[Samba] Fwd: mounting a windows share on a linux client using mount.cifs with encryption

René Bräuer braeuer at pre-sense.de
Mon Jan 7 14:58:06 UTC 2019 

Hello everyone,

I'm trying to mount a CIFS share served by Windows 10 Samba with encryption.

On the Windows server side, I made a regular share and told Windows via
Powershell command
Set-SmbServerConfiguration -EncryptData 1
to encrypt the data if possible, and via
Set-SmbServerConfiguration -RejectUnencryptedAccess 1
to reject unencrypted connections instead of negotiating an unencrypted
connection.

I then proceed to connect on Linux client side via
mount -t cifs //192.168.1.176/Share /mnt -o username=user,seal
Expectation: after being prompted to enter the password, the mount
should be active.
Actual result: after entering the correct password, i get "mount
error(13): Permission denied".

However, if I turn off the rule to only accept encrypted access, then
use the same command without the "seal" option, it works as expected.

I attached tcpdumps of both attempts.
Linux client versions tested are OpenSUSE Leap 42.3 with latest Patches
and Kernel 4.4.165-81-default as well as OpenSUSE Leap 15 with latest
Patches and Kernel Version 4.12.14-lp150.12.28-default.
Windows Server is Windows 10 Professional 64 bit Build 10240, also
tested with Windows 10 Professional 64 bit Version 1809 Build 17763.95.
Mount.cifs version is 6.5.

I also tried smbclient, but as long as Windows is told to reject
unencrypted access, it won't even list the shares. Once I tell windows
to accept unencrypted access, it works fine - however encryption is
absolutely needed, just working w/o crypto's not an option.

Is my sealed mounting command wrong, or is this simply impossible?
Any hints would be greatly appreciated.

Regards,
René

-- 
René Bräuer                                braeuer at pre-sense.de
PRESENSE Technologies GmbH            Sachsenstr. 5, D-20097 HH
Geschäftsführer/Managing Directors       AG Hamburg, HRB 107844
Till Dörges, Jürgen Sander               USt-IdNr.: DE263765024


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190107/a7ebc0a9/signature.sig>

More information about the samba mailing list