Hello, On 22.08.2011 18:28, Shirish Pargaonkar wrote: > On Mon, Aug 22, 2011 at 11:10 AM, Till Dörges <[email protected]> wrote: > >> Hello, everyone, >> >> I'm trying to mount a CIFS share served by Samba using mount.cifs with NTLMv2 >> authentication. >> >> >> According to 'man mount.cifs' the option "sec=ntlmv2" should be supported, >> but it >> keeps giving me "mount error(22): Invalid argument". >> >> The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on >> both sides >> everything works just fine. >> >> >> The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) >> with the >> CIFS kernel module version 1.68. mount.cifs identifies as "version: 4.6". >> >> >> Mounting on the client side it looks like this: >> >> --- snip --- >> # mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o >> domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2 >> >> mount.cifs kernel mount options: >> ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=******** >> mount error(22): Invalid argument >> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) >> --- snap --- >> >> CIFS debugging on the client is enabled: >> >> --- snip --- >> # cat /proc/fs/cifs/cifsFYI >> 1 >> --- snap --- >> >> Which yields the following lines in syslog (for the full log see attachment) >> >> --- snip --- >> Aug 22 17:47:34 client kernel: [28966.056081] >> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c: >> Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200 >> Aug 22 17:47:34 client kernel: [28966.056088] >> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c: >> sess >> setup type 2 >> --- snap --- >> >> "sess setup type 2" seems to indicate that NTLMv2 is used. >> >> >> The server is running a fully patched openSUSE 11.3 with kernel >> 2.6.34.8-0.2-default >> and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are disabled, which >> should force >> the use of NTLMv2 according to 'man smb.conf': >> >> --- snip --- >> server # testparm 2> /dev/null | egrep 'ntlm|lan' >> ntlm auth = No >> server # >> --- snap --- >> >> The server's corresponding log entries are also attached. >> >> >> Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth >> = Yes on >> the server and no sec=ntlmv2 on the client) everything works just fine. >> >> When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2" with >> mount.cifs I >> get "mount error(13): Permission denied" and syslog on the client shows that >> NTLMv1 >> is tried ("sess setup type 1"). >> >> >> So is there anything wrong with my setup? Should NTLMv2 be working between >> Samba and >> mount.cifs? If it should, why isn't it in this particular setup? >> >> >> Any hints will be greatly appreciated. >> >> >> TIA -- Till
[...] > sec=ntlmv2 auth type should work between cifs vfs client and Samba server. Ack. > Can you try sec=ntlmssp and see if it works? Yes, that works. I see "sess setup type 3" in my syslog on the client, and "ntlm_password_check: Checking NTLMv2 password with domain [***]" on the server. I can sucessfully create and remove files on the server from the client. > Can you list the smb.conf file here? See attachment. > And a wireshark trace when sec=ntlmv2 fails would be really helpful. See attachment. HTH -- Till -- Dipl.-Inform. Till Dörges [email protected] Tel. +49 - 40 - 244 2407 - 14 Fax +49 - 40 - 244 2407 - 24 PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH USt-IdNr.: DE263765024 Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges Jürgen Sander Axel Theilmann
# server # egrep -v ^# /etc/samba/smb.conf
[global]
workgroup = WDSTEST
passdb backend = tdbsam
map to guest = Bad User
guest account = wdsguest
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
-s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
netbios name = WDSSAMBA
os level = 65
preferred master = Yes
security = user
lanman auth = no
ntlm auth = no
wins support = Yes
log level = 10
[gastlaufwerk]
comment = Zugriff fuer Gaeste
inherit acls = Yes
path = /srv/samba/guestshare
read only = No
guest ok = yes
guest only = yes
[wdslaufwerk]
comment = Share fuer Nutzer 'wds'
inherit acls = Yes
path = /srv/samba/wdsshare
read only = No
guest ok = no
valid users = wds
ntlmv2-mount-failure.pcap
Description: Binary data
