[linux-cifs-client] Re: smbfs & cifs

Steve French smfrench at austin.rr.com
Tue Dec 12 16:57:14 GMT 2006


 > have a "SuSE Linux v8.1" and a "Windows 2000 Advanced Server" system  
 > and "# /bin/mount -t smbfs -o  
 > username=USERNAME,password=PASSWORD,iocharset=iso8859-15,codepage=cp850  
 > //SERVER/SHARE /MOUNTPOINT" works perfekt with the Windows 2000 host.
 > 
 > The same command on another (new installed) maschine "SuSE Linux v10.1"  
 > results in
 >
 >-------
 >cli_negprot: SMB signing is mandatory and we have disabled it.
 >5899: protocol negotiation failed
 >SMB connection failed
 >------
 >
 >I always used the same Windows 2000 Server with the same share.

If true that would seem like a serious Windows server bug that it could
be configured to require signing but would not enforce it.   According to
the smbfs log your server has been configured to require packet signing
(which is the default for many servers in Windows 200x domains) and
smbfs does not support packet signing (cifs does support signing) - not 
sure
how it could ever have worked with smbfs.   I have not seen a case in
which Windows required signing and then did not enforce it.

An ethereal (wireshark) trace would be more conclusive because it
would show a few other things (like the "action" field in the
SMB session setup response that indicates e.g. whether the
server authenticated the user as "guest" or as a real user - for
cifs this state is also visible in /proc/fs/cifs/DebugData)
 
 >I also tried to use cifs on the newer linux system:
 > 
 >"# /sbin/mount.cifs //SERVER/SHARE /MOUNTPOINT  
 > -ouser=USERNAME,password=PASSWORD"
 > 
 >Now I got the following error message:
 > 
 > ------
 >mount error 13 = Permission denied

Have you tried specifying the domain of the server on the command
line ("domain=mydomain")
 
 >I tried to alter these values
 > 
 >echo 2 >/proc/fs/cifs/PacketSigningEnabled
CIFS should negotiate packet signing by default if the server
requires it, so this should not be necessary (but is harmless to set,
although it slows things down a bit to sign packets it is somewhat
more secure)

 >echo 1 >/proc/fs/cifs/ExtendedSecurity
 >echo 1 >/proc/fs/cifs/NTLMV2Enabled
NTLMv2 is now enabled (in current cifs since about 2.6.17) on the 
command line,
ie "sec=ntlmv2" but to Windows server ntlmv2 requires the recent cifs change
in 2.6.20



More information about the linux-cifs-client mailing list