mount.cifs fails with protocol SMBv2.x on a DFS share

DarkMasterHalo darkmasterhalo at gmail.com
Fri Jun 16 00:50:44 UTC 2017 

Unsubscribe

On Jun 8, 2017 11:01, "Christian Garling" <christian.garling at cg-networks.de>
wrote:

> Hello list,
>
> a few days ago we migrated our shares to a DFS cluster, also we disabled
> SMBv1 protocol. Now we are no longer able to connect to the shares with our
> linux workstations. The setup looks like this:
>
> linux workstation -----> AD server (Windows Server 2008 R2) -----> file
> server (Windows Server 2016, running in 2008 R2 compat mode)
>
> I have searched the web for a solution on the last few days. Mostly it
> came down to this:
>
> Take care that smbclient, cifs-utils and keyutils is installed. Also have
> these lines in /etc/request-key.conf:
>
> create  cifs.spnego     *       *               /usr/sbin/cifs.upcall %k
> create  dns_resolver    *       *               /usr/sbin/cifs.upcall %k
>
>
> My setup satisfies these requirements. I have tried the connection with
> these commands (I replaced our domain with example.com):
>
> mount -v -t cifs //office.example.com/technik /mnt/dfs -o
> username=c.garling,domain=OFFICE,vers=2.0
> mount -v -t cifs //office.example.com/technik /mnt/dfs -o
> username=c.garling,domain=OFFICE,vers=2.1
>
> If I do so I can see this in tcpdump:
>
> 100.392000390 192.168.23.107 -> 192.168.15.6 SMB2 172 Negotiate Protocol
> Request
> 100.393121936 192.168.15.6 -> 192.168.23.107 SMB2 318 Negotiate Protocol
> Response
> 100.393223968 192.168.23.107 -> 192.168.15.6 SMB2 190 Session Setup
> Request, NTLMSSP_NEGOTIATE
> 100.394178092 192.168.15.6 -> 192.168.23.107 SMB2 390 Session Setup
> Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
> 100.394295512 192.168.23.107 -> 192.168.15.6 SMB2 494 Session Setup
> Request, NTLMSSP_AUTH, User: OFFICE\c.garling
> 100.397795864 192.168.15.6 -> 192.168.23.107 SMB2 142 Session Setup
> Response
> 100.397895000 192.168.23.107 -> 192.168.15.6 SMB2 198 Tree Connect Request
> Tree: \\office.example.com\technik
> 100.398866908 192.168.15.6 -> 192.168.23.107 SMB2 143 Tree Connect
> Response, Error: STATUS_BAD_NETWORK_NAME
>
> My client directly tries to connect to the share on 192.168.15.6, but this
> is the AD server that should forward to 192.168.15.17 which is the file
> server.
>
> I also traced the connection attempt with wireshark. In the request sent
> from my workstation I found this message in the flags:
>
> "This host does NOT support DFS."
>
> We re-enabled SMBv1 for testing purposes. With SMBv1 the connection to the
> DFS works with the command above but vers=1.0.
>
> I can not figure out why DFS does not work when vers=2.0 or vers=2.1 will
> be used. We tested some different distros (Linux Mint 18.1, Debian 8,
> Debian 9, Gentoo) with different kernel versions.
>
> Please ask me for further information, if I missed something.
>
> Any help is welcome!
>
> Regards, Christian Garling
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/smb-clients/attachments/20170615/13f324b6/attachment.html>

More information about the smb-clients mailing list