On Mon, Aug 22, 2011 at 11:10 AM, Till Dörges <doerges@xxxxxxxxxxxx> wrote:
> Hello, everyone,
>
> I'm trying to mount a CIFS share served by Samba using mount.cifs with NTLMv2
> authentication.
>
>
> According to 'man mount.cifs' the option "sec=ntlmv2" should be supported, but it
> keeps giving me "mount error(22): Invalid argument".
>
> The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on both sides
> everything works just fine.
>
>
> The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) with the
> CIFS kernel module version 1.68. mount.cifs identifies as "version: 4.6".
>
>
> Mounting on the client side it looks like this:
>
> --- snip ---
> # mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o
> domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2
>
> mount.cifs kernel mount options:
> ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=********
> mount error(22): Invalid argument
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> --- snap ---
>
> CIFS debugging on the client is enabled:
>
> --- snip ---
> # cat /proc/fs/cifs/cifsFYI
> 1
> --- snap ---
>
> Which yields the following lines in syslog (for the full log see attachment)
>
> --- snip ---
> Aug 22 17:47:34 client kernel: [28966.056081]
> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c:
> Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200
> Aug 22 17:47:34 client kernel: [28966.056088]
> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c: sess
> setup type 2
> --- snap ---
>
> "sess setup type 2" seems to indicate that NTLMv2 is used.
>
>
> The server is running a fully patched openSUSE 11.3 with kernel 2.6.34.8-0.2-default
> and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are disabled, which should force
> the use of NTLMv2 according to 'man smb.conf':
>
> --- snip ---
> server # testparm 2> /dev/null | egrep 'ntlm|lan'
> ntlm auth = No
> server #
> --- snap ---
>
> The server's corresponding log entries are also attached.
>
>
> Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth = Yes on
> the server and no sec=ntlmv2 on the client) everything works just fine.
>
> When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2" with mount.cifs I
> get "mount error(13): Permission denied" and syslog on the client shows that NTLMv1
> is tried ("sess setup type 1").
>
>
> So is there anything wrong with my setup? Should NTLMv2 be working between Samba and
> mount.cifs? If it should, why isn't it in this particular setup?
>
>
> Any hints will be greatly appreciated.
>
>
> TIA -- Till
> --
> Dipl.-Inform. Till Dörges doerges@xxxxxxxxxxxx
> Tel. +49 - 40 - 244 2407 - 14
> Fax +49 - 40 - 244 2407 - 24
> PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
> USt-IdNr.: DE263765024
> Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
> Till Dörges Jürgen Sander Axel Theilmann
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
sec=ntlmv2 auth type should work between cifs vfs client and Samba server.
Can you try sec=ntlmssp and see if it works?
Can you list the smb.conf file here?
And a wireshark trace when sec=ntlmv2 fails would be really helpful.
Regards,
Shirish
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
