On Thu, Oct 25, 2012 at 11:51 AM, Li, Mike <[email protected]> wrote: > > Thanks Shirish for reply and the KB. I added the key AllowLegacySrvCall=1 and > updated lmcompatibilitylevel from 4 to 3 > /root/mount.cifs //10.6.65.66/wwwlog$ /mnt/ny4wnwebtp033 > -odom=EXT,user=LiM2,sec=ntlmv2;
Perhaps ntlmv2i might help if server mandates smb signing? A wireshark trace during this exchange would be helpful. > Password: > mount error 13 = Permission denied > > > 12:30:10.024515 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: S > 1463279188:1463279188(0) win 5840 <mss 1460,sackOK,timestamp 277814120 > 0,nop,wscale 5> > 12:30:10.039730 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: S > 2511355381:2511355381(0) ack 1463279189 win 5792 <mss 1432,sackOK,timestamp > 922908730 277814120,nop,wscale 2> > 12:30:10.039746 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: . ack 1 > win 183 <nop,nop,timestamp 277814135 922908730> > 12:30:10.039779 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: P 1:83(82) > ack 1 win 183 <nop,nop,timestamp 277814135 922908730> > 12:30:10.040249 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: . ack 83 > win 1448 <nop,nop,timestamp 922908730 277814135> > 12:30:10.050957 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: P > 1:118(117) ack 83 win 1448 <nop,nop,timestamp 922908741 277814135> > 12:30:10.050978 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: . ack 118 > win 183 <nop,nop,timestamp 277814146 922908741> > 12:30:10.051013 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: P > 83:331(248) ack 118 win 183 <nop,nop,timestamp 277814146 922908741> > 12:30:10.062349 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: P > 118:355(237) ack 331 win 1716 <nop,nop,timestamp 922908752 277814146> > 12:30:10.077153 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: P > 331:427(96) ack 355 win 216 <nop,nop,timestamp 277814172 922908752> > 12:30:10.086069 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: P > 355:394(39) ack 427 win 1716 <nop,nop,timestamp 922908776 277814172> > 12:30:10.086262 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: P > 427:470(43) ack 394 win 216 <nop,nop,timestamp 277814181 922908776> > 12:30:10.095249 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: P > 394:433(39) ack 470 win 1716 <nop,nop,timestamp 922908785 277814181> > 12:30:10.135767 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: . ack 433 > win 216 <nop,nop,timestamp 277814231 922908785> > 12:30:10.221774 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: F > 470:470(0) ack 433 win 216 <nop,nop,timestamp 277814317 922908785> > 12:30:10.231159 IP 10.6.65.66.microsoft-ds > 150.123.157.31.53669: F > 433:433(0) ack 471 win 1716 <nop,nop,timestamp 922908921 277814317> > 12:30:10.231176 IP 150.123.157.31.53669 > 10.6.65.66.microsoft-ds: . ack 434 > win 216 <nop,nop,timestamp 277814326 922908921> > > -----Original Message----- > From: Shirish Pargaonkar [mailto:[email protected]] > Sent: Thursday, October 25, 2012 12:18 PM > To: Li, Mike > Cc: [email protected] > Subject: Re: mount.cifs 1.10 to mount share for windows 2008 R2 > > On Thu, Oct 25, 2012 at 10:52 AM, Li, Mike <[email protected]> wrote: >> I also tried going with port 445, and getting: >> >> /root/mount.cifs //10.6.65.66/wwwlog$ /mnt/ny4wnwebtp033 >> -odom=EXT,user=LiM2,port=445,sec=ntlmv2i; >> Password: >> mount error 22 = Invalid argument >> >> 11:46:09.729653 IP (tos 0x0, ttl 64, id 57474, offset 0, flags [DF], >> proto: TCP (6), length: 60) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: S, cksum 0x271b (correct), >> 2967089806:2967089806(0) win 5840 <mss 1460,sackOK,timestamp 275173900 >> 0,nop,wscale 5> >> 11:46:09.738708 IP (tos 0x28, ttl 62, id 0, offset 0, flags [DF], >> proto: TCP (6), length: 60) 10.6.65.66.microsoft-ds > >> 150.123.157.31.50075: S, cksum 0x8495 (correct), >> 4026420658:4026420658(0) ack 2967089807 win 5792 <mss >> 1432,sackOK,timestamp 920268344 275173900,nop,wscale 2> >> 11:46:09.738730 IP (tos 0x0, ttl 64, id 57475, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: ., cksum 0xc920 (correct), 1:1(0) ack 1 win >> 183 <nop,nop,timestamp 275173909 920268344> >> 11:46:09.738830 IP (tos 0x0, ttl 64, id 57476, offset 0, flags [DF], >> proto: TCP (6), length: 134) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: P 1:83(82) ack 1 win 183 <nop,nop,timestamp >> 275173909 920268344> >> 11:46:09.739294 IP (tos 0x28, ttl 62, id 25482, offset 0, flags [DF], >> proto: TCP (6), length: 52) 10.6.65.66.microsoft-ds > >> 150.123.157.31.50075: ., cksum 0xc3dc (correct), 1:1(0) ack 83 win >> 1448 <nop,nop,timestamp 920268345 275173909> >> 11:46:09.749951 IP (tos 0x28, ttl 62, id 25484, offset 0, flags [DF], >> proto: TCP (6), length: 169) 10.6.65.66.microsoft-ds > >> 150.123.157.31.50075: P 1:118(117) ack 83 win 1448 <nop,nop,timestamp >> 920268356 275173909> >> 11:46:09.750005 IP (tos 0x0, ttl 64, id 57477, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: ., cksum 0xc841 (correct), 83:83(0) ack 118 >> win 183 <nop,nop,timestamp 275173921 920268356> >> 11:46:09.750053 IP (tos 0x0, ttl 64, id 57478, offset 0, flags [DF], >> proto: TCP (6), length: 300) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: P 83:331(248) ack 118 win 183 >> <nop,nop,timestamp 275173921 920268356> >> 11:46:09.760126 IP (tos 0x28, ttl 62, id 25486, offset 0, flags [DF], >> proto: TCP (6), length: 91) 10.6.65.66.microsoft-ds > >> 150.123.157.31.50075: P 118:157(39) ack 331 win 1716 >> <nop,nop,timestamp 920268366 275173921> >> 11:46:09.800471 IP (tos 0x0, ttl 64, id 57479, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: ., cksum 0xc6e6 (correct), 331:331(0) ack 157 >> win 183 <nop,nop,timestamp 275173971 920268366> >> 11:46:09.888773 IP (tos 0x0, ttl 64, id 57480, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: F, cksum 0xc68d (correct), 331:331(0) ack 157 >> win 183 <nop,nop,timestamp 275174059 920268366> >> 11:46:09.899433 IP (tos 0x28, ttl 62, id 25488, offset 0, flags [DF], >> proto: TCP (6), length: 52) 10.6.65.66.microsoft-ds > >> 150.123.157.31.50075: F, cksum 0xc005 (correct), 157:157(0) ack 332 >> win 1716 <nop,nop,timestamp 920268504 275174059> >> 11:46:09.899440 IP (tos 0x0, ttl 64, id 57481, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.50075 > >> 10.6.65.66.microsoft-ds: ., cksum 0xc5f7 (correct), 332:332(0) ack 158 >> win 183 <nop,nop,timestamp 275174070 920268504> >> >> >> -----Original Message----- >> From: Li, Mike >> Sent: Thursday, October 25, 2012 10:48 AM >> To: '[email protected]' >> Subject: mount.cifs 1.10 to mount share for windows 2008 R2 >> >> Hi, >> >> Tried to mount a share from windows 2008 R2 on Linux 2.6.19-1.2895.fc6, but >> have been not successful. >> Not sure why I'm getting "NBT SessionReject" from the win2008 server. Is >> there any registry update needed or a newer version of mount.cifs? >> Please help. Thanks. >> >> My version of mount.cifs is 1.10. Not sure if there is a newer version. >> sec= Security mode. Allowed values are: >> >> Â. none attempt to connection as a null user (no name) >> >> Â. krb5 Use Kerberos version 5 authentication >> >> Â. krb5i Use Kerberos authentication and packet signing >> >> Â. ntlm Use NTLM password hashing (default) >> >> Â. ntlmi Use NTLM password hashing with signing >> (if >> /proc/fs/cifs/PacketSigningEnabled on or if server >> requires >> signing also can be the default) >> >> Â. ntlmv2 Use NTLMv2 password hashing >> >> Â. ntlmv2i Use NTLMv2 password hashing with packet >> signing >> >> [NB This [sec parameter] is under development and expected to >> be >> available in cifs kernel module 1.40 and later] >> >> >> # /root/mount.cifs //10.6.65.66/wwwlog$ /mnt/ny4wnwebtp033 >> -odom=EXT,LiM2,sec=ntlmv2i,port=139 >> mount error 112 = Host is down >> # /root/mount.cifs //10.6.65.66/wwwlog$ /mnt/ny4wnwebtp033 >> -odom=EXT,user=LiM2,sec=krb5,port=139; >> Password: >> mount error 112 = Host is down >> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) >> >> tcpdump host 10.6.65.66 -n -vv >> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size >> 96 bytes >> 16:08:00.714252 IP (tos 0x0, ttl 64, id 4663, offset 0, flags [DF], >> proto: TCP (6), length: 60) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: S, cksum 0x1f2f (correct), >> 1324558118:1324558118(0) win 5840 <mss 1460,sackOK,timestamp 204485905 >> 0,nop,wscale 5> >> 16:08:00.729388 IP (tos 0x28, ttl 62, id 0, offset 0, flags [DF], >> proto: TCP (6), length: 60) 10.6.65.66.netbios-ssn > >> 150.123.157.31.56122: S, cksum 0xc876 (correct), >> 2392791643:2392791643(0) ack 1324558119 win 5792 <mss >> 1432,sackOK,timestamp 849574744 204485905,nop,wscale 2> >> 16:08:00.729396 IP (tos 0x0, ttl 64, id 4664, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: ., cksum 0x0cfc (correct), 1:1(0) ack 1 win >> 183 <nop,nop,timestamp 204485920 849574744> >> 16:08:00.729466 IP (tos 0x0, ttl 64, id 4665, offset 0, flags [DF], >> proto: TCP (6), length: 124) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: P 1:73(72) ack 1 win 183 <nop,nop,timestamp >> 204485920 849574744> >>>>> NBT Session Packet >> NBT Session Request >> Flags=0x0 >> Length=68 (0x44) >> Destination= >> WARNING: Short packet. Try increasing the snap length >> >> >> 16:08:00.729980 IP (tos 0x28, ttl 62, id 24837, offset 0, flags [DF], >> proto: TCP (6), length: 52) 10.6.65.66.netbios-ssn > >> 150.123.157.31.56122: ., cksum 0x07c2 (correct), 1:1(0) ack 73 win >> 1448 <nop,nop,timestamp 849574745 204485920> >> 16:08:00.730880 IP (tos 0x0, ttl 64, id 4666, offset 0, flags [DF], >> proto: TCP (6), length: 134) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: P 73:155(82) ack 1 win 183 <nop,nop,timestamp >> 204485922 849574745> >>>>> NBT Session Packet >> NBT Session Message >> Flags=0x0 >> Length=78 (0x4e) >> WARNING: Short packet. Try increasing the snap length by 52 >> >> SMB PACKET: SMBnegprot (REQUEST) >> SMB Command = 0x72 >> Error class = 0x0 >> Error code = 0 (0x0) >> Flags1 = 0x0 >> Flags2 = 0x1 >> Tree ID = 0 (0x0) >> Proc ID = >> WARNING: Short packet. Try increasing the snap length [|SMB] >> >> 16:08:00.731379 IP (tos 0x28, ttl 62, id 24839, offset 0, flags [DF], >> proto: TCP (6), length: 52) 10.6.65.66.netbios-ssn > >> 150.123.157.31.56122: ., cksum 0x076d (correct), 1:1(0) ack 155 win >> 1448 <nop,nop,timestamp 849574746 204485922> >> 16:08:00.740412 IP (tos 0x28, ttl 62, id 24841, offset 0, flags [DF], >> proto: TCP (6), length: 57) 10.6.65.66.netbios-ssn > >> 150.123.157.31.56122: P, cksum 0x0255 (correct), 1:6(5) ack 155 win >> 1448 <nop,nop,timestamp 849574755 204485922> >>>>> NBT Session Packet >> NBT SessionReject >> Flags=0x0 >> Length=1 (0x1) >> Reason=0x82 >> Called name not present >> >> >> 16:08:00.740512 IP (tos 0x0, ttl 64, id 4667, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: ., cksum 0x0c47 (correct), 155:155(0) ack 6 >> win 183 <nop,nop,timestamp 204485931 849574755> >> 16:08:00.747499 IP (tos 0x28, ttl 62, id 24843, offset 0, flags [DF], >> proto: TCP (6), length: 52) 10.6.65.66.netbios-ssn > >> 150.123.157.31.56122: F, cksum 0x074e (correct), 6:6(0) ack 155 win >> 1448 <nop,nop,timestamp 849574762 204485931> >> 16:08:00.786870 IP (tos 0x0, ttl 64, id 4668, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: ., cksum 0x0c10 (correct), 155:155(0) ack 7 >> win 183 <nop,nop,timestamp 204485978 849574762> >> 16:08:00.866869 IP (tos 0x0, ttl 64, id 4669, offset 0, flags [DF], >> proto: TCP (6), length: 52) 150.123.157.31.56122 > >> 10.6.65.66.netbios-ssn: R, cksum 0x0bbc (correct), 155:155(0) ack 7 >> win 183 <nop,nop,timestamp 204486058 849574762> >> >> >> Confidentiality Notice: This email, including attachments, may >> include non-public, proprietary, confidential or legally privileged >> information. If you are not an intended recipient or an authorized >> agent of an intended recipient, you are hereby notified that any >> dissemination, distribution or copying of the information contained in >> or transmitted with this e-mail is unauthorized and strictly >> prohibited. If you have received this email in error, please notify >> the sender by replying to this message and permanently delete this >> e-mail, its attachments, and any copies of it immediately. You should >> not retain, copy or use this e-mail or any attachment for any purpose, >> nor disclose all or any part of the contents to any other person. >> Thank you >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-cifs" >> in the body of a message to [email protected] More majordomo >> info at http://vger.kernel.org/majordomo-info.html > > Perhaps the Windows 2008 server is missing this patch! > > http://support.microsoft.com/kb/957441/en-us > > Confidentiality Notice: This email, including attachments, may include > non-public, proprietary, confidential or legally privileged information. If > you are not an intended recipient or an authorized agent of an intended > recipient, you are hereby notified that any dissemination, distribution or > copying of the information contained in or transmitted with this e-mail is > unauthorized and strictly prohibited. If you have received this email in > error, please notify the sender by replying to this message and permanently > delete this e-mail, its attachments, and any copies of it immediately. You > should not retain, copy or use this e-mail or any attachment for any purpose, > nor disclose all or any part of the contents to any other person. Thank you > > -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
