[Samba] Assistance needed on using mount.smbfs (cifs) to authenticate to samba server with encrypt passwords = No.

Richard Nelson unixabg at gmail.com
Sat Nov 22 03:54:03 GMT 2008 

On Fri, Nov 21, 2008 at 8:27 PM, Günter Kukkukk <linux at kukkukk.com> wrote:
> Am Freitag, 21. November 2008 schrieb Richard Nelson:
>> On Thu, Nov 20, 2008 at 9:51 PM, Günter Kukkukk <linux at kukkukk.com> wrote:
>> > Am Mittwoch, 19. November 2008 schrieb Richard Nelson:
>> >> Greetings,
>> >>
>> >> I am working on getting mount.cifs version: 1.11-3.2.4 on debian to
>> >> mount a share on a samba server Version 3.0.13-1.1-SUSE on SuSe. This
>> >> was working on older debian systems, but upon upgrading some of the
>> >> systems to Lenny I am now having trouble mounting shares.  Again, this
>> >> was working and I have smbfs installed on the systems (which is what I
>> >> used before).
>> >>
>> >> The samba server is set to have encrypt passwords = No and I am
>> >> basically authenticating from /etc/passwd+shadow (no smbpasswd file).
>> >> The setup is still working fine on non upgraded systems. Only on the
>> >> newly upgraded systems is the mounting not working.
>> >>
>> >> The kernel on the clients do have CONFIG_CIFS_WEAK_PW_HASH=y
>> >>
>> >> Below is some dmesg info after running the mount.cifs with various /
>> >> proc/fs/cifs/SecurityFlags:
>> >> mount.smbfs //172.16.0.8/tech ./mymount -ouser=tech
>> >>
>>
>> SNIP
>>
>> >>
>> >> Any thoughts welcome. Many thanks.
>> >
>>
>> Greetings,
>>
>>
>> > I'm not sure whether the following hints will also work with older cifs
>> > versions, it worked here with the recent git tree.
>> >
>> > 1.) use 'modprobe cifs' to load the kernel module
>>
>> Yes it is loaded.
>>
>> > 2.) use 'echo 0x20 > /proc/fs/cifs/SecurityFlags' (also try 0x27)
>>
>> Ok I have output below.
>>
>> > 3.) mount by using the "sec=lanman" option,
>> >    e.g. mount -t cifs //server/share /mount/point -o cred=/path/to/creds_file,sec=lanman
>> >
>>
>> With mount -t cifs //172.16.0.8/tech ./mymount -ouser=tech,sec=lanman
>>
>> [698499.794951]  fs/cifs/cifs_debug.c: sec flags 0x20
>> [698499.794958]  fs/cifs/cifs_debug.c: packet signing disabled
>>
>> [698534.544307]  fs/cifs/cifsfs.c: Devname: //172.16.0.8/tech flags: 64
>> [698534.544316]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 4
>> with uid: 0
>> [698534.544325]  fs/cifs/connect.c: Username: tech
>> [698534.544328]  fs/cifs/connect.c: UNC: \\172.16.0.8\tech ip: 172.16.0.8
>> [698534.544339]  fs/cifs/connect.c: Socket created
>> [698534.545059]  fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo
>> 0x7fffffff
>> [698534.545066]  fs/cifs/transport.c: Sending smb of length 68
>> [698534.552075]  fs/cifs/connect.c: Existing smb sess not found
>> [698534.552088]  fs/cifs/cifssmb.c: secFlags 0x10
>> [698534.552093]  fs/cifs/transport.c: For smb_command 114
>> [698534.552096]  fs/cifs/transport.c: Sending smb of length 78
>> [698534.552325]  fs/cifs/connect.c: Demultiplex PID: 7365
>> [698534.552337]  fs/cifs/connect.c: rfc1002 length 0x82000004
>> [698534.552339]  fs/cifs/connect.c: Good RFC 1002 session rsp
>> [698534.552804]  fs/cifs/connect.c: rfc1002 length 0x55
>> [698534.552820]  fs/cifs/cifssmb.c: Dialect: 2
>> [698534.552822]  CIFS VFS: Server requests plain text password but
>> client support disabled
>> [698534.552826]  fs/cifs/cifssmb.c: Signing disabled
>> [698534.552828]  fs/cifs/cifssmb.c: negprot rc 0
>> [698534.552830]  fs/cifs/connect.c: Security Mode: 0x1 Capabilities:
>> 0xe3fd TimeAdjust: 21600
>> [698534.552833]  fs/cifs/sess.c: sess setup type 1
>> [698534.552838]  fs/cifs/sess.c: Negotiating LANMAN setting up strings
>> [698534.552842]  fs/cifs/transport.c: For smb_command 115
>> [698534.552845]  fs/cifs/transport.c: Sending smb:  total_len 142
>> [698534.558690]  fs/cifs/connect.c: rfc1002 length 0x27
>> [698534.558690]  fs/cifs/netmisc.c: Mapping smb error code 5 to POSIX err -13
>> [698534.558690]  fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
>> [698534.558690]  fs/cifs/sess.c: ssetup rc from sendrecv2 is -13
>> [698534.558690]  fs/cifs/sess.c: ssetup freeing small buf f6e9c740
>> [698534.558690]  CIFS VFS: Send error in SessSetup = -13
>> [698534.688079]  fs/cifs/connect.c: No session or bad tcon
>> [698534.688088]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
>> = 4) rc = -13
>> [698534.688091]  CIFS VFS: cifs_mount failed w/return code = -13
>>
>>
>>
>> And
>>
>> [698790.654395]  fs/cifs/cifs_debug.c: sec flags 0x27
>> [698790.654395]  fs/cifs/cifs_debug.c: packet signing now required
>>
>> [698799.968300]  fs/cifs/cifsfs.c: Devname: //172.16.0.8/tech flags: 64
>> [698799.968300]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 5
>> with uid: 0
>> [698799.968300]  fs/cifs/connect.c: Username: tech
>> [698799.968300]  fs/cifs/connect.c: UNC: \\172.16.0.8\tech ip: 172.16.0.8
>> [698799.968300]  fs/cifs/connect.c: Socket created
>> [698799.968603]  fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo
>> 0x7fffffff
>> [698799.968603]  fs/cifs/transport.c: Sending smb of length 68
>> [698799.976084]  fs/cifs/connect.c: Existing smb sess not found
>> [698799.976097]  fs/cifs/cifssmb.c: secFlags 0x10
>> [698799.976103]  fs/cifs/transport.c: For smb_command 114
>> [698799.976106]  fs/cifs/transport.c: Sending smb of length 78
>> [698799.976387]  fs/cifs/connect.c: Demultiplex PID: 7371
>> [698799.976401]  fs/cifs/connect.c: rfc1002 length 0x82000004
>> [698799.976403]  fs/cifs/connect.c: Good RFC 1002 session rsp
>> [698799.976786]  fs/cifs/connect.c: rfc1002 length 0x55
>> [698799.976802]  fs/cifs/cifssmb.c: Dialect: 2
>> [698799.976804]  CIFS VFS: Server requests plain text password but
>> client support disabled
>> [698799.976808]  fs/cifs/cifssmb.c: Signing disabled
>> [698799.976810]  fs/cifs/cifssmb.c: negprot rc 0
>> [698799.976813]  fs/cifs/connect.c: Security Mode: 0x1 Capabilities:
>> 0xe3fd TimeAdjust: 21600
>> [698799.976815]  fs/cifs/sess.c: sess setup type 1
>> [698799.976821]  fs/cifs/sess.c: Negotiating LANMAN setting up strings
>> [698799.976825]  fs/cifs/transport.c: For smb_command 115
>> [698799.976828]  fs/cifs/transport.c: Sending smb:  total_len 142
>> [698799.982255]  fs/cifs/connect.c: rfc1002 length 0x27
>> [698799.982255]  fs/cifs/netmisc.c: Mapping smb error code 5 to POSIX err -13
>> [698799.982255]  fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
>> [698799.982255]  fs/cifs/sess.c: ssetup rc from sendrecv2 is -13
>> [698799.982255]  fs/cifs/sess.c: ssetup freeing small buf f6e9c200
>> [698799.982255]  CIFS VFS: Send error in SessSetup = -13
>> [698800.112083]  fs/cifs/connect.c: No session or bad tcon
>> [698800.112091]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
>> = 5) rc = -13
>> [698800.112094]  CIFS VFS: cifs_mount failed w/return code = -13
>>
>>
>> > I had a short look at the recent git cifs sources. The current plaintext auth codepaths
>> > seem to be a bit inconsistant and possibly not very well tested. (that auth type is
>> > a bit outdated these days ...)
>> >
>>
>> Yes a bit outdated but still in use by me. :) I think it is supposed
>> to work so I am in hopes someone will help out. At worse case I will
>> move to a smbpasswd file but I would just assume stay in
>> /etc/passwd+shadow.
>>
>> > Cheers, Günter
>>
>> Many thanks for your reply. Any further ideas would be appreciated.
>
> please post the outcome of 'modinfo cifs', done on a failing client.
> Cheers, Günter

Greetings  Günter,

Below is the output of the command you wanted:

filename:       /lib/modules/2.6.26-1-686/kernel/fs/cifs/cifs.ko
version:        1.53
description:    VFS to access servers complying with the SNIA CIFS
Specification e.g. Samba and Windows
license:        GPL
author:         Steve French <sfrench at us.ibm.com>
srcversion:     D67A510FA28C2A6AD70148B
depends:        nls_base
vermagic:       2.6.26-1-686 SMP mod_unload modversions 686
parm:           CIFSMaxBufSize:Network buffer size (not including
header). Default: 16384 Range: 8192 to 130048 (int)
parm:           cifs_min_rcv:Network buffers in pool. Default: 4
Range: 1 to 64 (int)
parm:           cifs_min_small:Small network buffers in pool. Default:
30 Range: 2 to 256 (int)
parm:           cifs_max_pending:Simultaneous requests to server.
Default: 50 Range: 2 to 256 (int)

I did some testing today and if I populate the smbpasswd with
usernames following the a correct file format and enable the use of
update encrypted = yes , user passwords get updated in the smbpasswd
file. And then if I enable encrypt passwords = Yes , the updated
clients work as they should. I do not know if this helps but it is
part of an action plan I have in place in the event of no resolution
to my keeping encrypt passwords = no issue.

Many thanks for your time and replies.

More information about the samba mailing list