<JOESPASS>”@192.168.0.125/NFS-joe samba
51 mount_smbfs //joe@mds.xyz:”<JOESPASS>”@192.168.0.125/NFS-joe samba
52 mount_smbfs //joe%40mds.xyz:”<JOESPASS>”@192.168.0.125/NFS-joe samba
Just to close this off. Finally got to trying username maps on the NFS server itself and sure enough it fixed this.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
log level = 4
max protocol = SMB3
min protocol = NT1
local master = no
realm = *
username map = /n/samba/user.map
# cat /n/samba/user.map
joe@mds.xyz = joe joseph
bob@mds.xyz = bob bobby
#
Line is:
mount_smbfs -d 5 //bob@nfs-c01.nix.mds.xyz/nfs-bob ./<MOUNT-POINT>
user: bob
pass: <PASS>
Works both on Windows 10 and Mac OS.
Cheers,
TK