Filling out the set Tested Win10 1607 and this has the loop behaviour Tested WS2012R2 and this fails with permission denied I think this is sufficient to say that there is some definitively different behaviour between server and client versions of Windows in this area. Complete set Win7 - fails with permission denied (but it turns out this is because the DFS was attempted and Win7 doesn't deal with that) Win 8.1 - loops in DFS refer Win 10 - loops in DFS refer WS2012R2 - fails with permission denied WS2016 - fails with permission denied. Thanks, Mark. -----Original Message----- From: Mark Syms Sent: 02 December 2016 16:45 To: 'Steve French' <smfrench@xxxxxxxxx> Cc: Aurélien Aptel <aaptel@xxxxxxxx>; sfrench@xxxxxxxxx; linux-cifs@xxxxxxxxxxxxxxx Subject: RE: [PATCH] CIFS: handle guest access errors to Windows shares OK, I'll spin up a Win 10 machine and see how that behaves and then a WS2012R2. Mark. -----Original Message----- From: Steve French [mailto:smfrench@xxxxxxxxx] Sent: 02 December 2016 16:42 To: Mark Syms <Mark.Syms@xxxxxxxxxx> Cc: Aurélien Aptel <aaptel@xxxxxxxx>; sfrench@xxxxxxxxx; linux-cifs@xxxxxxxxxxxxxxx Subject: Re: [PATCH] CIFS: handle guest access errors to Windows shares Note that we have seen negotiate differences - spnego encapsulated ntlmssp vs. raw ntlmssp - between standalone servers (and Windows clients acting as a server) and Windows servers acting as an AD DC. Also note that comparing the same os in the client vs server comparison (Windows 10 vs Windows 2016) could help determine if server vs. client difference or version difference. On Fri, Dec 2, 2016 at 10:25 AM, Mark Syms <Mark.Syms@xxxxxxxxxx> wrote: > Hi, > > I've just tried a plain vanilla Debian testing machine with the vendor 4.8.0 kernel and the issue reproduces. > > Now, interestingly, if I issue the same mount command to a WS2016 machine configured in the same way as a Win8.1 machine it fails with permission denied as we'd expect and doesn't go into the DFS chase process. So, this appears to be something that is specific to connecting SMB to client grade OS machines. > > Mark > > -----Original Message----- > From: linux-cifs-owner@xxxxxxxxxxxxxxx > [mailto:linux-cifs-owner@xxxxxxxxxxxxxxx] On Behalf Of Aurélien Aptel > Sent: 30 November 2016 17:32 > To: Mark Syms <Mark.Syms@xxxxxxxxxx>; sfrench@xxxxxxxxx; > linux-cifs@xxxxxxxxxxxxxxx > Subject: RE: [PATCH] CIFS: handle guest access errors to Windows > shares > > Hi Mark, > > New setup > > PS> net user guest /activate:no > PS> mkdir C:\guestshare > PS> icacls C:\guestshare /grant 'Everyone:(OI)(CI)F' > PS> new-smbshare -name guestshare -path C:\guestshare -fullaccess > Everyone > > I've tested v3.10, v4.4, master, master+your patch using default options (empty or no user "NU") and user=abc (U). > > NT_LOGON_FAILURE in session setup: LF > This is what you seem to have in 3.10. > > NT_ACCESS_DENIED in tree connect to the share: AD This is what you get before your infinite loop. > > | NU U > -------------------------------- > 3.10 | LF LF > 4.4 | LF LF > master | AD LF > master+patch | AD LF > > No infinite DFS loop :( > All these issues result in mount failing very fast with permission denied. > > I guess it could be from either the Windows version or the share/folder ACL. A deeper analysis of the packets might reveal more. > > In any case I did not notice any issues for on a basic DFS setup with the patch so I don't think it introduced any regressions, which is probably all that matters. It still bothers me a little I couldn't hit the bug. > > I've included kernel output w/ debugging output and network capture of my tests if anyone want to have a look at it. (master+patch = ml-guestfix). > > Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx> > Tested-by: Aurelien Aptel <aaptel@xxxxxxxx> > > -- > To unsubscribe from this list: send the line "unsubscribe linux-cifs" > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > info at http://vger.kernel.org/majordomo-info.html -- Thanks, Steve ��.n��������+%������w��{.n�����{�����ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f