In operation and maintenance, I created a Shared disk on Windows (192.168.2.212), set the share permissions to be readable and writable for the local account test, then created mount point /share on Linux side, then mount -t cifs //192.168.2.212/test/share-o username=test,password=Pass1234, but prompted the following information:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
According to the description of security mode in Man mount. Cifs, kernel 3.8 USES NTLMSSP by default, and the rest USES NTLM. Here I query kernel 3.10.0-327.el7.x86_64 (uname-a can be viewed), and NTLM is selected. The final statement is mount -t cifs //10.15.2.212/test/share-o username=test,password=Pass1234, SEC = NTLM, executed successfully.
SEC =
Security mode. Allowed values are:
· None-attempt to connection as a null user (no name)
· KRB5-use Kerberos Version 5 Authentication
· Krb5i-use Kerberos authentication and Establish enable Packet Signing
· NTLM-use NTLM password Hashing
· NTLMI-use NTLM password hashing and force packet Signing
· NTLMv2-use NTLMv2 password Hashing
· NTLMV2I-use NTLMv2 password hashing and force packet Signing
· NtlMSSP-use NTLMv2 password hashing Encapsulated in Raw NTLMSSP message
· NtlMSspi – Use NTLMv2 password hashing. Additionally, encapsulated in Raw NTLMSSP message, and Force packet Signing
The default in mainline kernel versions prior to V3.8 was SEC = ntlm.in v3.8, The default was changed to SEC = NTLMSSP.
If the server requires Signing during protocol negotiation, Then it may be enabled automatically. The Packet signing may also be enabled
automatically if it ‘s enabled in/proc/fs/cifs/SecurityFlags.
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
According to the description of security mode in Man mount. Cifs, kernel 3.8 USES NTLMSSP by default, and the rest USES NTLM. Here I query kernel 3.10.0-327.el7.x86_64 (uname-a can be viewed), and NTLM is selected. The final statement is mount -t cifs //10.15.2.212/test/share-o username=test,password=Pass1234, SEC = NTLM, executed successfully.
SEC =
Security mode. Allowed values are:
· None-attempt to connection as a null user (no name)
· KRB5-use Kerberos Version 5 Authentication
· Krb5i-use Kerberos authentication and Establish enable Packet Signing
· NTLM-use NTLM password Hashing
· NTLMI-use NTLM password hashing and force packet Signing
· NTLMv2-use NTLMv2 password Hashing
· NTLMV2I-use NTLMv2 password hashing and force packet Signing
· NtlMSSP-use NTLMv2 password hashing Encapsulated in Raw NTLMSSP message
· NtlMSspi – Use NTLMv2 password hashing. Additionally, encapsulated in Raw NTLMSSP message, and Force packet Signing
The default in mainline kernel versions prior to V3.8 was SEC = ntlm.in v3.8, The default was changed to SEC = NTLMSSP.
If the server requires Signing during protocol negotiation, Then it may be enabled automatically. The Packet signing may also be enabled
automatically if it ‘s enabled in/proc/fs/cifs/SecurityFlags.