* Re: [Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")
[not found] ` <4E527F5C.1090205-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
@ 2011-08-22 16:28 ` Shirish Pargaonkar
[not found] ` <CADT32eKLjbuUjY1=PS9Pqa5zWnHNcCcouzPHmTo3s+QO-9iQ4A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Shirish Pargaonkar @ 2011-08-22 16:28 UTC (permalink / raw)
To: Till Dörges; +Cc: linux-cifs
On Mon, Aug 22, 2011 at 11:10 AM, Till Dörges <doerges-/hMagybUd5GoYr4blSSd5g@public.gmane.org> wrote:
> Hello, everyone,
>
> I'm trying to mount a CIFS share served by Samba using mount.cifs with NTLMv2
> authentication.
>
>
> According to 'man mount.cifs' the option "sec=ntlmv2" should be supported, but it
> keeps giving me "mount error(22): Invalid argument".
>
> The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on both sides
> everything works just fine.
>
>
> The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) with the
> CIFS kernel module version 1.68. mount.cifs identifies as "version: 4.6".
>
>
> Mounting on the client side it looks like this:
>
> --- snip ---
> # mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o
> domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2
>
> mount.cifs kernel mount options:
> ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=********
> mount error(22): Invalid argument
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> --- snap ---
>
> CIFS debugging on the client is enabled:
>
> --- snip ---
> # cat /proc/fs/cifs/cifsFYI
> 1
> --- snap ---
>
> Which yields the following lines in syslog (for the full log see attachment)
>
> --- snip ---
> Aug 22 17:47:34 client kernel: [28966.056081]
> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c:
> Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200
> Aug 22 17:47:34 client kernel: [28966.056088]
> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c: sess
> setup type 2
> --- snap ---
>
> "sess setup type 2" seems to indicate that NTLMv2 is used.
>
>
> The server is running a fully patched openSUSE 11.3 with kernel 2.6.34.8-0.2-default
> and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are disabled, which should force
> the use of NTLMv2 according to 'man smb.conf':
>
> --- snip ---
> server # testparm 2> /dev/null | egrep 'ntlm|lan'
> ntlm auth = No
> server #
> --- snap ---
>
> The server's corresponding log entries are also attached.
>
>
> Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth = Yes on
> the server and no sec=ntlmv2 on the client) everything works just fine.
>
> When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2" with mount.cifs I
> get "mount error(13): Permission denied" and syslog on the client shows that NTLMv1
> is tried ("sess setup type 1").
>
>
> So is there anything wrong with my setup? Should NTLMv2 be working between Samba and
> mount.cifs? If it should, why isn't it in this particular setup?
>
>
> Any hints will be greatly appreciated.
>
>
> TIA -- Till
> --
> Dipl.-Inform. Till Dörges doerges@pre-sense.de
> Tel. +49 - 40 - 244 2407 - 14
> Fax +49 - 40 - 244 2407 - 24
> PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
> USt-IdNr.: DE263765024
> Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
> Till Dörges Jürgen Sander Axel Theilmann
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
sec=ntlmv2 auth type should work between cifs vfs client and Samba server.
Can you try sec=ntlmssp and see if it works?
Can you list the smb.conf file here?
And a wireshark trace when sec=ntlmv2 fails would be really helpful.
Regards,
Shirish
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")
[not found] ` <CADT32eKLjbuUjY1=PS9Pqa5zWnHNcCcouzPHmTo3s+QO-9iQ4A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2011-08-22 17:01 ` Till Dörges
[not found] ` <4E528B56.5070301-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Till Dörges @ 2011-08-22 17:01 UTC (permalink / raw)
To: Shirish Pargaonkar; +Cc: linux-cifs
[-- Attachment #1: Type: text/plain, Size: 3868 bytes --]
Hello,
On 22.08.2011 18:28, Shirish Pargaonkar wrote:
> On Mon, Aug 22, 2011 at 11:10 AM, Till Dörges <doerges-/hMagybUd5GoYr4blSSd5g@public.gmane.org> wrote:
>
>> Hello, everyone,
>>
>> I'm trying to mount a CIFS share served by Samba using mount.cifs with NTLMv2
>> authentication.
>>
>>
>> According to 'man mount.cifs' the option "sec=ntlmv2" should be supported, but it
>> keeps giving me "mount error(22): Invalid argument".
>>
>> The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on both sides
>> everything works just fine.
>>
>>
>> The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) with the
>> CIFS kernel module version 1.68. mount.cifs identifies as "version: 4.6".
>>
>>
>> Mounting on the client side it looks like this:
>>
>> --- snip ---
>> # mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o
>> domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2
>>
>> mount.cifs kernel mount options:
>> ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=********
>> mount error(22): Invalid argument
>> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
>> --- snap ---
>>
>> CIFS debugging on the client is enabled:
>>
>> --- snip ---
>> # cat /proc/fs/cifs/cifsFYI
>> 1
>> --- snap ---
>>
>> Which yields the following lines in syslog (for the full log see attachment)
>>
>> --- snip ---
>> Aug 22 17:47:34 client kernel: [28966.056081]
>> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c:
>> Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200
>> Aug 22 17:47:34 client kernel: [28966.056088]
>> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c: sess
>> setup type 2
>> --- snap ---
>>
>> "sess setup type 2" seems to indicate that NTLMv2 is used.
>>
>>
>> The server is running a fully patched openSUSE 11.3 with kernel 2.6.34.8-0.2-default
>> and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are disabled, which should force
>> the use of NTLMv2 according to 'man smb.conf':
>>
>> --- snip ---
>> server # testparm 2> /dev/null | egrep 'ntlm|lan'
>> ntlm auth = No
>> server #
>> --- snap ---
>>
>> The server's corresponding log entries are also attached.
>>
>>
>> Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth = Yes on
>> the server and no sec=ntlmv2 on the client) everything works just fine.
>>
>> When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2" with mount.cifs I
>> get "mount error(13): Permission denied" and syslog on the client shows that NTLMv1
>> is tried ("sess setup type 1").
>>
>>
>> So is there anything wrong with my setup? Should NTLMv2 be working between Samba and
>> mount.cifs? If it should, why isn't it in this particular setup?
>>
>>
>> Any hints will be greatly appreciated.
>>
>>
>> TIA -- Till
[...]
> sec=ntlmv2 auth type should work between cifs vfs client and Samba server.
Ack.
> Can you try sec=ntlmssp and see if it works?
Yes, that works.
I see "sess setup type 3" in my syslog on the client, and "ntlm_password_check:
Checking NTLMv2 password with domain [***]" on the server. I can sucessfully create
and remove files on the server from the client.
> Can you list the smb.conf file here?
See attachment.
> And a wireshark trace when sec=ntlmv2 fails would be really helpful.
See attachment.
HTH -- Till
--
Dipl.-Inform. Till Dörges doerges-/hMagybUd5GoYr4blSSd5g@public.gmane.org
Tel. +49 - 40 - 244 2407 - 14
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges Jürgen Sander Axel Theilmann
[-- Attachment #2: smb.conf --]
[-- Type: text/plain, Size: 1092 bytes --]
# server # egrep -v ^# /etc/samba/smb.conf
[global]
workgroup = WDSTEST
passdb backend = tdbsam
map to guest = Bad User
guest account = wdsguest
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
netbios name = WDSSAMBA
os level = 65
preferred master = Yes
security = user
lanman auth = no
ntlm auth = no
wins support = Yes
log level = 10
[gastlaufwerk]
comment = Zugriff fuer Gaeste
inherit acls = Yes
path = /srv/samba/guestshare
read only = No
guest ok = yes
guest only = yes
[wdslaufwerk]
comment = Share fuer Nutzer 'wds'
inherit acls = Yes
path = /srv/samba/wdsshare
read only = No
guest ok = no
valid users = wds
[-- Attachment #3: ntlmv2-mount-failure.pcap --]
[-- Type: application/octet-stream, Size: 1830 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")
[not found] ` <4E528B56.5070301-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
@ 2011-08-22 17:33 ` Shirish Pargaonkar
[not found] ` <CADT32eKhcCtNhi2Vd0xwnDR2ZrhMGbX2u-DE3Z3r5awwmd4dTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Shirish Pargaonkar @ 2011-08-22 17:33 UTC (permalink / raw)
To: Till Dörges; +Cc: linux-cifs
On Mon, Aug 22, 2011 at 12:01 PM, Till Dörges <doerges-/hMagybUd5GoYr4blSSd5g@public.gmane.org> wrote:
> Hello,
>
> On 22.08.2011 18:28, Shirish Pargaonkar wrote:
>> On Mon, Aug 22, 2011 at 11:10 AM, Till Dörges <doerges@pre-sense.de> wrote:
>>
>>> Hello, everyone,
>>>
>>> I'm trying to mount a CIFS share served by Samba using mount.cifs with NTLMv2
>>> authentication.
>>>
>>>
>>> According to 'man mount.cifs' the option "sec=ntlmv2" should be supported, but it
>>> keeps giving me "mount error(22): Invalid argument".
>>>
>>> The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on both sides
>>> everything works just fine.
>>>
>>>
>>> The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) with the
>>> CIFS kernel module version 1.68. mount.cifs identifies as "version: 4.6".
>>>
>>>
>>> Mounting on the client side it looks like this:
>>>
>>> --- snip ---
>>> # mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o
>>> domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2
>>>
>>> mount.cifs kernel mount options:
>>> ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=********
>>> mount error(22): Invalid argument
>>> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
>>> --- snap ---
>>>
>>> CIFS debugging on the client is enabled:
>>>
>>> --- snip ---
>>> # cat /proc/fs/cifs/cifsFYI
>>> 1
>>> --- snap ---
>>>
>>> Which yields the following lines in syslog (for the full log see attachment)
>>>
>>> --- snip ---
>>> Aug 22 17:47:34 client kernel: [28966.056081]
>>> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c:
>>> Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200
>>> Aug 22 17:47:34 client kernel: [28966.056088]
>>> /usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c: sess
>>> setup type 2
>>> --- snap ---
>>>
>>> "sess setup type 2" seems to indicate that NTLMv2 is used.
>>>
>>>
>>> The server is running a fully patched openSUSE 11.3 with kernel 2.6.34.8-0.2-default
>>> and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are disabled, which should force
>>> the use of NTLMv2 according to 'man smb.conf':
>>>
>>> --- snip ---
>>> server # testparm 2> /dev/null | egrep 'ntlm|lan'
>>> ntlm auth = No
>>> server #
>>> --- snap ---
>>>
>>> The server's corresponding log entries are also attached.
>>>
>>>
>>> Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth = Yes on
>>> the server and no sec=ntlmv2 on the client) everything works just fine.
>>>
>>> When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2" with mount.cifs I
>>> get "mount error(13): Permission denied" and syslog on the client shows that NTLMv1
>>> is tried ("sess setup type 1").
>>>
>>>
>>> So is there anything wrong with my setup? Should NTLMv2 be working between Samba and
>>> mount.cifs? If it should, why isn't it in this particular setup?
>>>
>>>
>>> Any hints will be greatly appreciated.
>>>
>>>
>>> TIA -- Till
>
> [...]
>
>> sec=ntlmv2 auth type should work between cifs vfs client and Samba server.
>
> Ack.
>
>> Can you try sec=ntlmssp and see if it works?
>
> Yes, that works.
> I see "sess setup type 3" in my syslog on the client, and "ntlm_password_check:
> Checking NTLMv2 password with domain [***]" on the server. I can sucessfully create
> and remove files on the server from the client.
>
>> Can you list the smb.conf file here?
>
> See attachment.
>
>> And a wireshark trace when sec=ntlmv2 fails would be really helpful.
>
> See attachment.
>
> HTH -- Till
> --
> Dipl.-Inform. Till Dörges doerges@pre-sense.de
> Tel. +49 - 40 - 244 2407 - 14
> Fax +49 - 40 - 244 2407 - 24
> PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
> USt-IdNr.: DE263765024
> Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
> Till Dörges Jürgen Sander Axel Theilmann
>
smb.conf options look fine. I will have to spend some time on this.
But sec=ntlmv2/i works against a Windows server just fine, so something needs
to changed to make it work against Samba server, some bit in flags or
flags2 field in cifs/smb header perhaps.
Regards,
Shirish
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")
[not found] ` <CADT32eKhcCtNhi2Vd0xwnDR2ZrhMGbX2u-DE3Z3r5awwmd4dTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2011-08-22 17:57 ` Till Dörges
[not found] ` <4E52988A.8080103-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Till Dörges @ 2011-08-22 17:57 UTC (permalink / raw)
To: Shirish Pargaonkar; +Cc: linux-cifs
On 22.08.2011 19:33, Shirish Pargaonkar wrote:
> smb.conf options look fine. I will have to spend some time on this.
> But sec=ntlmv2/i works against a Windows server just fine, so something needs
> to changed to make it work against Samba server, some bit in flags or
> flags2 field in cifs/smb header perhaps.
For the sake of completeness. I just updated the Samba server from 3.5.4 to 3.6.0,
but the behavior with sec=ntlmv2 (not working) and sec=ntlmssp (working) stays the same.
If there's any information I can provide please let me know.
Regards -- Till
--
Dipl.-Inform. Till Dörges doerges-/hMagybUd5GoYr4blSSd5g@public.gmane.org
Tel. +49 - 40 - 244 2407 - 14
Fax +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
USt-IdNr.: DE263765024
Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
Till Dörges Jürgen Sander Axel Theilmann
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")
[not found] ` <4E52988A.8080103-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
@ 2011-08-22 19:49 ` Shirish Pargaonkar
0 siblings, 0 replies; 5+ messages in thread
From: Shirish Pargaonkar @ 2011-08-22 19:49 UTC (permalink / raw)
To: Till Dörges; +Cc: linux-cifs
On Mon, Aug 22, 2011 at 12:57 PM, Till Dörges <doerges-/hMagybUd5GoYr4blSSd5g@public.gmane.org> wrote:
> On 22.08.2011 19:33, Shirish Pargaonkar wrote:
>
>> smb.conf options look fine. I will have to spend some time on this.
>> But sec=ntlmv2/i works against a Windows server just fine, so something needs
>> to changed to make it work against Samba server, some bit in flags or
>> flags2 field in cifs/smb header perhaps.
>
> For the sake of completeness. I just updated the Samba server from 3.5.4 to 3.6.0,
> but the behavior with sec=ntlmv2 (not working) and sec=ntlmssp (working) stays the same.
>
> If there's any information I can provide please let me know.
>
> Regards -- Till
> --
> Dipl.-Inform. Till Dörges doerges@pre-sense.de
> Tel. +49 - 40 - 244 2407 - 14
> Fax +49 - 40 - 244 2407 - 24
> PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH
> USt-IdNr.: DE263765024
> Geschäftsführer/Managing Directors AG Hamburg, HRB 107844
> Till Dörges Jürgen Sander Axel Theilmann
>
sec=ntlmv2i works against Windows 2003 server.
Does not work against Windows 7, Windows 2008 server, and Samba.
sec=ntlmssp/i which uses ntlmv2, works against all of the above listed
servers.
Looking into it.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2011-08-22 19:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <4E527F5C.1090205@pre-sense.de>
[not found] ` <4E527F5C.1090205-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
2011-08-22 16:28 ` [Samba] mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument") Shirish Pargaonkar
[not found] ` <CADT32eKLjbuUjY1=PS9Pqa5zWnHNcCcouzPHmTo3s+QO-9iQ4A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-22 17:01 ` Till Dörges
[not found] ` <4E528B56.5070301-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
2011-08-22 17:33 ` Shirish Pargaonkar
[not found] ` <CADT32eKhcCtNhi2Vd0xwnDR2ZrhMGbX2u-DE3Z3r5awwmd4dTw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-08-22 17:57 ` Till Dörges
[not found] ` <4E52988A.8080103-/hMagybUd5GoYr4blSSd5g@public.gmane.org>
2011-08-22 19:49 ` Shirish Pargaonkar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.