[linux-cifs-client] failed connections to 2008r2 server in high security mode
Shirish Pargaonkar
shirishpargaonkar at gmail.com
Fri Apr 23 14:18:59 MDT 2010
On Fri, Apr 23, 2010 at 2:16 PM, Jimi Schwar <schwarj at mail.montclair.edu> wrote:
> On 4/23/10 12:36 PM, Shirish Pargaonkar wrote:
>> On Fri, Apr 23, 2010 at 11:02 AM, Jimi Schwar
>> <schwarj at mail.montclair.edu> wrote:
>>> On 4/23/10 9:44 AM, Shirish Pargaonkar wrote:
>>>> On Fri, Apr 23, 2010 at 5:40 AM, Jeff Layton <jlayton at samba.org> wrote:
>>>>> On Thu, 22 Apr 2010 22:59:10 -0500
>>>>> Shirish Pargaonkar <shirishpargaonkar at gmail.com> wrote:
>>>>>
>>>>>> On Thu, Apr 22, 2010 at 1:01 PM, Jimi Schwar <schwarj at mail.montclair.edu> wrote:
>>>>>>> I am having a horrible time connecting to a Windows 2008r2 server that
>>>>>>> requires signing and NTLMv2 from a RHEL 5 server. When trying to
>>>>>>> connect I issue the following command:
>>>>>>>
>>>>>>> mount -t cifs //<servername>/<sharename> /mnt/cifs/ -o
>>>>>>> user=<SERVERNAME>\\user,sec=ntlmv2i -vv
>>>>>>>
>>>>>>> After entering my password the verbose output is:
>>>>>>>
>>>>>>> mount.cifs kernel mount options:
>>>>>>> unc=//<servername>\<sharename>,domain=<SERVERNAME>,ver=1,rw,user=<username>,,,,,,,,,,,,,,sec=ntlmv2i,ip=x.x.x.x,pass=********
>>>>>>> mount error(22): Invalid argument
>>>>>>> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
>>>>>>>
>>>>>>> I have tried every combination I can think of, replacing sec=ntlmv2i
>>>>>>> with ntlmv2, and specifying sign, adding the domain name, trying actual
>>>>>>> AD users instead of a local user, but all have failed. However I have
>>>>>>> no problems at all connecting with smbclient. One thing I did notice is
>>>>>>> that with the smbclient SPNEGO must be used to make a connection, when I
>>>>>>> set it to "no" the connection always fails. I believe I have it
>>>>>>> configured properly for the kernel.
>>>>>>>
>>>>>>> I have the following 2 lines in /etc/request-key.conf
>>>>>>>
>>>>>>> create cifs.spnego * * /usr/sbin/cifs.upcall %k
>>>>>>> create dns_resolver * * /usr/sbin/cifs.upcall %k
>>>>>>>
>>>>>>> and I have keyutils installed. Can anyone tell me what I'm missing, as
>>>>>>> I'm at a complete loss getting this connection to work.
>>>>>>>
>>>>>>> [root@]# yum list | grep keyutil
>>>>>>> keyutils.x86_64 1.2-1.el5
>>>>>>> installed
>>>>>>> keyutils-libs.i386 1.2-1.el5
>>>>>>> installed
>>>>>>> keyutils-libs.x86_64 1.2-1.el5 installed
>>>>>>>
>>>>>>> Here is my kernel module info:
>>>>>>>
>>>>>>> [root@]# modinfo cifs
>>>>>>> filename: /lib/modules/2.6.18-194.el5/kernel/fs/cifs/cifs.ko
>>>>>>> version: 1.60RH
>>>>>>> description: VFS to access servers complying with the SNIA CIFS
>>>>>>> Specification e.g. Samba and Windows
>>>>>>> license: GPL
>>>>>>> author: Steve French <sfrench at us.ibm.com>
>>>>>>> srcversion: 1E19234127C80DD280CE641
>>>>>>> depends:
>>>>>>> vermagic: 2.6.18-194.el5 SMP mod_unload gcc-4.1
>>>>>>> parm: CIFSMaxBufSize:Network buffer size (not including
>>>>>>> header). Default: 16384 Range: 8192 to 130048 (int)
>>>>>>> parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range:
>>>>>>> 1 to 64 (int)
>>>>>>> parm: cifs_min_small:Small network buffers in pool. Default:
>>>>>>> 30 Range: 2 to 256 (int)
>>>>>>> parm: cifs_max_pending:Simultaneous requests to server.
>>>>>>> Default: 50 Range: 2 to 256 (int)
>>>>>>> module_sig:
>>>>>>> 883f3504ba0377878ccfeaa942826a11233a309e20373ac358c1f44611144fd5c03072bacf60c50a0b0fd3052e2277cc786c308ad54cf16c85f0bf
>>>>>>>
>>>>>>> dmesg output of the connection:
>>>>>>>
>>>>>>> fs/cifs/cifsfs.c: Devname: //x.x.montclair.edu/sharename flags: 64
>>>>>>> fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 28 with uid: 0
>>>>>>> fs/cifs/connect.c: Domain name set
>>>>>>> fs/cifs/connect.c: Username: user
>>>>>>> fs/cifs/connect.c: UNC: \\x.x.montclair.edu\webhome ip: x.x.x.x
>>>>>>> fs/cifs/connect.c: Socket created
>>>>>>> fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x1b58
>>>>>>> fs/cifs/connect.c: Existing smb sess not found
>>>>>>> fs/cifs/connect.c: Demultiplex PID: 6900
>>>>>>> fs/cifs/cifssmb.c: secFlags 0x1005
>>>>>>> fs/cifs/transport.c: For smb_command 114
>>>>>>> fs/cifs/transport.c: Sending smb: total_len 82
>>>>>>> | 0x00 0x00 0x00 0x4e 0xff 0x53 0x4d 0x42 | _ _ _ N ? S M B
>>>>>>> | 0x72 0x00 0x00 0x00 0x00 0x00 0x01 0xc0 | r _ _ _ _ _ _ ?
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0xf3 0x1a | _ _ _ _ _ _ ? _
>>>>>>> | 0x00 0x00 0x01 0x00 0x00 0x2b 0x00 0x02 | _ _ _ _ _ + _ _
>>>>>>> | 0x4c 0x4d 0x31 0x2e 0x32 0x58 0x30 0x30 | L M 1 . 2 X 0 0
>>>>>>> | 0x32 0x00 0x02 0x4c 0x41 0x4e 0x4d 0x41 | 2 _ _ L A N M A
>>>>>>> | 0x4e 0x32 0x2e 0x31 0x00 0x02 0x4e 0x54 | N 2 . 1 _ _ N T
>>>>>>> | 0x20 0x4c 0x4d 0x20 0x30 0x2e 0x31 0x32 | L M 0 . 1 2
>>>>>>> | 0x00 0x02 0x50 0x4f 0x53 0x49 0x58 0x20 | _ _ P O S I X
>>>>>>> | 0x32 0x00 | 2 _
>>>>>>> fs/cifs/connect.c: rfc1002 length 0x71
>>>>>>> | 0x6d 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | m _ _ _ ? S M B
>>>>>>> | 0x72 0x00 0x00 0x00 0x00 0x80 0x01 0xc0 | r _ _ _ _ _ _ ?
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0xf3 0x1a | _ _ _ _ _ _ ? _
>>>>>>> | 0x00 0x00 0x01 0x00 0x11 0x02 0x00 0x0f | _ _ _ _ _ _ _ _
>>>>>>> | 0x32 0x00 0x01 0x00 0x04 0x41 0x00 0x00 | 2 _ _ _ _ A _ _
>>>>>>> | 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0xfc 0xe3 0x01 0x00 0x8c 0x00 0x5c 0x77 | ? ? _ _ _ _ \ w
>>>>>>> | 0x42 0xe2 0xca 0x01 0xf0 0x00 0x08 0x28 | B ? ? _ ? _ _ (
>>>>>>> | 0x00 0x93 0x41 0xc6 0x0a 0x12 0xc3 0x01 | _ _ A ? _ _ ? _
>>>>>>> | 0x89 0x41 0x00 0x44 0x00 0x00 0x00 0x43 | _ A _ D _ _ _ C
>>>>>>> | 0x00 0x57 0x00 0x46 0x00 0x4c 0x00 0x50 | _ W _ F _ L _ P
>>>>>>> | 0x00 0x52 0x00 0x53 0x00 0x56 0x00 0x52 | _ R _ S _ V _ R
>>>>>>> | 0x00 0x31 0x00 0x57 0x00 0x38 0x00 0x00 | _ 1 _ W _ 8 _ _
>>>>>>> | 0x00 | _
>>>>>>> | 0x6d 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | m _ _ _ ? S M B
>>>>>>> | 0x72 0x00 0x00 0x00 0x00 0x80 0x01 0xc0 | r _ _ _ _ _ _ ?
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0xf3 0x1a | _ _ _ _ _ _ ? _
>>>>>>> | 0x00 0x00 0x01 0x00 0x11 0x02 0x00 0x0f | _ _ _ _ _ _ _ _
>>>>>>> | 0x32 0x00 0x01 0x00 0x04 0x41 0x00 0x00 | 2 _ _ _ _ A _ _
>>>>>>> | 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0xfc 0xe3 0x01 0x00 0x8c 0x00 0x5c 0x77 | ? ? _ _ _ _ \ w
>>>>>>> | 0x42 0xe2 0xca 0x01 0xf0 0x00 0x08 0x28 | B ? ? _ ? _ _ (
>>>>>>> | 0x00 0x93 0x41 0xc6 0x0a 0x12 0xc3 0x01 | _ _ A ? _ _ ? _
>>>>>>> | 0x89 0x41 0x00 0x44 0x00 0x00 0x00 0x43 | _ A _ D _ _ _ C
>>>>>>> | 0x00 0x57 0x00 0x46 | _ W _ F
>>>>>>> fs/cifs/cifssmb.c: Dialect: 2
>>>>>>> fs/cifs/cifssmb.c: Must sign - secFlags 0x1005
>>>>>>> fs/cifs/cifssmb.c: negprot rc 0
>>>>>>> fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x1e3fc TimeAdjust:
>>>>>>> 14400
>>>>>>> fs/cifs/sess.c: sess setup type 3
>>>>>>> fs/cifs/transport.c: For smb_command 115
>>>>>>> fs/cifs/transport.c: Sending smb: total_len 270
>>>>>>> | 0x00 0x00 0x01 0x0a 0xff 0x53 0x4d 0x42 | _ _ _ _ ? S M B
>>>>>>> | 0x73 0x00 0x00 0x00 0x00 0x00 0x05 0xc0 | s _ _ _ _ _ _ ?
>>>>>>> | 0x00 0x00 0x8f 0x28 0x1d 0xb0 0xcf 0x3c | _ _ _ ( _ ? ? <
>>>>>>> | 0xd6 0x53 0x00 0x00 0x00 0x00 0xf3 0x1a | ? S _ _ _ _ ? _
>>>>>>> | 0x00 0x00 0x02 0x00 0x0d 0xff 0x00 0x00 | _ _ _ _ _ ? _ _
>>>>>>> | 0x00 0x58 0x40 0x32 0x00 0x00 0x00 0x00 | _ X @ 2 _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x34 0x00 0x00 | _ _ _ _ _ 4 _ _
>>>>>>> | 0x00 0x00 0x00 0xdc 0xc0 0x00 0x00 0xcd | _ _ _ ? ? _ _ ?
>>>>>>> | 0x00 | _
>>>>>>> fs/cifs/connect.c: rfc1002 length 0x27
>>>>>>> | 0x23 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | # _ _ _ ? S M B
>>>>>>> | 0x73 0x0d 0x00 0x00 0xc0 0x80 0x05 0xc0 | s _ _ _ ? _ _ ?
>>>>>>> | 0x00 0x00 0x8f 0x28 0x1d 0xb0 0xcf 0x3c | _ _ _ ( _ ? ? <
>>>>>>> | 0xd6 0x53 0x00 0x00 0x00 0x00 0xf3 0x1a | ? S _ _ _ _ ? _
>>>>>>> | 0x00 0x00 0x02 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _
>>>>>>> | 0x23 0x00 0x00 0x00 0xff 0x53 0x4d 0x42 | # _ _ _ ? S M B
>>>>>>> | 0x73 0x0d 0x00 0x00 0xc0 0x80 0x05 0xc0 | s _ _ _ ? _ _ ?
>>>>>>> | 0x00 0x00 0x8f 0x28 0x1d 0xb0 0xcf 0x3c | _ _ _ ( _ ? ? <
>>>>>>> | 0xd6 0x53 0x00 0x00 0x00 0x00 0xf3 0x1a | ? S _ _ _ _ ? _
>>>>>>> | 0x00 0x00 0x02 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0x00 0x58 0x40 0x32 0x00 0x00 0x00 0x00 | _ X @ 2 _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0x18 0x00 0x18 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0xdc 0xc0 0x00 0x00 0xc9 | _ _ _ ? ? _ _ ?
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 | _ _ _ _ _ _ _ _
>>>>>>> | _ _ _ _ _ _ _ _
>>>>>>> CIFS VFS: Unexpected SMB signature
>>>>>>> Status code returned 0xc000000d NT_STATUS_INVALID_PARAMETER
>>>>>>> fs/cifs/netmisc.c: Mapping smb error code 87 to POSIX err -22
>>>>>>> fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
>>>>>>> fs/cifs/sess.c: ssetup rc from sendrecv2 is -22
>>>>>>> fs/cifs/sess.c: ssetup freeing small buf ffff81006ef78300
>>>>>>> CIFS VFS: Send error in SessSetup = -22
>>>>>>> fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 28) rc = -22
>>>>>>> CIFS VFS: cifs_mount failed w/return code = -22
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> linux-cifs-client mailing list
>>>>>>> linux-cifs-client at lists.samba.org
>>>>>>> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>>>>>>>
>>>>>>
>>>>>> It is broken. I have coded to send SPNEGO ntlmv2 authentication but
>>>>>> somehow am getting error of
>>>>>> Invalid parameter, the response does not tell which parameter though.
>>>>>>
>>>>>
>>>>> I think this is actually a bug in win2k8/vista:
>>>>>
>>>>> http://support.microsoft.com/kb/957441
>>>>>
>>>>> ...though it wouldn't be an issue if NTLMSSP/SPNEGO worked properly.
>>>>>
>>>>> --
>>>>> Jeff Layton <jlayton at samba.org>
>>>>>
>>>>
>>>> The bug does not mention Windows7, I have a Windows 7 box, so will try first
>>>> authenticating with it instead of Windows 2008 Server.
>>>> Also, I am not sure how essential SPNEGO is i.e. would Raw NTLMSSP with
>>>> NTLMv2 authentication mechanism suffice instead of SPNEGO NTLMSSP ntlmv2.
>>>> I also need to figure out how to tell smbclient talk ntlmv2 NTLMSSP
>>>> without SPNEGO,
>>>> by default it is SPNEGO NTLMSSP which I have been able to use against
>>>> a Windows7 box.
>>>>
>>>> Regards,
>>>>
>>>> Shirish
>>>
>>> I have tried sec=ntlmssp, which from the doc says is experimental, and
>>> it failed as well. Adding the registry key mentioned in the KB did
>>> allow me to mount the share without issue on both 2008 and 2008r2, so
>>> thanks Jeff, you rock.
>>
>> Two things, first, I think with sec=ntlmssp, you are using ntlmv1 in the current
>> cifs code. Can you please verify that?
>> And second, why is not smbclient bothered with this registry key presense or
>> absense?
>>
>>>
>>> Also, I know this is out of place for the conversation, but I also set
>>> up kerberos auth and it negotiated properly to auth to the share.
>>>
>>> If you guys want me to provide more feedback, please let me know what
>>> you need. Thanks for the help you've both provided so far.
>>>
>>> Jimi
>>> _______________________________________________
>>> linux-cifs-client mailing list
>>> linux-cifs-client at lists.samba.org
>>> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>>>
>
> I believe that the sec=ntlmssp is doing NTLMv1. I'm not 100% sure, but
> I did see NTLM 0.12 in the first portion of the mount.cifs dmesg output,
> which is ntlmv1 from what I've read.
>
> Here is a long debug session of connecting to the server using SPNEGO
> and the smbclient. It looks like it negotiates NTLMv2 without issue.
> Do you know if cifs.upcall handles NTLMSSP negotiation, or does it only
> handle things when using kerberos?
>
> ############################
> # SMBCLIENT CONNECTION #
> ############################
> [root@]# smbclient -v //server.montclair.edu/Test -U Administrator -W
> SERVER -d 5 -S yes
> INFO: Current debug levels:
> all: True/5
> tdb: False/0
> printdrivers: False/0
> lanman: False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: False/0
> rpc_cli: False/0
> passdb: False/0
> sam: False/0
> auth: False/0
> winbind: False/0
> vfs: False/0
> idmap: False/0
> quota: False/0
> acls: False/0
> locking: False/0
> msdfs: False/0
> dmapi: False/0
> registry: False/0
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = MYGROUP
> doing parameter server string = testbox.montclair.edu
> doing parameter netbios name = testbox
> handle_netbios_name: set global_myname to: TESTBOX
> doing parameter client ntlmv2 auth = yes
> doing parameter client signing = auto
> doing parameter client use spnego = yes
> doing parameter client lanman auth = no
> doing parameter lanman auth = no
> doing parameter security = user
> doing parameter passdb backend = tdbsam
> doing parameter use spnego = yes
> doing parameter domain master = no
> doing parameter local master = no
> doing parameter wins support = no
> pm_process() returned Yes
> Attempting to register new charset UCS-2LE
> Registered charset UCS-2LE
> Attempting to register new charset UTF-16LE
> Registered charset UTF-16LE
> Attempting to register new charset UCS-2BE
> Registered charset UCS-2BE
> Attempting to register new charset UTF-16BE
> Registered charset UTF-16BE
> Attempting to register new charset UTF8
> Registered charset UTF8
> Attempting to register new charset UTF-8
> Registered charset UTF-8
> Attempting to register new charset ASCII
> Registered charset ASCII
> Attempting to register new charset 646
> Registered charset 646
> Attempting to register new charset ISO-8859-1
> Registered charset ISO-8859-1
> Attempting to register new charset UCS2-HEX
> Registered charset UCS2-HEX
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> added interface eth0 ip=fe80::250:56ff:fe84:7c8e%eth0
> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=130.68.4.102 bcast=130.68.4.255
> netmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="TESTBOX"
> Client started (version 3.5.2).
> Enter Administrator's password:
> Opening cache file at /var/lib/samba/gencache.tdb
> Opening cache file at /var/lib/samba/gencache_notrans.tdb
> sitename_fetch: No stored sitename for
> name harp.montclair.edu#20 found.
> Connecting to 130.68.4.82 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_SNDBUF = 16384
> SO_RCVBUF = 87380
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> session request ok
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Substituting charset 'UTF-8' for LOCALE
> Doing spnego session setup (blob length=46)
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=<null>
> size=382
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51205
> smb_tid=0
> smb_pid=23940
> smb_uid=2048
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 382 (0x17E)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 159 (0x9F)
> smb_bcc=339
> size=382
> smb_com=0x73
> smb_rcls=22
> smb_reh=0
> smb_err=49152
> smb_flg=136
> smb_flg2=51205
> smb_tid=0
> smb_pid=23940
> smb_uid=2048
> smb_mid=2
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 382 (0x17E)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 159 (0x9F)
> smb_bcc=339
> Got challenge flags:
> Got NTLMSSP neg_flags=0x628a8215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> size=232
> smb_com=0x73
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51205
> smb_tid=0
> smb_pid=23940
> smb_uid=2048
> smb_mid=3
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 232 (0xE8)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 9 (0x9)
> smb_bcc=189
> size=232
> smb_com=0x73
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51205
> smb_tid=0
> smb_pid=23940
> smb_uid=2048
> smb_mid=3
> smt_wct=4
> smb_vwv[ 0]= 255 (0xFF)
> smb_vwv[ 1]= 232 (0xE8)
> smb_vwv[ 2]= 0 (0x0)
> smb_vwv[ 3]= 9 (0x9)
> smb_bcc=189
> Domain=[SERVER] OS=[Windows Server (R) 2008 Standard 6002 Service Pack
> 2] Server=[Windows Server (R) 2008 Standard 6.0]
> session setup ok
> tconx ok
> smb: \> quit
> size=35
> smb_com=0x71
> smb_rcls=0
> smb_reh=0
> smb_err=0
> smb_flg=136
> smb_flg2=51205
> smb_tid=2048
> smb_pid=23940
> smb_uid=2048
> smb_mid=5
> smt_wct=0
> smb_bcc=0
>
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>
cifs upcall does not handle ntlm authentication, ntlm/ssp is all
within kernel, in cifs module.
Something that cifs client sends somehow does not register at the
server as ntlmssp logon.
Somehow in case of cifs, logon process at the server is not NtLmSsp meaning the
ntlmssp authentication package received at the server lacks something
(in security blob) to not
get identified as ntlmssp, may be workstation name.
Here is the difference between an unsuccessful cifs (network) network
logon and a successful smbclient
network logon using ntlmv2 within ntlmssp within spnego.
cifs (failure)
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/16/2010 11:50:41 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: cifstest7
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: root
Account Domain:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc0000225
Sub Status: 0x0
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name:
Source Network Address: 1.2.3.456
Source Port: 59215
Detailed Authentication Information:
Logon Process:
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
and this is smbclient (succcess)
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/16/2010 11:15:37 PM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: cifstest7
Description:
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: cifstest7\root
Account Name: root
Account Domain: cifstest7
Logon ID: 0x1fae3cd
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: CIFSTEST6
Source Network Address: 1.2.3.456
Source Port: 50821
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128
More information about the linux-cifs-client
mailing list