* Forced to authenticate with "pre-Windows 2000" logon names
@ 2019-07-31 18:16 Nathan Shearer
2019-08-01 7:50 ` Steve French
0 siblings, 1 reply; 3+ messages in thread
From: Nathan Shearer @ 2019-07-31 18:16 UTC (permalink / raw)
To: linux-cifs
I spent the last two days trying to mount a windows share, and it turns
out it was not a problem with:
* share permissions
* filesystem permissions
* incorrect password
* firewalls
* antivirus software
* smb version
But was in fact an issue with the username. The username I had was 23
characters, which is longer than the "pre-Windows 2000" logon name which
is what cifs was using, even with smb vers=3.0. The error was always
status code 0xc000006d STATUS_LOGON_FAILURE which this time was actually
an authentication problem since the client was using the wrong username.
Is there any plan to support windows usernames in samba/cifs that are
*post* windows 2000 era?
# mount.cifs -V
mount.cifs version: 6.9
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Forced to authenticate with "pre-Windows 2000" logon names
2019-07-31 18:16 Forced to authenticate with "pre-Windows 2000" logon names Nathan Shearer
@ 2019-08-01 7:50 ` Steve French
2019-08-01 14:45 ` Nathan Shearer
0 siblings, 1 reply; 3+ messages in thread
From: Steve French @ 2019-08-01 7:50 UTC (permalink / raw)
To: Nathan Shearer; +Cc: CIFS
I tried some experiments today with longer usernames (e.g. 32
characters, which is the maximum allowed on the Linux distros I
tried). mounting with 32 character usernames worked fine (at least
to Samba). I wouldn't expect anything different to Windows.
I don't remember any recent change to add this support so as long as
you are running a kernel from the last three or four years, hard to
guess what is the issue (if you have evidence like a wireshark trace
or debugging information showing the username getting
remapped/corrupted when passed down that might be helpful)
Can you see the module version (modinfo cifs or "cat
/proc/fs/cifs/DebugData | grep Version") and the kernel version
("uname -a")?
On Wed, Jul 31, 2019 at 2:39 PM Nathan Shearer <mail@nathanshearer.ca> wrote:
>
> I spent the last two days trying to mount a windows share, and it turns
> out it was not a problem with:
>
> * share permissions
> * filesystem permissions
> * incorrect password
> * firewalls
> * antivirus software
> * smb version
>
> But was in fact an issue with the username. The username I had was 23
> characters, which is longer than the "pre-Windows 2000" logon name which
> is what cifs was using, even with smb vers=3.0. The error was always
> status code 0xc000006d STATUS_LOGON_FAILURE which this time was actually
> an authentication problem since the client was using the wrong username.
>
> Is there any plan to support windows usernames in samba/cifs that are
> *post* windows 2000 era?
>
> # mount.cifs -V
> mount.cifs version: 6.9
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Forced to authenticate with "pre-Windows 2000" logon names
2019-08-01 7:50 ` Steve French
@ 2019-08-01 14:45 ` Nathan Shearer
0 siblings, 0 replies; 3+ messages in thread
From: Nathan Shearer @ 2019-08-01 14:45 UTC (permalink / raw)
To: Steve French; +Cc: CIFS
Hi Steve, thanks for looking into this.
The file server(s) I tried are members of a domain. One is a plain file
server only, and the other is a domain controller, both are updated
Windows Server 2012 installs. My linux system is not a member of the
domain, and is an updated Gentoo install:
# cat /proc/fs/cifs/DebugData | grep Version
CIFS Version 2.20
# cat /proc/version
Linux version 5.2.2 (root@varws03) (gcc version 8.3.0 (Gentoo 8.3.0-r1
p1.1)) #1 SMP PREEMPT Thu Jul 25 09:08:17 MDT 2019
The actual command I am using right now to mount the share only works
with the pre-windows 2000 logon name (18 characters):
# mount -v -t cifs -o
username=xx-xxxx-xxxxxxxxxx,password=xxxxxxxxxxxxxxxxxxxxxxxx,domain=xxxxxxxx-xxx,vers=3.0
'//192.168.100.10/Test Share' /mnt/temp0
If I use the regular logon name (23 characters) I get these errors:
# mount -v -t cifs -o
username=xx-xxxx-xxxxxxxxxxyyyyy,password=xxxxxxxxxxxxxxxxxxxxxxxx,domain=xxxxxxxx-xxx,vers=3.0
'//192.168.100.10/Test Share' /mnt/temp0
mount.cifs kernel mount options:
ip=192.168.100.10,unc=\\192.168.100.10\Test
Share,vers=3.0,user=xx-xxxx-xxxxxxxxxxyyyyy,domain=xxxxxxxx-xxx,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
/var/log/messeges
Aug 1 08:43:06 testclient01 kernel: CIFS: Attempting to mount
//192.168.100.10/Test Share
Aug 1 08:43:07 testclient01 kernel: Status code returned 0xc000006d
STATUS_LOGON_FAILURE
Aug 1 08:43:07 testclient01 kernel: CIFS VFS: Send error in SessSetup = -13
Aug 1 08:43:07 testclient01 kernel: CIFS VFS: cifs_mount failed
w/return code = -13
Is the domain considered part of the 32 character username character
limit? My domain is 12 characters, full logon name with the domain would
be 35 characters (including the \ separator), while the pre-windows 2000
name would be 31 characters with the \ separator.
On 8/1/19 1:50 AM, Steve French wrote:
> I tried some experiments today with longer usernames (e.g. 32
> characters, which is the maximum allowed on the Linux distros I
> tried). mounting with 32 character usernames worked fine (at least
> to Samba). I wouldn't expect anything different to Windows.
>
> I don't remember any recent change to add this support so as long as
> you are running a kernel from the last three or four years, hard to
> guess what is the issue (if you have evidence like a wireshark trace
> or debugging information showing the username getting
> remapped/corrupted when passed down that might be helpful)
>
> Can you see the module version (modinfo cifs or "cat
> /proc/fs/cifs/DebugData | grep Version") and the kernel version
> ("uname -a")?
>
>
> On Wed, Jul 31, 2019 at 2:39 PM Nathan Shearer <mail@nathanshearer.ca> wrote:
>> I spent the last two days trying to mount a windows share, and it turns
>> out it was not a problem with:
>>
>> * share permissions
>> * filesystem permissions
>> * incorrect password
>> * firewalls
>> * antivirus software
>> * smb version
>>
>> But was in fact an issue with the username. The username I had was 23
>> characters, which is longer than the "pre-Windows 2000" logon name which
>> is what cifs was using, even with smb vers=3.0. The error was always
>> status code 0xc000006d STATUS_LOGON_FAILURE which this time was actually
>> an authentication problem since the client was using the wrong username.
>>
>> Is there any plan to support windows usernames in samba/cifs that are
>> *post* windows 2000 era?
>>
>> # mount.cifs -V
>> mount.cifs version: 6.9
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-08-01 14:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-31 18:16 Forced to authenticate with "pre-Windows 2000" logon names Nathan Shearer
2019-08-01 7:50 ` Steve French
2019-08-01 14:45 ` Nathan Shearer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).