[Samba] Fwd: mounting a windows share on a linux client using mount.cifs with encryption

René Bräuer braeuer at pre-sense.de
Mon Jan 7 15:21:19 UTC 2019 

I'm terribly sorry for the double-post, but it seems there was a problem
with the attachments the first time around.
Here goes the second attempt.

Am 07.01.19 um 15:58 schrieb René Bräuer via samba:
> Hello everyone,
> 
> I'm trying to mount a CIFS share served by Windows 10 Samba with encryption.
> 
> On the Windows server side, I made a regular share and told Windows via
> Powershell command
> Set-SmbServerConfiguration -EncryptData 1
> to encrypt the data if possible, and via
> Set-SmbServerConfiguration -RejectUnencryptedAccess 1
> to reject unencrypted connections instead of negotiating an unencrypted
> connection.
> 
> I then proceed to connect on Linux client side via
> mount -t cifs //192.168.1.176/Share /mnt -o username=user,seal
> Expectation: after being prompted to enter the password, the mount
> should be active.
> Actual result: after entering the correct password, i get "mount
> error(13): Permission denied".
> 
> However, if I turn off the rule to only accept encrypted access, then
> use the same command without the "seal" option, it works as expected.
> 
> I attached tcpdumps of both attempts.
> Linux client versions tested are OpenSUSE Leap 42.3 with latest Patches
> and Kernel 4.4.165-81-default as well as OpenSUSE Leap 15 with latest
> Patches and Kernel Version 4.12.14-lp150.12.28-default.
> Windows Server is Windows 10 Professional 64 bit Build 10240, also
> tested with Windows 10 Professional 64 bit Version 1809 Build 17763.95.
> Mount.cifs version is 6.5.
> 
> I also tried smbclient, but as long as Windows is told to reject
> unencrypted access, it won't even list the shares. Once I tell windows
> to accept unencrypted access, it works fine - however encryption is
> absolutely needed, just working w/o crypto's not an option.
> 
> Is my sealed mounting command wrong, or is this simply impossible?
> Any hints would be greatly appreciated.
> 
> Regards,
> René
> 
> 


-- 
René Bräuer                                braeuer at pre-sense.de
PRESENSE Technologies GmbH            Sachsenstr. 5, D-20097 HH
Geschäftsführer/Managing Directors       AG Hamburg, HRB 107844
Till Dörges, Jürgen Sander               USt-IdNr.: DE263765024

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190107/0e3d3587/signature.sig>

More information about the samba mailing list