On Mon, Apr 4, 2011 at 8:31 AM, Werner Maes <Werner.Maes@xxxxxxxxxxxxxxxx> wrote: > Hello > > I have an issue with mount.cifs that cannot access a netapp cifs fileshare. There is no problem with smbclient, mount_smbfs in FreeBSD or Mac OSX. > > I have compiled the latest kernel (2.6.38.2) with all CIFS options enabled. > > First, it works fine with smbclient as you can see below: > > : kstestlinux64 / 15:07#; smbclient //server.DOMAIN.kuleuven.be/user -U "DOMAIN\user" > Enter DOMAIN\user's password: > Domain=[DOMAIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > smb: \> ls > OK.txt A 0 Wed Mar 30 14:22:42 2011 > > 40960 blocks of size 2097152. 40957 blocks available > smb: \> > > Mount.cifs does not work > Default value of /proc/fs/cifs/SecurityFlags is 0x07007: > > : kstestlinux64 / 15:12#; mount.cifs //server.DOMAIN.kuleuven.be/user /cifs -o username="DOMAIN\user" > mount error(95): Operation not supported > > Other values of the SecurityFlags don't work either: > > : kstestlinux64 / 15:14#; echo 0x00007 > /proc/fs/cifs/SecurityFlags > : kstestlinux64 / 15:15#; mount.cifs //server.DOMAIN.kuleuven.be/user /cifs -o username="DOMAIN\user" > mount error(13): Permission denied > > : kstestlinux64 / 15:13#; echo 0x87087 > /proc/fs/cifs/SecurityFlags > : kstestlinux64 / 15:14#; mount.cifs //server.DOMAIN.kuleuven.be/user /cifs -o username="DOMAIN\user" > mount error(5): Input/output error > > This issue may be related to this bug https://bugzilla.samba.org/show_bug.cgi?id=8046 > > content of this bug below: > > mount.cifs cannot do recent NLTM authentication, more specifically NTLMv2 in > NTLMSSP in SPNEGO in GSS-API. > > I've asked Jeff Layton for confirmation last year (cfr. infra) and he referred > me to the mailinglist and here. The problem seems to exist still. > >> > Hello mr. Layton >> > >> > [...] It concerns authentication in mount.cifs. Am I correct in stating >> > that authentication with NTLMv2 (and probably NTLM and LM) is always done >> > directly with hashes in the SMB header (I think you call it "raw NTLMSSP") >> > and there is no way to make mount.cifs use NTLMSSP in SPNEGO in GSS-API (I >> > think you call it "Extended Security" or "SPNEGO-wrapped NTLMSSP")? Both >> > smbclient and Mac OS X's mount_smbfs do seem to be able to do the latter. > > Actually "raw NTLMSSP" is NTLMSSP that's embedded in GSSAPI but without > SPNEGO. The hashes in the header are just plain old NTLMv2. You're > correct that CIFS doesn't support NTLMv2 in NTLMSSP at the moment. > > >> > Our problem is that we can connect with both smbclient and MacOSX's >> > mount_smbfs to our NetApp ONTAP filer, but not with mount.cifs. The first >> > two use NTLMSSP in SPNEGO in GSS-API, the latter uses NTLMv2 hashes in the >> > SMB header and that fails. [...] > > Yeah, [...] > -- > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Can you try with mount option sec=ntlm or sec=ntlmi or sec=ntlmv2 or sec=ntlmv2i or sec=ntlmssp or sec=ntlmsspi -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
