# SMB authentication error



## mefizto (May 12, 2015)

Greetings all,

I have a smb share on a UNIX machine.  I am trying to access it from FreeBSD by:

```
mount_smbfs -I 192.XXX.XXX.XXX //user@SERVER/share /mnt
Password:
mount_smbfs: unable to open connection: syserr = Authentication error
```
.

Interestingly

```
ssh user@192.XXX.XXX.XXX
Password:
```
works.

Access from a Windows machine and/or Linux machine works.  Any help would be appreciated.

Kindest regards,

M


----------



## SirDice (May 12, 2015)

Samba and the host may not use the same user database, as such there's no guarantee the password used for ssh(1) is the same one that's needed for Samba. You probably need to create the user on the Samba side of things.


----------



## mefizto (May 12, 2015)

Hi SirDice,

Yes, I am aware of that, but for the initial setup, I have a single user with the same password for both services.  And, as noted, Linux and Windows machines have no problem with the same user's credentials.

A simple search shows that I am not the only one with this problem, unfortunately, none of the different solutions, _e.g._, capitalization, adding -W flag, _etc._, has worked.  This is a significant problem for me because my data are centralized on a server.

Kindest regards,

M


----------



## mefizto (May 12, 2015)

Greetings all,

can the problem be mismatched uid, gid?  The response to the `id user` on the UNIX server is:

```
uid=100(user) gid=1(other) groups=1(other)
```
and on the FreeBSD client:

```
uid=1001 (user) gid=1001 (user) groups=1001 (user), 0(wheel)
```
If so, how do I correct this?

Kindest regards,

M


----------



## junovitch@ (May 13, 2015)

A `pdbedit -L` and `pdbedit -Lv` would be helpful.  That would show the mapping of info in Samba's database to the system UID and should help tell us if the info you've shown is a problem or not.


----------



## mefizto (May 13, 2015)

Hi junovitch,

I cannot find such a command.  However, I found this information about the user:
`idmap show -v unixuser:user`


```
unixuser:user-> usid:S-1-5-21-1877258731-2306597144-4292716028-1100
Source: Cache
Method: Local SID
```

Kindest regards,

M


----------



## mefizto (May 13, 2015)

Greetings all,

I have an additional piece of information, the smb is complaining

```
smb-maperror: NetBIOS name is invalid
```
However, the network sees the correct NetBios name:

`nbtstat -A 192.XXX.XXX.XXX`


```
Local Area Connection:
Node IpAddress: [192.YYY.YYY.YYY] Scope Id: []

  NetBIOS Remote Machine Name Table

  Name  Type  Status
  ---------------------------------------------
  SERVER  <00>  UNIQUE  Registered
  SERVER  <20>  UNIQUE  Registered
  WORKGROUP  <00>  GROUP  Registered

  MAC Address = ab-cd-ef-gh-ij-kl
```
I can also ping by both the IP address and the reported NetBios name.

Kindest regards,

M


----------



## mefizto (May 18, 2015)

Greetings all,

although it appears that I am talking to myself, I continue posting in regards to this problem in a hope that someone can make sense from my rambling because I really need to solve it.  I have made some interesting discovery.

The LAN has two Linux-based NASs boxes (Buffalo brand), having a built-in default guest account.  I am able to connect to the first one by:
	
	



```
mount_smbfs -I 192.XXX.XXX.XXX //guest@SERVER1/share /mnt
Password:
```
 when I just press "Enter" when asked for the password.  The very same procedure does _not_ work for the second server, I still receive the:
	
	



```
mount_smbfs: unable to open connection: syserr = Authentication error
```
 However, if remove the "guest", I am able to connect:

```
mount_smbfs -I 192.XXX.XXX.XXX //@SERVER2/share /mnt
Password:
```
I have checked the Buffalo boxes, and they are configured identically; therefore, I wonder if there is some mistake in the mount_smbfs implementation.

Is there a log that I could consult?

Kindest regards,

M


----------



## junovitch@ (May 19, 2015)

Are the Buffalo NAS's truly identical?  Or is one running firmware newer than the other that may have fixed a bug?  It may be worth looking closer at NAS firmware versions if one works and the other doesn't work.


----------



## mefizto (May 19, 2015)

Hi junovitch,

the firmware is, indeed, different.  However, given the fact that both are _configured _in the same manner_, i.e., _having a guest account and an administrator account, which are mountable/accessible by other OSs, by the proper manner, does it make a difference?

Kindest regards,

M


----------



## Sebulon (May 19, 2015)

mefizto

Can´t say it´ll work, but this is how I do to map a SMB share in FreeBSD:

`# smbutil crypt <YOUR_PASSWORD>`


```
# cat >> /etc/nsmb.conf << EOF
[<HOSTNAME>]
addr=<FQDN>
[<HOSTNAME>:<USER>]
workgroup=<WORKGROUP>
password=$$<HASHED_PASSWORD>
EOF
```

`# chmod 600 /etc/nsmb.conf`

`# mount_smbfs -N -I <FQDN> //<USER>@<HOSTNAME>/<SHARE> /mnt/`


----------



## mefizto (May 19, 2015)

Hi Sebulon,

thank you for the help - been there, does not work either.

Kindest regards,

M


----------



## tobik@ (May 19, 2015)

Does connecting with smbclient(1) work?

Try running `smblient -U guest -I 192.XXX.XXX.XXX //SERVER2/share`. You can add -d 2 to get some debug information (increase the number for more).


----------



## mefizto (May 19, 2015)

Hi Tobik,

thank you.  I do not know if your suggestion works, I have never tried that, but I will tonight.

Kindest regards,

M


----------



## junovitch@ (May 20, 2015)

mefizto said:


> Hi junovitch,
> 
> the firmware is, indeed, different.  However, given the fact that both are _configured _in the same manner_, i.e., _having a guest account and an administrator account, which are mountable/accessible by other OSs, by the proper manner, does it make a difference?
> 
> ...



I'm not at all familiar with Buffalo products.  It may be just fine or it may be a big assumption that the same config would have the exact same effect.  It could be entirely different versions of Samba underneath assuming it is Samba at all.  It would be worth reviewing the change logs for firmware to get an idea on just what changed between revisions.


----------



## mefizto (May 20, 2015)

Hi tobik,

thank you very much for the suggestion, the problem appears to be the interpretation of the zfs naming convention by SMB.

On the UNIX server, I have created a pool tank.  The pool tank then has two zfs systems zfs01 and zfs02.  When I tried mounting the share as `smbclient -U user -I 192.XXX.XXX.XXX //SERVER/tank/zfs01 /mnt` per your suggestion, the mount was failing, because  `smbclient -L` shows the sharename to be interpreted as 
	
	



```
tank_zfs01
```
although `zpool list` returns 
	
	



```
/tank/zfs01
```
Kindest regards,

M


----------



## tobik@ (May 20, 2015)

mefizto said:


> `smbclient -U user -I 192.XXX.XXX.XXX //SERVER/tank/zfs01 /mnt`


`smbclient` is an FTP-like client that tries to connect to your server. It does not mount anything, so you don't need to specify a mount point. The /mnt parameter you gave it is interpreted as the password which is probably not really your password.

That being said if the share name is tank_zfs01 use //SERVER/tank_zfs01 instead of //SERVER`/tank/zfs01. The share name does not have to literally reflect the mount point of your ZFS dataset. I'm not sure but I don't think that having a / in a share name is legal in SMB, so it makes sense that it is replaced by _.


----------



## mefizto (May 20, 2015)

Greetings all,

well, my happiness was premature.


```
mount_smbfs -I 192.XXX.XXX.XXX //user@SERVER/tank_zfs01 /mnt
Password:
mount_smbfs: unable to open connection: syserr = Permission denied
```
So now I do not have an "Authentication error", but a "Permission denied".

Kindest regards,

M


----------



## mefizto (May 30, 2015)

Greetings all,

I have, in third world sort of manner, moved forward by noticing that a file manager recognized the network and all the computers on it.  When I clicked on the SERVER and tank_zfs01 a window appeared asking for a password, which was accepted and the tank_zfs01 was mounted and visible in the file manager.

Now I am really confused.

Is the file manager using a different mechanism to access the smb share?  It says 
	
	



```
smb://SERVER/tank_zfs1
```
 in the file manager.  If not, why does the file manager access work and the command line does not?  Is it perhaps a bug?

Also, I cannot figure out, where is the share mounted.

Kindest regards,

M


----------



## Muahdib (Feb 17, 2016)

Hi, 

I know this is an old thread, but I had the same problem. First, your file-manager isn't really mounting it the way you would think it does (sadly). Its using probaply gvs or kio, depending on the toolkit the filemanager is developed in. What those normally do is connect to the fileshare and download the files you are interested in in a temporary location, when you modifiy it they copy it back to the share. 

I don't like it either, I would rather like they mount it as a real mount, but ....

What I think might be your problem is the windows domain, what I had to do to get the mount_smb to work is specify the domain like this:


```
sudo mount_smbfs -I <IP> -U <Windows User> -W <Windows Domain>  "//<NETBIOSNAME>/<SHARE>" <MOUNTPOINT>
```

I did not try it but maybe you also could do:
	
	



```
"//<DOMAIN>\<USER>@<NETBIOSNAME>"
```
 or 
	
	



```
"//<DOMAIN>/<USER>@<NETBIOSNAME>"
```

Best


----------



## free-and-bsd (Apr 21, 2017)

mefizto said:


> Now I am really confused.
> 
> Is the file manager using a different mechanism to access the smb share?  It says
> 
> ...


Yes, these are two different mechanisms. File browser uses GVFS and samba port while mount_smbfs uses mount.


----------



## joancatala (Jun 1, 2018)

Nobody knows the solution?

mount_smbfs -I 192.168.1.105 -U joan //192.168.1.105/disc1 /mnt/
Password:
*mount_smbfs: unable to open connection: syserr = Authentication error*


----------



## SirDice (Jun 1, 2018)

The mount_smbfs(8) only supports SMBv1. Microsoft disabled SMBv1 on Windows some time ago. I do not recommend enabling it due to to WannaCry and other malware. 

https://support.microsoft.com/en-us/help/4034314/smbv1-is-not-installed-by-default-in-windows


----------



## joancatala (Jun 1, 2018)

Hi SirDice,  I am not using Windows.

My samba server is a FreeBSD 11, and my samba client is a FreeBSD 12. And I can't mount the directories.

On the other clients I can do it perfectly: from a FreeBSD 11 using KDE and from a laptop with Ubuntu using Gnome Classic.


----------



## SirDice (Jun 1, 2018)

Note that mount_smbfs(8) is not part of Samba.


----------



## joancatala (Jun 1, 2018)

I solved it just reading and reading and reading. Thanks very much *SirDice *for your information.

Finally, I added two lines to my smb4.conf

max protocol = SMB2
ntlm auth = yes

With these two lines I am telling the Samba Server to use the Samba version 2 and forcing the server to use NTLMv2 authentication. (More info at https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html).

So, finally I have all the 1TB-disk directories of my Samba Server on my Raspberry Pi running FreeBSD 12  yuhuuuuuu!


----------



## vlig (Oct 31, 2021)

Not working in 2021 =(
Any thoughts?


----------



## SirDice (Nov 1, 2021)

vlig said:


> Not working in 2021 =(
> Any thoughts?


Yeah, not enough information. What doesn't work? From where to where?


----------



## zirias@ (Nov 1, 2021)

FYI: https://lists.freebsd.org/archives/freebsd-current/2021-October/000893.html

Although the discussion so far looks like smbfs will stay in base, it will continue to only support SMBv1, which is useless for most scenarios. The recommendation is to use some FUSE implementation if you need it.


----------



## vlig (Nov 2, 2021)

Zirias said:


> FYI: https://lists.freebsd.org/archives/freebsd-current/2021-October/000893.html
> 
> Although the discussion so far looks like smbfs will stay in base, it will continue to only support SMBv1, which is useless for most scenarios. The recommendation is to use some FUSE implementation if you need it.


As we can see in the mailing list, there're companies massively using Samba to share files between very different systems. Also , we can see an intention do drop smbfs from 14.0 fully. Another enigmatic plan to get rid of users...


----------



## zirias@ (Nov 2, 2021)

How so? smbfs only supports SMBv1, and that is _utterly useless_ nowadays. If you control both sides, why not just use NFS?

And given it was broken without anyone even noticing (wild guess: because close to nobody uses SMBv1, for kind of obvious reasons), removing it would be better than delivering broken stuff…

But hey, there's also discussion about porting some code to finally support SMBv2/3 – _this_ would actually be useful. Let's hope someone does the work. If not, well, you'll have to use some FUSE implementation.


----------



## astyle (Nov 2, 2021)

vlig : Have you read the Handbook? It offers a great place to start. If you do that setup on your UNIX server, the shares will be visible on your Windows client. I followed the Handbook, ended up with a share that I can only access with root credentials. I kind of need that for my scenario, but I plan to disable the SMB server when my project  no longer requires SMB access. And this is a home setup that I'm doing just for myself.


----------



## vlig (Nov 2, 2021)

astyle said:


> vlig : Have you read the Handbook? It offers a great place to start. If you do that setup on your UNIX server, the shares will be visible on your Windows client. I followed the Handbook, ended up with a share that I can only access with root credentials. I kind of need that for my scenario, but I plan to disable the SMB server when my project  no longer requires SMB access. And this is a home setup that I'm doing just for myself.


I close to become insane of reading from different sources))) Including Handbook of course. The problem is how to connect a FreeBSD laptop to shares on my Pi on Raspbian. Here is the topic, still no luck  (except smbnetfs which just works).


----------



## astyle (Nov 3, 2021)

vlig said:


> I close to become insane of reading from different sources))) Including Handbook of course. The problem is how to connect a FreeBSD laptop to shares on my Pi on Raspbian. Here is the topic, still no luck  (except smbnetfs which just works).


Have you tried installing WebMin on your Pi? Probably not the smartest idea, but it's the only one I can think at the moment of that can help you with creating a usable smb4.conf config file to export your Pi-hosted shares. Once the shares are properly exported, and the smbd daemon is running, FreeBSD should have no trouble picking those up.

Oh, and don't confuse that with NFS - similar ideas, but different config files. If you use Samba, you can't use /etc/exports, that's only for NFS.

I frankly think that NFS is better than Samba for sharing files between UNIX machines. You can export the same folder path using (NFS and /etc/exports) or (Samba and smb4.conf). Whichever method you pick, stick with the correct config file for that method, don't mix them and expect things to work.

FWIW, it's perfectly possible to have the same /path/to/share/and/file exported with both NFS and Samba - just make sure you first do one method (and take it to completion), then the other.


----------



## vlig (Nov 3, 2021)

astyle said:


> both NFS and Samba


Just connected my FreeBSD-laptop to my shares via NFS =) Not clearly got it about using WebMin for the purpose (it has been installed just for fun), but I see the Samba way the most reliable way to share files among devices (including Android and WebOS). NFS is definitely cool, but it isn't so multi-purpose. So, for now I only see simultaneously use of the both.


----------

