[Samba] Assistance needed on using mount.smbfs (cifs) to authenticate to samba server with encrypt passwords = No.

Günter Kukkukk linux at kukkukk.com
Fri Nov 21 03:51:52 GMT 2008 

Am Mittwoch, 19. November 2008 schrieb Richard Nelson:
> Greetings,
> 
> I am working on getting mount.cifs version: 1.11-3.2.4 on debian to
> mount a share on a samba server Version 3.0.13-1.1-SUSE on SuSe. This
> was working on older debian systems, but upon upgrading some of the
> systems to Lenny I am now having trouble mounting shares.  Again, this
> was working and I have smbfs installed on the systems (which is what I
> used before).
> 
> The samba server is set to have encrypt passwords = No and I am
> basically authenticating from /etc/passwd+shadow (no smbpasswd file).
> The setup is still working fine on non upgraded systems. Only on the
> newly upgraded systems is the mounting not working.
> 
> The kernel on the clients do have CONFIG_CIFS_WEAK_PW_HASH=y
> 
> Below is some dmesg info after running the mount.cifs with various /
> proc/fs/cifs/SecurityFlags:
> mount.smbfs //172.16.0.8/tech ./mymount -ouser=tech
> 
> ==
> [528097.091765]  fs/cifs/cifs_debug.c: sec flags 0x7
> [528097.091772]  fs/cifs/cifs_debug.c: packet signing now required
> [528109.522275]  fs/cifs/cifsfs.c: Devname: //172.16.0.8/tech flags:
> 64
> [528109.522284]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 30
> with uid: 0
> [528109.522292]  fs/cifs/connect.c: Username: tech
> [528109.522295]  fs/cifs/connect.c: UNC: \\172.16.0.8\tech ip:
> 172.16.0.8
> [528109.522306]  fs/cifs/connect.c: Socket created
> [528109.523047]  fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo
> 0x7fffffff
> [528109.523054]  fs/cifs/transport.c: Sending smb of length 68
> [528109.528073]  fs/cifs/connect.c: Existing smb sess not found
> [528109.528086]  fs/cifs/cifssmb.c: secFlags 0x7
> [528109.528091]  fs/cifs/transport.c: For smb_command 114
> [528109.528094]  fs/cifs/transport.c: Sending smb of length 78
> [528109.528315]  fs/cifs/connect.c: Demultiplex PID: 27169
> [528109.528339]  fs/cifs/connect.c: rfc1002 length 0x82000004
> [528109.528341]  fs/cifs/connect.c: Good RFC 1002 session rsp
> [528109.528874]  fs/cifs/connect.c: rfc1002 length 0x55
> [528109.528889]  fs/cifs/cifssmb.c: Dialect: 2
> [528109.528891]  CIFS VFS: Server requests plain text password but
> client support disabled
> [528109.528895]  fs/cifs/cifssmb.c: negprot rc 0
> [528109.528898]  fs/cifs/connect.c: Security Mode: 0x1 Capabilities:
> 0x80e3fd TimeAdjust: 21600
> [528109.528901]  fs/cifs/sess.c: sess setup type 2
> [528109.528988]  fs/cifs/transport.c: For smb_command 115
> [528109.528990]  fs/cifs/transport.c: Sending smb:  total_len 232
> [528109.609383]  fs/cifs/connect.c: rfc1002 length 0x27
> [528109.609408] Status code returned 0xc000006d
> NT_STATUS_LOGON_FAILURE
> [528109.609413]  fs/cifs/netmisc.c: Mapping smb error code 5 to POSIX
> err -13
> [528109.609416]  fs/cifs/misc.c: Null buffer passed to
> cifs_small_buf_release
> [528109.609419]  fs/cifs/sess.c: ssetup rc from sendrecv2 is -13
> [528109.609422]  fs/cifs/sess.c: ssetup freeing small buf f264e740
> [528109.609425]  CIFS VFS: Send error in SessSetup = -13
> [528109.740080]  fs/cifs/connect.c: No session or bad tcon
> [528109.740089]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
> = 30) rc = -13
> [528109.740092]  CIFS VFS: cifs_mount failed w/return code = -13
> 
> 
> 
> [528158.364903]  fs/cifs/cifs_debug.c: sec flags 0x37
> [528158.364910]  fs/cifs/cifs_debug.c: packet signing now required
> [528164.400408]  fs/cifs/cifsfs.c: Devname: //172.16.0.8/tech flags:
> 64
> [528164.400408]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 31
> with uid: 0
> [528164.400408]  fs/cifs/connect.c: Username: tech
> [528164.400408]  fs/cifs/connect.c: UNC: \\172.16.0.8\tech ip:
> 172.16.0.8
> [528164.400408]  fs/cifs/connect.c: Socket created
> [528164.400408]  fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo
> 0x7fffffff
> [528164.400408]  fs/cifs/transport.c: Sending smb of length 68
> [528164.408083]  fs/cifs/connect.c: Existing smb sess not found
> [528164.408096]  fs/cifs/cifssmb.c: secFlags 0x37
> [528164.408101]  fs/cifs/transport.c: For smb_command 114
> [528164.408104]  fs/cifs/transport.c: Sending smb of length 78
> [528164.408333]  fs/cifs/connect.c: Demultiplex PID: 27175
> [528164.408346]  fs/cifs/connect.c: rfc1002 length 0x82000004
> [528164.408348]  fs/cifs/connect.c: Good RFC 1002 session rsp
> [528164.408894]  fs/cifs/connect.c: rfc1002 length 0x55
> [528164.408909]  fs/cifs/cifssmb.c: Dialect: 2
> [528164.408912]  fs/cifs/cifssmb.c: negprot rc 0
> [528164.408915]  fs/cifs/connect.c: Security Mode: 0x1 Capabilities:
> 0x80e3fd TimeAdjust: 21600
> [528164.408918]  fs/cifs/sess.c: sess setup type 2
> [528164.409005]  fs/cifs/transport.c: For smb_command 115
> [528164.409008]  fs/cifs/transport.c: Sending smb:  total_len 232
> [528164.505810]  fs/cifs/connect.c: rfc1002 length 0x27
> [528164.505834] Status code returned 0xc000006d
> NT_STATUS_LOGON_FAILURE
> [528164.505839]  fs/cifs/netmisc.c: Mapping smb error code 5 to POSIX
> err -13
> [528164.505842]  fs/cifs/misc.c: Null buffer passed to
> cifs_small_buf_release
> [528164.505846]  fs/cifs/sess.c: ssetup rc from sendrecv2 is -13
> [528164.505849]  fs/cifs/sess.c: ssetup freeing small buf f264e200
> [528164.505852]  CIFS VFS: Send error in SessSetup = -13
> [528164.636074]  fs/cifs/connect.c: No session or bad tcon
> [528164.636083]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
> = 31) rc = -13
> [528164.636086]  CIFS VFS: cifs_mount failed w/return code = -13
> 
> 
> [528216.145821]  fs/cifs/cifs_debug.c: sec flags 0x30
> [528216.145821]  fs/cifs/cifs_debug.c: packet signing disabled
> [528221.025626]  fs/cifs/cifsfs.c: Devname: //172.16.0.8/tech flags:
> 64
> [528221.025635]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 32
> with uid: 0
> [528221.025643]  fs/cifs/connect.c: Username: tech
> [528221.025646]  fs/cifs/connect.c: UNC: \\172.16.0.8\tech ip:
> 172.16.0.8
> [528221.025657]  fs/cifs/connect.c: Socket created
> [528221.026403]  fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo
> 0x7fffffff
> [528221.026412]  fs/cifs/transport.c: Sending smb of length 68
> [528221.032076]  fs/cifs/connect.c: Existing smb sess not found
> [528221.032088]  fs/cifs/cifssmb.c: secFlags 0x30
> [528221.032093]  fs/cifs/transport.c: For smb_command 114
> [528221.032096]  fs/cifs/transport.c: Sending smb of length 78
> [528221.032298]  fs/cifs/connect.c: Demultiplex PID: 27183
> [528221.032311]  fs/cifs/connect.c: rfc1002 length 0x82000004
> [528221.032316]  fs/cifs/connect.c: Good RFC 1002 session rsp
> [528221.032972]  fs/cifs/connect.c: rfc1002 length 0x55
> [528221.032987]  fs/cifs/cifssmb.c: Dialect: 2
> [528221.032990]  fs/cifs/cifssmb.c: Signing disabled
> [528221.032992]  fs/cifs/cifssmb.c: negprot rc 0
> [528221.032994]  fs/cifs/connect.c: Security Mode: 0x1 Capabilities:
> 0x80e3fd TimeAdjust: 21600
> [528221.032997]  fs/cifs/sess.c: sess setup type 1
> [528221.033001]  fs/cifs/sess.c: Negotiating LANMAN setting up strings
> [528221.033005]  fs/cifs/transport.c: For smb_command 115
> [528221.033007]  fs/cifs/transport.c: Sending smb:  total_len 142
> [528221.038811]  fs/cifs/connect.c: rfc1002 length 0x27
> [528221.038826]  fs/cifs/netmisc.c: Mapping smb error code 5 to POSIX
> err -13
> [528221.038829]  fs/cifs/misc.c: Null buffer passed to
> cifs_small_buf_release
> [528221.038831]  fs/cifs/sess.c: ssetup rc from sendrecv2 is -13
> [528221.038834]  fs/cifs/sess.c: ssetup freeing small buf f264e740
> [528221.038836]  CIFS VFS: Send error in SessSetup = -13
> [528221.168083]  fs/cifs/connect.c: No session or bad tcon
> [528221.168092]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
> = 32) rc = -13
> [528221.168095]  CIFS VFS: cifs_mount failed w/return code = -13
> 
> Any thoughts welcome. Many thanks.

I'm not sure whether the following hints will also work with older cifs
versions, it worked here with the recent git tree.

1.) use 'modprobe cifs' to load the kernel module
2.) use 'echo 0x20 > /proc/fs/cifs/SecurityFlags' (also try 0x27)
3.) mount by using the "sec=lanman" option,
    e.g. mount -t cifs //server/share /mount/point -o cred=/path/to/creds_file,sec=lanman

I had a short look at the recent git cifs sources. The current plaintext auth codepaths
seem to be a bit inconsistant and possibly not very well tested. (that auth type is
a bit outdated these days ...)

Cheers, Günter

More information about the samba mailing list