CIFS VFS SessSetup = -13 cifs_mount failed in Xen (or Unix)

Posted by Carlos Villabrille on December 3, 2018
Posted in: OS Categories. Tagged: , , , , , , , , . Leave a Comment

While trying to mount a CIFs share folder you receive the following error:

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

In addition to above, you can see in logs the following error messages if you have enabled verbose mode (-vvv)

kernel: [16984.537149] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
kernel: [16984.537157] CIFS VFS: Send error in SessSetup = -13
kernel: [16984.537346] CIFS VFS: cifs_mount failed w/return code = -13

That is caused (as per the error messages) due to an incorrect user validation against the CIFS server, but not because you have setup you credentials incorrectly but due to the security used by default. “sec” is the security mode and determines how passwords are encrypted between server and client (even if you don’t require passwords) based on how to mount windows share on boot

In XenSource (does not matter the version, I faced that issue on 6.2, 6.5) if you try to load the CIFs module in memory it will be loaded with the following options thanks to the file /etc/modprobe.d/cifs.conf

install cifs /sbin/modprobe --ignore-install cifs $CMDLINE_OPTS && { echo 0x87 > /proc/fs/cifs/SecurityFlags ; }

which is setting a security based on ntlmssp.

Hence, you have two options:

  1. Remove that 0x87 setup from the cifs.conf file to be like 
    install cifs /sbin/modprobe --ignore-install cifs $CMDLINE_OPTS
  2. Or update your scripts to use same encryption (recommended): 
    # mount.cifs -o username=user,password=pass,sec=ntlmssp //server/share /mount/point

That will avoid the error and allow you to mount correctly the shared folder.

 

Taking the opportunity we have updated the modprobe cifs setup, we  can setup an additional configuration that will make a bit improvement on CIFs speed (support Citrix article CTX132665).

Update the cifs.conf file with the following:

install cifs /sbin/modprobe --ignore-install cifs; /usr/local/bin/disable_cifs_opt.sh;

and create a file called /usr/local/bin/disable_cifs_opt.sh and fill it with:

# disable LookupCacheEnable
echo "0" > /proc/fs/cifs/LookupCacheEnabled
# disable LinuxExtensionsEnabled
echo "0" > /proc/fs/cifs/LinuxExtensionsEnabled
# enable ntlmssp sec
echo 0x87 > /proc/fs/cifs/SecurityFlags

Now just remove the module from memory and re-load it (just be sure nothing is using it before removal)

# rmmod cifs
# modprobe cifs

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *