[Samba] old CIFS mount causes account lockout in AD when password changed

Aurélien Aptel aaptel at suse.com
Wed Dec 16 10:39:44 UTC 2020

Hi Paul,

Paul Raines via samba <samba at lists.samba.org> writes:
> Is the cifs module caching the password and re-using it to reconnect if
> the connection is cut?  Is there anyway to prevent that or limit the
> attempts?

Yes, the linux kernel cifs.ko module does that. If the mount is switched
to kerberos auth I guess you could avoid the password issue altogether.

There has been recent development to address this problem. I found [1]:

b0dd940e582b6 cifs: fail i/o on soft mounts if sessionsetup errors out

Which would make the syscalls on the mount points fail with EHOSTDOWN
instead of retrying forever. Note that if a program keeps on trying
anyway it will result in the same situation.

That commit is in the kernel starting at v5.6 (march 2020). If that's
too recent you could request your linux vendor to backport it.

btw, for cifs.ko related questions there is a linux-cifs mailing list [2].

1: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0dd940e582b6
2: http://vger.kernel.org/vger-lists.html#linux-cifs

Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)

More information about the samba mailing list