[linux-cifs-client] Re: Query pertaining to PLAINTXT PASSWORD
authentication
Steve French
smfrench at gmail.com
Thu Nov 1 19:45:28 GMT 2007
> I was trying the ubuntu 7.10 image (linux kernel 2.6.22). I am trying to
> access the CIFS server (supporting pain text passwords) and somehow
> always land up with :
>
> >[ 5274.003101] CIFS VFS: Server requests plain text password but
> client support disabled
> >[ 5274.004823] CIFS VFS: Send error in SessSetup = -13
> >[ 5274.133055] CIFS VFS: cifs_mount failed w/return code = -13
Due to potential downgrade attacks (orcing plaintext across the wire),
plaintext password support for cifs mounts requires both the build flag
that you mention below and a change to the default security settings
at runtime (/proc/fs/cifs/SecurityFlags) e.g. before you mount
"echo 0x37 > /proc/fs/cifs/SecurityFlags"
This allows plaintext and lanman authentication. You can change the flags
back right after the mount is complete.
> I enabled the CONFIG_CIFS_WEAK_PW_HASH flag in menuconfig for the cifs
> client module, but see the above error. Is their a way to enable
> plaintext authentication on the linux kernel image I am using. I have
> also seen discussions related to enabling plain text from "echo
> 0x37> /proc/fs/cifs/ExtendedSecurity" and "echo 39
> >/proc/fs/cifs/SecurityFlags". I don't see the former file in my proc
> directory and editing to the later one is not permitted.
The correct file name is "/proc/fs/cifs/SecurityFlags" and you should
probably set it to 0x37
or 0x27 (0x20 is plaintext, and 0x10 is LANMAN, 0x07 is the default
allowing NTLM and NTLMv2). If you set invalid flags you get an error
back trying to write to that config file.
It would be great if someone wrote a little gui or cli program to configure the
cifs proc settings (and another to dump information from /proc/fs/cifs)
> The mount command which I use is
> sudo mount -o username=<userid>,password=<my password> //<ipaddress of
> the server>/<my home directory on server> ./<local mount point>
>
> The error code sent by server is "STATUS_LOGON_FAILURE (0xc000006d)"
--
Thanks,
Steve
More information about the linux-cifs-client
mailing list