On 03/06/2013 01:59 PM, Adam Williamson wrote:
On 06/03/13 03:22 AM, Chuck Forsberg WA7KGX N2469R wrote:
It broke for me. It was coincident with the change from kernel 3.7.9
to 3.8.1 but I didn't investigate if this was the cause.
Adding a "sec=" option with either ntlm or ntlmv2 worked for me.
Slightly odd given that the man page says ntlm is the default.
Digging a little more, a possibly relevant kernel commit from
2012-11-25 has the comment "default authentication needs to be at
least ntlmv2 security for cifs mounts":
-#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLM |
CIFSSEC_MAY_NTLMV2 | CIFSSEC_MAY_NTLMSSP)
+#define CIFSSEC_DEF (CIFSSEC_MAY_SIGN | CIFSSEC_MAY_NTLMSSP)
--
Paul
The "sec=ntlm" magic chant does the trick. Flag Day overcome. Thnx.
Oh, sorry guys - I knew about that one, but I got a different error
message from you, so I assumed it was a different bug.
Apparently, NTLM has been found to be insecure so upstream doesn't
want to allow NTLM connections by default any more. There may be
something you can do at the server end to use NTLMv2 instead; that
would probably be safer than forcing the use of NTLM.
I'm using a NAS box with very limited configuration options so I'm
stuck with NTLM, but if you're using an actual Windows machine as the
host, you can probably fix it.
We should probably throw this in common bugs, now three people have
hit it...
I tried all the sec= options given in "man mount.cifs". The only one
that worked was ntlm.
This is with a fully patched 64 bit Win 7 home premium on the local network.
If the main purpose of mount.cifs is to mount Microsoft Windows shares,
a default that actually works
with the dominant Windows would be useful.
--
Chuck Forsberg WA7KGX caf@xxxxxxxx www.omen.com
Developer of Industrial ZMODEM(Tm) for Embedded Applications
Omen Technology Inc "The High Reliability Software"
10255 NW Old Cornelius Pass Portland OR 97231 503-614-0430
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
