[linux-cifs-client] mapping shares to a netapp filer
Joel Krajden
joelk at encs.concordia.ca
Thu Sep 13 13:58:18 GMT 2007
Hi Chris,
CONFIG_CIFS_WEAK_PW_HASH was set to Y for the kernel build and
/proc/fs/cifs/cifsSecurity had the recommended flags set.
Joel
Chris Shelton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Joel,
>
> On Tue, 11 Sep 2007 at 5:08pm, Joel Krajden wrote:
>
>> We have been unable to get the cifs client working with this
>> configuration and unencrypted passwords. The filer is using NIS for
>> authentication.
>>
>> FC6
>> linux-2.6.22
>> cifs 1.49
>>
>> Ontap 7.2.3
>>
>> FC4 with smbmount works fine.
>>
>> None of the cifsSecurity flags settings has been useful.
>
> Do you have kernel config option CONFIG_CIFS_WEAK_PW_HASH set? I
> don't think that this is set by default. I would suspect that this
> option would be required for using unencrypted passwords. The
> description of this option is:
>
> CONFIG_CIFS_WEAK_PW_HASH:
> Modern CIFS servers including Samba and most Windows versions
> (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
> security mechanisms. These hash the password more securely
> than the mechanisms used in the older LANMAN version of the
> SMB protocol needed to establish sessions with old SMB servers.
> Enabling this option allows the cifs module to mount to older
> LANMAN based servers such as OS/2 and Windows 95, but such
> mounts may be less secure than mounts using NTLM or more recent
> security mechanisms if you are on a public network. Unless you
> have a need to access old SMB servers (and are on a private
> network) you probably want to say N. Even if this support
> is enabled in the kernel build, they will not be used
> automatically. At runtime LANMAN mounts are disabled but
> can be set to required (or optional) either in
> /proc/fs/cifs (see fs/cifs/README for more detail) or via an
> option on the mount command. This support is disabled by
> default in order to reduce the possibility of a downgrade
> attack.
>
> If unsure, say N.
>
> Symbol: CIFS_WEAK_PW_HASH [=n]
> Prompt: Support legacy servers which use weaker LANMAN security
> Defined at fs/Kconfig:1871
> Depends on: NET && CIFS
> Location:
> -> File systems
> -> Network File Systems
> -> CIFS support (advanced network filesystem for Samba,
> Window and other CIFS compliant servers) (CIFS [=m])
>
> - -- Chris Shelton
> - -
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFG6ToeM5TknMKatUwRAumDAJwL2PpPQD+gAOqi9s5fDXzcUOPrTgCgqMJS
> FK8GnDF2+dV1zYzhM0UMFI4=
> =hdzz
> -----END PGP SIGNATURE-----
--
| Joel Krajden | Rm: EV-7105, Tel: 514 848-2424 3052 |
| Senior Systems Analyst | Fax: 514 848-2830 |
| Engineering & | Email: joelk at encs.concordia.ca |
| Computer Science | www.encs.concordia.ca/~staffcs/joelk |
| Concordia University | In a circus, the clowns are supposed |
| Montreal, Canada | to make you laugh, not cry. |
More information about the linux-cifs-client
mailing list