Re: Urgent: Fedora 18 update breaks mount.cifs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/06/2013 01:59 PM, Adam Williamson wrote:
On 06/03/13 03:22 AM, Chuck Forsberg WA7KGX N2469R wrote:

It broke for me. It was coincident with the change from kernel 3.7.9
to 3.8.1 but I didn't investigate if this was the cause.

Adding a "sec=" option with either ntlm or ntlmv2 worked for me.
Slightly odd given that the man page says ntlm is the default.

Digging a little more, a possibly relevant kernel commit from
2012-11-25 has the comment "default authentication needs to be at
least ntlmv2 security for cifs mounts":
-#define   CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM |
CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP)
+#define   CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMSSP)

--
Paul


The "sec=ntlm" magic chant does the trick.   Flag Day overcome. Thnx.

Oh, sorry guys - I knew about that one, but I got a different error message from you, so I assumed it was a different bug.

Apparently, NTLM has been found to be insecure so upstream doesn't want to allow NTLM connections by default any more. There may be something you can do at the server end to use NTLMv2 instead; that would probably be safer than forcing the use of NTLM.

I'm using a NAS box with very limited configuration options so I'm stuck with NTLM, but if you're using an actual Windows machine as the host, you can probably fix it.

We should probably throw this in common bugs, now three people have hit it...
I tried all the sec= options given in "man mount.cifs". The only one that worked was ntlm.
This is with a fully patched 64 bit Win 7 home premium on the local network.

If the main purpose of mount.cifs is to mount Microsoft Windows shares, a default that actually works
with the dominant Windows would be useful.

--
     Chuck Forsberg WA7KGX   caf@xxxxxxxx   www.omen.com
Developer of Industrial ZMODEM(Tm) for Embedded Applications
  Omen Technology Inc      "The High Reliability Software"
10255 NW Old Cornelius Pass Portland OR 97231   503-614-0430

--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux