[Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")

Till Dörges doerges at pre-sense.de
Mon Aug 22 10:10:04 MDT 2011 

Hello, everyone,

I'm trying to mount a CIFS share served by Samba using mount.cifs with NTLMv2
authentication.


According to 'man mount.cifs' the option "sec=ntlmv2" should be supported, but it
keeps giving me "mount error(22): Invalid argument".

The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on both sides
everything works just fine.


The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) with the
CIFS kernel module version 1.68. mount.cifs identifies as "version: 4.6".


Mounting on the client side it looks like this:

--- snip ---
#  mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o
domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2

mount.cifs kernel mount options:
ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=********
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
--- snap ---

CIFS debugging on the client is enabled:

--- snip ---
#  cat /proc/fs/cifs/cifsFYI
1
--- snap ---

Which yields the following lines in syslog (for the full log see attachment)

--- snip ---
Aug 22 17:47:34 client kernel: [28966.056081]
/usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c:
Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200
Aug 22 17:47:34 client kernel: [28966.056088]
/usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c: sess
setup type 2
--- snap ---

"sess setup type 2" seems to indicate that NTLMv2 is used.


The server is running a fully patched openSUSE 11.3 with kernel 2.6.34.8-0.2-default
and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are disabled, which should force
the use of NTLMv2 according to 'man smb.conf':

--- snip ---
server # testparm 2> /dev/null | egrep 'ntlm|lan'
        ntlm auth = No
server #
--- snap ---

The server's corresponding log entries are also attached.


Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth = Yes on
the server and no sec=ntlmv2 on the client) everything works just fine.

When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2" with mount.cifs I
get "mount error(13): Permission denied" and syslog on the client shows that NTLMv1
is tried ("sess setup type 1").


So is there anything wrong with my setup? Should NTLMv2 be working between Samba and
mount.cifs? If it should, why isn't it in this particular setup?


Any hints will be greatly appreciated.


TIA -- Till
-- 
Dipl.-Inform. Till Dörges                  doerges at pre-sense.de
                                  Tel. +49 - 40 - 244 2407 - 14
                                  Fax  +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH            Sachsenstr. 5, D-20097 HH
                                         USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors       AG Hamburg, HRB 107844
Till Dörges           Jürgen Sander              Axel Theilmann

More information about the samba mailing list