Hello everyone,
I'm trying to connect a Linux client to a NetApp server.
The server is running OnTap 9.7P6.
On the client I use:
--- snip ---
smbclnt:~ # modinfo cifs | egrep '^version'
version: 2.22
smbclnt:~ # mount.cifs -V
mount.cifs version: 6.9
smbclnt:~ # uname -a
Linux smbclnt 5.3.18-lp152.63-default #1 SMP Mon Feb 1 17:31:55 UTC 2021 (98caa86)
x86_64 x86_64 x86_64 GNU/Linux
--- snap ---
Unfortunately it's not working out of the box.
According to the admins the server requires SMB 3.1.1 and encryption.
Moreover they say the server only offers a limited set of ciphers (i.e.
DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384).
Apart from the security requirements the server uses DFS and nested name spaces.
I don't have access to the server and Linux client knowledge is limited. So I'm
somewhat stuck with trial and error.
My current understanding is that for "SMB 3.1.1 and encryption" I have to pass
options "seal,vers=3.1.1" to mount.cifs.
I'm not sure what the make of the required ciphers though. I'm guessing that's only
needed for doing LDAP over SSL (LDAPS).
But it seems that's nothing mount.cifs actually has to use?
(Quickly skimming through the source of cifs.ko I only found the symbols
SMB2_ENCRYPTION_AES128_CCM, SMB2_ENCRYPTION_AES128_GCM.)
So before digging any further, I'm wondering whether this should generally work with
options "seal,vers=3.1.1", what to make of the ciphers requirement.
Thanks and regards -- Till
--
Dipl.-Inform. Till Dörges doerges@xxxxxxxxxxxx
PRESENSE Technologies GmbH Nagelsweg 41, D-20097 HH
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges, Jürgen Sander USt-IdNr.: DE263765024
