Vagrant: Please add domain as an option for SMB shares
Provisioning of ubuntu box on windows 10 hos using hyperv provider fails when using domain credentials to mount local dir.
Various ways of providing domain and username during vagrant provisioning all fail. Hardcoding the domain into the vagrantfile causes mount to work when simply providing username when prompted.
Please add a prompt for domain during provisioning when mounting SMB shares on Windows hosts to avoid having to hardcode domain into vagrantfile
Vagrant version
Vagrant 1.9.8 (windows x64)
Host operating system
Microsoft Windows 10 Pro
Build 10.0.150613
Guest operating system
This is the operating system you run in the virtual machine.
Ubuntu 16.0.4.1 LTS
Vagrantfile
Vagrant.configure("2") do |config|
config.vm.box = "maxx/ubuntu16"
config.vm.boot_timeout = 120
config.vm.provision "shell", inline: <<-SHELL
sudo apt-get update
sudo apt-get install -y \
git-all \
python-pip
pip install --upgrade pip
echo "Install Docker"
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get -y install docker-ce
sudo docker run hello-world
pip install docker-compose
SHELL
end
Debug output
Bringing machine 'default' up with 'hyperv' provider...
==> default: Verifying Hyper-V is enabled...
==> default: Importing a Hyper-V instance
default: Please choose a switch to attach to your Hyper-V instance.
default: If none of these are appropriate, please open the Hyper-V manager
default: to create a new virtual switch.
default:
default: 1) DockerNAT
default: 2) wifi
default: 3) Intern
default: 4) Ekstern
default:
default: What switch would you like to use? 2
default: Cloning virtual hard drive...
default: Creating and registering the VM...
default: Setting VM Integration Services
default: Successfully imported a VM with name: vargrant-dev-source
==> default: Starting the machine...
==> default: Waiting for the machine to report its IP address...
default: Timeout: 120 seconds
default: IP: fe80::215:5dff:fe96:152
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 172.16.1.110:22
default: SSH username: vagrant
default: SSH auth method: private key
default:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Preparing SMB shared folders...
default: You will be asked for the username and password to use for the SMB
default: folders shortly. Please use the proper username/password of your
default: Windows account.
default:
default: Username: domain\user
default: Password (will be hidden):
==> default: Mounting SMB shared folders...
default: C:/Users/hsn/Documents/Testhuset/Internt/Projekter/hjemmeside/thdk-dev-env/dev-env => /vagrant
Failed to mount folders in Linux guest. This is usually because
the "vboxsf" file system is not available. Please verify that
the guest additions are properly installed in the guest and
can work properly. The command attempted was:
mount -t cifs -o uid=1000,gid=1000,sec=ntlm,credentials=/etc/smb_creds_fa7670ec05cff88c726ee9fe41c868b1 //172.16.1.196/fa7670ec05cff88c726ee9fe41c868b1 /vagrant
The error output from the last command was:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Expected behavior
Local windows directory should have been mounted as /vagrant using the credentials provided during provisioning.
Actual behavior
Mounting of SMB share failed causing vagrant to skip the inline provision script
The vagrant box is up and running without the /vagrant SMB share
Steps to reproduce
- Open Powershell with admin rights
- Navigate to folder containing above mentioned Vagrantfile
- run vagrant up
vagrant up --provider hyperv
- Select network interface
- Enter username when prompted: domain.suffixusername
- Enter password when prompted: password
- Provisioning fails with cifs error code 13: Permission denied
Trying alternative ways to provide domain name during provisioning all fails with either error code 13 (Permission denied) or error code 5 (Input/output error):
username
domainusername
domain.suffixusername
DOMAIN.suffixusername
DOMAIN.SUFFIXusername
domain.suffix\username
[email protected]
domain.suffix/username
Workaround
Add the following line to Vagranfile:
config.vm.synced_folder ".", "/vagrant", type: "smb", mount_options: ["domain=domain.suffix"]
References
Related issues:
- #8867
testhusethsn
All 10 comments
Interesting, i thought domain was passed when you used @domain.ext, appearantly not?
bbrala
on 31 Aug 2017
I would have thought the same. My guess is that it may be due to a stricter interpretation of ntlm authentification for SMB shares in Windows 10 build 150613, but that is just a guess. When googling can I see others having success using backslash notation against previous versions of Windows (like Windows 7)
I tried editing the credentialsfile and found that none of the ways I could come up with to enter domain as part of the username was accepted.
I tried the @domain, @domain.ext, domainuser, domain.extuser, double backslash, forward slash, lowercase, uppercase, etc., without luck. I also tried mounting without the sec=ntlm option, resulting in (-5: Input/output error) rather than (-13: Permission denied)
Entering domain specifically in the file solved the problem, so I hardcoded it in the vagrantfile and found it working. I would however like to be able to use this vagrantfile generically and not having to maintain domain-specific versions of it.
An optional domain-prompt would solve that.
testhusethsn
on 31 Aug 2017
Hmm, seems the linux side of things is ok, but creating the share is missing the logic for parsing domain and setting those permission on the shared folder.
While in the linux side:
Although the set_share seems a bit weird prepending the computer name always, it does seem to handle things the same way for a config value vs an entered value...
Default for net share is the current domain if nothing is entered, but that never happens in the script, since is prepend computer name.
https://technet.microsoft.com/en-us/library/bb490717.aspx?f=255&MSPPError=-2147217396
Although i have not real conclusion, i'll still post this since it might help later.
bbrala
on 4 Oct 2017
Also ran into this issue on my windows domain. The workaround saved me. Settings up credentials needs to be easy. Also keep in mind windows passwords are rotating.
An optional domain-prompt would help, but not the final goal.
xrow
on 12 Dec 2017
Thank you for providing the workaround! I have the same issue with Vagrant 2.0.0.
Domain is available from USERDOMAIN environment variable, so a generic/dynamic workaroud would be
config.vm.synced_folder ".", "/vagrant", type: "smb", mount_options: ["domain=" + ENV["USERDOMAIN"]]
jokimaki
on 4 Feb 2018
I don't think this really a bug because if you use the documented recommended smb_username / smb_password approach instead of putting credentials into the mount options then it works as-is.
Here is what I use for Windows 10 1703, 1709 and up through the current Windows Insider.
syncedFolderOpts = { type: "smb", mount_options: ["vers=3.02",
"sec=ntlmssp", "iocharset=utf8", "mapchars", "noperm", "soft"],
smb_username: "myname@mydomain", smb_password: "mypa55word" }
config.vm.synced_folder ".", "/vagrant", syncedFolderOpts
On the Vagrant default CentOS base box you will have to yum install cifs_utils before your mounts will work.
ghost
on 9 Mar 2018
*sudo yum install cifs-utils
I have put the installation in the provisioning. When first booting, you will need to run up -> provision -> reload.
spawnia
on 7 Sep 2018
username@domain worked for me. I’m using Hyper-V with Windows guest. I entered username@domain in command line instead of having them in Vagrantfile. I thought we are using the format like DOMAIN\username, similar to what I see when logging into Windows.
Note that both the NetBIOS name (like DOMAIN) and FQDN (a.k.a. DNS name, like domain.corp.net) works.
Shall we document this some where?
FranklinYu
on 24 Apr 2019
To anybody else facing this exact mount error(13): Permission denied error, this is what helped me:
- The username being asked for is the one you get when you run
$Env:USERNAMEin PowerShell. - The password being asked for is the one you would use for login into the current Windows user account on that host machine. This _may_ differ from your Microsoft account password if you have recently changed that one (this is the case for me).
A fairly simple fix (in my case) so I hope this helps!
fernandogmo
on 29 Mar 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 14 May 2020
Related issues
bbaassssiiee
·
3Comments
tomhking
·
3Comments
Cbeck527
·
3Comments
jazzfog
·
3Comments
StefanScherer
·
3Comments
Most helpful comment
Thank you for providing the workaround! I have the same issue with Vagrant 2.0.0.
Domain is available from
USERDOMAINenvironment variable, so a generic/dynamic workaroud would be