Re: Urgent: Fedora 18 update breaks mount.cifs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/03/13 03:22 AM, Chuck Forsberg WA7KGX N2469R wrote:

It broke for me. It was coincident with the change from kernel 3.7.9
to 3.8.1 but I didn't investigate if this was the cause.

Adding a "sec=" option with either ntlm or ntlmv2 worked for me.
Slightly odd given that the man page says ntlm is the default.

Digging a little more, a possibly relevant kernel commit from
2012-11-25 has the comment "default authentication needs to be at
least ntlmv2 security for cifs mounts":
-#define   CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM |
CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP)
+#define   CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMSSP)

--
Paul


The "sec=ntlm" magic chant does the trick.   Flag Day overcome. Thnx.

Oh, sorry guys - I knew about that one, but I got a different error message from you, so I assumed it was a different bug.

Apparently, NTLM has been found to be insecure so upstream doesn't want to allow NTLM connections by default any more. There may be something you can do at the server end to use NTLMv2 instead; that would probably be safer than forcing the use of NTLM.

I'm using a NAS box with very limited configuration options so I'm stuck with NTLM, but if you're using an actual Windows machine as the host, you can probably fix it.

We should probably throw this in common bugs, now three people have hit it...
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux