[linux-cifs-client] mapping shares to a netapp filer
Chris Shelton
cshelton at indiana.edu
Thu Sep 13 13:24:46 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joel,
On Tue, 11 Sep 2007 at 5:08pm, Joel Krajden wrote:
> We have been unable to get the cifs client working with this
> configuration and unencrypted passwords. The filer is using NIS for
> authentication.
>
> FC6
> linux-2.6.22
> cifs 1.49
>
> Ontap 7.2.3
>
> FC4 with smbmount works fine.
>
> None of the cifsSecurity flags settings has been useful.
Do you have kernel config option CONFIG_CIFS_WEAK_PW_HASH set? I
don't think that this is set by default. I would suspect that this
option would be required for using unencrypted passwords. The
description of this option is:
CONFIG_CIFS_WEAK_PW_HASH:
Modern CIFS servers including Samba and most Windows versions
(since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
security mechanisms. These hash the password more securely
than the mechanisms used in the older LANMAN version of the
SMB protocol needed to establish sessions with old SMB servers.
Enabling this option allows the cifs module to mount to older
LANMAN based servers such as OS/2 and Windows 95, but such
mounts may be less secure than mounts using NTLM or more recent
security mechanisms if you are on a public network. Unless you
have a need to access old SMB servers (and are on a private
network) you probably want to say N. Even if this support
is enabled in the kernel build, they will not be used
automatically. At runtime LANMAN mounts are disabled but
can be set to required (or optional) either in
/proc/fs/cifs (see fs/cifs/README for more detail) or via an
option on the mount command. This support is disabled by
default in order to reduce the possibility of a downgrade
attack.
If unsure, say N.
Symbol: CIFS_WEAK_PW_HASH [=n]
Prompt: Support legacy servers which use weaker LANMAN security
Defined at fs/Kconfig:1871
Depends on: NET && CIFS
Location:
-> File systems
-> Network File Systems
-> CIFS support (advanced network filesystem for Samba,
Window and other CIFS compliant servers) (CIFS [=m])
- -- Chris Shelton
- -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFG6ToeM5TknMKatUwRAumDAJwL2PpPQD+gAOqi9s5fDXzcUOPrTgCgqMJS
FK8GnDF2+dV1zYzhM0UMFI4=
=hdzz
-----END PGP SIGNATURE-----
More information about the linux-cifs-client
mailing list