[Samba] SMB Signing issues... smbclient works, mount does not...
Vini
vini at fugspbr.org
Thu Oct 6 21:10:22 MDT 2011
Hi All,
I seem to have exactly the same problem which was described in this thread a
while ago. I have gone through every piece of information I was able to find
on mailing list archives but all I found was people reporting similar
problems and not a solution to it.
As in the original discussion if I use smbclient it works fine but if I use
mount.cifs it does not work at all. To make smbclient work I have had to add
"client ntlmv2 auth = yes" to the sbm.conf file.
The server I am connecting to is a Windows 2008 R2 and the security policy
only allows NTLMv2.
I am trying to connect from a Centos 5.5
2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386
GNU/Linux
libsmbclient-3.5.4-68.2
samba-3.5.4-68.2
samba-common-3.5.4-68.2
samba-client-3.5.4-68.2
samba-winbind-clients-3.5.4-68.2
cifs-utils-4.4-5.2
ls /proc/fs/cifs/
cifsFYI
DebugData
Experimental
LinuxExtensionsEnabled
LookupCacheEnabled
MultiuserMount
OplockEnabled
SecurityFlags
Stats
traceSMB
modinfo cifs
filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko
version: 1.60RH
description: VFS to access servers complying with the SNIA CIFS
Specification e.g. Samba and Windows
license: GPL
author: Steve French <sfrench at us.ibm.com>
srcversion: 4A9C63C35E60B4C015318F5
depends:
vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS
gcc-4.1
parm: CIFSMaxBufSize:Network buffer size (not including header).
Default: 16384 Range: 8192 to 130048 (int)
parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to
64 (int)
parm: cifs_min_small:Small network buffers in pool. Default: 30
Range: 2 to 256 (int)
parm: cifs_max_pending:Simultaneous requests to server. Default:
50 Range: 2 to 256 (int)
module_sig:
883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b
This works without issues:
smbclient -U username //192.168.20.129/share
But this does not work at all:
mount.cifs //192.168.20.129/share /mnt/ -o
user=username,password=XXXXXXX,sec=ntlmv2
For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5.
Here is what I get when I try:
With sec=ntlmv2i
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
and dmesg gives:
CIFS VFS: Unexpected SMB signature
Status code returned 0xc000000d NT_STATUS_INVALID_PARAMETER
CIFS VFS: Send error in SessSetup = -22
CIFS VFS: cifs_mount failed w/return code = -22
With sec=ntlmv2
mount error(95): Operation not supported
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
and dmesg gives:
CIFS VFS: Server requires packet signing to be enabled in
/proc/fs/cifs/SecurityFlags.
CIFS VFS: cifs_mount failed w/return code = -95
With sec=ntlmssp
mount error(95): Operation not supported
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
and dmesg gives:
CIFS VFS: Server requires packet signing to be enabled in
/proc/fs/cifs/SecurityFlags.
CIFS VFS: cifs_mount failed w/return code = -95
I have tried changing the values /proc/fs/cifs/SecurityFlags but no
difference at all.
may use packet signing 0x00001
must use packet signing 0x01001
may use NTLM (most common password hash) 0x00002
must use NTLM 0x02002
may use NTLMv2 0x00004
must use NTLMv2 0x04004
may use Kerberos security 0x00008
must use Kerberos 0x08008
may use lanman (weak) password hash 0x00010
must use lanman password hash 0x10010
may use plaintext passwords 0x00020
must use plaintext passwords 0x20020
Reference on line 588
http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32
One funny thing is that there should be a pseudo-file called
/proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer
kernels it does not exist.
Has anyone been able to overcome this problem?
Thanks
Vini
More information about the samba
mailing list