Cannot mount win server 2016 share using cifs module + smb vers=3.1.1
Aurélien Aptel
aaptel at suse.com
Mon Aug 17 17:19:12 UTC 2015
On Mon, 17 Aug 2015 18:41:08 +0200 Stefan Metzmacher <metze at samba.org>
wrote:
> The tree connect needs to be signed or encrypted in SMB 3.1.1 when
> the session is authenticated and not anonymous.
>
> This makes sure the secure negotiation is complete, which means client
> and server have negotiated signing/encryption keys and verified the
> whole negotiation.
I've trying forcing packet signing using both -o sign in mount.cifs and
echo 0x1085 > /proc/fs/cifs/SecurityFlags
Now the tree connect passes but the response is STATUS_ACCESS_DENIED.
There's a problem with the signing it seems:
[ 310.427342] SMB2 server sent bad RFC1001 len 236 not 170
[ 310.437844] CIFS VFS: SMB signature verification returned error = -13
[ 310.439160] CIFS VFS: SMB signature verification returned error = -13
[ 310.439648] CIFS VFS: cifs_put_smb_ses: Session Logoff failure rc=-13
[ 310.440249] CIFS VFS: cifs_mount failed w/return code = -13
mount error(13): Permission denied
Wireshark trace attached.
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG
Nürnberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: failed-mount-master-osign+SecurityFlags0x1085.pcapng
Type: application/octet-stream
Size: 3908 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150817/fa0662a8/failed-mount-master-osignSecurityFlags0x1085.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150817/fa0662a8/attachment.sig>
More information about the samba-technical
mailing list