[linux-cifs-client] failed connections to 2008r2 server in high security mode
Jimi Schwar
schwarj at mail.montclair.edu
Thu Apr 22 12:01:39 MDT 2010
I am having a horrible time connecting to a Windows 2008r2 server that
requires signing and NTLMv2 from a RHEL 5 server. When trying to
connect I issue the following command:
mount -t cifs //<servername>/<sharename> /mnt/cifs/ -o
user=<SERVERNAME>\\user,sec=ntlmv2i -vv
After entering my password the verbose output is:
mount.cifs kernel mount options:
unc=//<servername>\<sharename>,domain=<SERVERNAME>,ver=1,rw,user=<username>,,,,,,,,,,,,,,sec=ntlmv2i,ip=x.x.x.x,pass=********
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
I have tried every combination I can think of, replacing sec=ntlmv2i
with ntlmv2, and specifying sign, adding the domain name, trying actual
AD users instead of a local user, but all have failed. However I have
no problems at all connecting with smbclient. One thing I did notice is
that with the smbclient SPNEGO must be used to make a connection, when I
set it to "no" the connection always fails. I believe I have it
configured properly for the kernel.
I have the following 2 lines in /etc/request-key.conf
create cifs.spnego * * /usr/sbin/cifs.upcall %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
and I have keyutils installed. Can anyone tell me what I'm missing, as
I'm at a complete loss getting this connection to work.
[root@]# yum list | grep keyutil
keyutils.x86_64 1.2-1.el5
installed
keyutils-libs.i386 1.2-1.el5
installed
keyutils-libs.x86_64 1.2-1.el5 installed
Here is my kernel module info:
[root@]# modinfo cifs
filename: /lib/modules/2.6.18-194.el5/kernel/fs/cifs/cifs.ko
version: 1.60RH
description: VFS to access servers complying with the SNIA CIFS
Specification e.g. Samba and Windows
license: GPL
author: Steve French <sfrench at us.ibm.com>
srcversion: 1E19234127C80DD280CE641
depends:
vermagic: 2.6.18-194.el5 SMP mod_unload gcc-4.1
parm: CIFSMaxBufSize:Network buffer size (not including
header). Default: 16384 Range: 8192 to 130048 (int)
parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range:
1 to 64 (int)
parm: cifs_min_small:Small network buffers in pool. Default:
30 Range: 2 to 256 (int)
parm: cifs_max_pending:Simultaneous requests to server.
Default: 50 Range: 2 to 256 (int)
module_sig:
883f3504ba0377878ccfeaa942826a11233a309e20373ac358c1f44611144fd5c03072bacf60c50a0b0fd3052e2277cc786c308ad54cf16c85f0bf
dmesg output of the connection:
fs/cifs/cifsfs.c: Devname: //x.x.montclair.edu/sharename flags: 64
fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 28 with uid: 0
fs/cifs/connect.c: Domain name set
fs/cifs/connect.c: Username: user
fs/cifs/connect.c: UNC: \\x.x.montclair.edu\webhome ip: x.x.x.x
fs/cifs/connect.c: Socket created
fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x1b58
fs/cifs/connect.c: Existing smb sess not found
fs/cifs/connect.c: Demultiplex PID: 6900
fs/cifs/cifssmb.c: secFlags 0x1005
fs/cifs/transport.c: For smb_command 114
fs/cifs/transport.c: Sending smb: total_len 82
| 0x00 0x00 0x00 0x4e 0xff 0x53 0x4d 0x42 | _ _ _ N ? S M B
| 0x72 0x00 0x00 0x00 0x00 0x00 0x01 0xc0 | r _ _ _ _ _ _ ?
| 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0x00 0x00 0x00 0x00 0x00 0x00 0xf3 0x1a | _ _ _ _ _ _ ? _
| 0x00 0x00 0x01 0x00 0x00 0x2b 0x00 0x02 | _ _ _ _ _ + _ _
| 0x4c 0x4d 0x31 0x2e 0x32 0x58 0x30 0x30 | L M 1 . 2 X 0 0
| 0x32 0x00 0x02 0x4c 0x41 0x4e 0x4d 0x41 | 2 _ _ L A N M A
| 0x4e 0x32 0x2e 0x31 0x00 0x02 0x4e 0x54 | N 2 . 1 _ _ N T
| 0x20 0x4c 0x4d 0x20 0x30 0x2e 0x31 0x32 | L M 0 . 1 2
| 0x00 0x02 0x50 0x4f 0x53 0x49 0x58 0x20 | _ _ P O S I X
| 0x32 0x00 | 2 _
fs/cifs/connect.c: rfc1002 length 0x71
| 0x6d 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | m _ _ _ ? S M B
| 0x72 0x00 0x00 0x00 0x00 0x80 0x01 0xc0 | r _ _ _ _ _ _ ?
| 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0x00 0x00 0x00 0x00 0x00 0x00 0xf3 0x1a | _ _ _ _ _ _ ? _
| 0x00 0x00 0x01 0x00 0x11 0x02 0x00 0x0f | _ _ _ _ _ _ _ _
| 0x32 0x00 0x01 0x00 0x04 0x41 0x00 0x00 | 2 _ _ _ _ A _ _
| 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0xfc 0xe3 0x01 0x00 0x8c 0x00 0x5c 0x77 | ? ? _ _ _ _ \ w
| 0x42 0xe2 0xca 0x01 0xf0 0x00 0x08 0x28 | B ? ? _ ? _ _ (
| 0x00 0x93 0x41 0xc6 0x0a 0x12 0xc3 0x01 | _ _ A ? _ _ ? _
| 0x89 0x41 0x00 0x44 0x00 0x00 0x00 0x43 | _ A _ D _ _ _ C
| 0x00 0x57 0x00 0x46 0x00 0x4c 0x00 0x50 | _ W _ F _ L _ P
| 0x00 0x52 0x00 0x53 0x00 0x56 0x00 0x52 | _ R _ S _ V _ R
| 0x00 0x31 0x00 0x57 0x00 0x38 0x00 0x00 | _ 1 _ W _ 8 _ _
| 0x00 | _
| 0x6d 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | m _ _ _ ? S M B
| 0x72 0x00 0x00 0x00 0x00 0x80 0x01 0xc0 | r _ _ _ _ _ _ ?
| 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0x00 0x00 0x00 0x00 0x00 0x00 0xf3 0x1a | _ _ _ _ _ _ ? _
| 0x00 0x00 0x01 0x00 0x11 0x02 0x00 0x0f | _ _ _ _ _ _ _ _
| 0x32 0x00 0x01 0x00 0x04 0x41 0x00 0x00 | 2 _ _ _ _ A _ _
| 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0xfc 0xe3 0x01 0x00 0x8c 0x00 0x5c 0x77 | ? ? _ _ _ _ \ w
| 0x42 0xe2 0xca 0x01 0xf0 0x00 0x08 0x28 | B ? ? _ ? _ _ (
| 0x00 0x93 0x41 0xc6 0x0a 0x12 0xc3 0x01 | _ _ A ? _ _ ? _
| 0x89 0x41 0x00 0x44 0x00 0x00 0x00 0x43 | _ A _ D _ _ _ C
| 0x00 0x57 0x00 0x46 | _ W _ F
fs/cifs/cifssmb.c: Dialect: 2
fs/cifs/cifssmb.c: Must sign - secFlags 0x1005
fs/cifs/cifssmb.c: negprot rc 0
fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x1e3fc TimeAdjust:
14400
fs/cifs/sess.c: sess setup type 3
fs/cifs/transport.c: For smb_command 115
fs/cifs/transport.c: Sending smb: total_len 270
| 0x00 0x00 0x01 0x0a 0xff 0x53 0x4d 0x42 | _ _ _ _ ? S M B
| 0x73 0x00 0x00 0x00 0x00 0x00 0x05 0xc0 | s _ _ _ _ _ _ ?
| 0x00 0x00 0x8f 0x28 0x1d 0xb0 0xcf 0x3c | _ _ _ ( _ ? ? <
| 0xd6 0x53 0x00 0x00 0x00 0x00 0xf3 0x1a | ? S _ _ _ _ ? _
| 0x00 0x00 0x02 0x00 0x0d 0xff 0x00 0x00 | _ _ _ _ _ ? _ _
| 0x00 0x58 0x40 0x32 0x00 0x00 0x00 0x00 | _ X @ 2 _ _ _ _
| 0x00 0x00 0x00 0x00 0x00 0x34 0x00 0x00 | _ _ _ _ _ 4 _ _
| 0x00 0x00 0x00 0xdc 0xc0 0x00 0x00 0xcd | _ _ _ ? ? _ _ ?
| 0x00 | _
fs/cifs/connect.c: rfc1002 length 0x27
| 0x23 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | # _ _ _ ? S M B
| 0x73 0x0d 0x00 0x00 0xc0 0x80 0x05 0xc0 | s _ _ _ ? _ _ ?
| 0x00 0x00 0x8f 0x28 0x1d 0xb0 0xcf 0x3c | _ _ _ ( _ ? ? <
| 0xd6 0x53 0x00 0x00 0x00 0x00 0xf3 0x1a | ? S _ _ _ _ ? _
| 0x00 0x00 0x02 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _
| 0x23 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | # _ _ _ ? S M B
| 0x73 0x0d 0x00 0x00 0xc0 0x80 0x05 0xc0 | s _ _ _ ? _ _ ?
| 0x00 0x00 0x8f 0x28 0x1d 0xb0 0xcf 0x3c | _ _ _ ( _ ? ? <
| 0xd6 0x53 0x00 0x00 0x00 0x00 0xf3 0x1a | ? S _ _ _ _ ? _
| 0x00 0x00 0x02 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0x00 0x58 0x40 0x32 0x00 0x00 0x00 0x00 | _ X @ 2 _ _ _ _
| 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x00 | _ _ _ _ _ _ _ _
| 0x00 0x00 0x00 0xdc 0xc0 0x00 0x00 0xc9 | _ _ _ ? ? _ _ ?
| 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
| _ _ _ _ _ _ _ _
CIFS VFS: Unexpected SMB signature
Status code returned 0xc000000d NT_STATUS_INVALID_PARAMETER
fs/cifs/netmisc.c: Mapping smb error code 87 to POSIX err -22
fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
fs/cifs/sess.c: ssetup rc from sendrecv2 is -22
fs/cifs/sess.c: ssetup freeing small buf ffff81006ef78300
CIFS VFS: Send error in SessSetup = -22
fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 28) rc = -22
CIFS VFS: cifs_mount failed w/return code = -22
More information about the linux-cifs-client
mailing list