linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Forced to authenticate with "pre-Windows 2000" logon names
@ 2019-07-31 18:16 Nathan Shearer
  2019-08-01  7:50 ` Steve French
  0 siblings, 1 reply; 3+ messages in thread
From: Nathan Shearer @ 2019-07-31 18:16 UTC (permalink / raw)
  To: linux-cifs

I spent the last two days trying to mount a windows share, and it turns 
out it was not a problem with:

  * share permissions
  * filesystem permissions
  * incorrect password
  * firewalls
  * antivirus software
  * smb version

But was in fact an issue with the username. The username I had was 23 
characters, which is longer than the "pre-Windows 2000" logon name which 
is what cifs was using, even with smb vers=3.0. The error was always 
status code 0xc000006d STATUS_LOGON_FAILURE which this time was actually 
an authentication problem since the client was using the wrong username.

Is there any plan to support windows usernames in samba/cifs that are 
*post* windows 2000 era?

# mount.cifs -V
mount.cifs version: 6.9


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Forced to authenticate with "pre-Windows 2000" logon names
  2019-07-31 18:16 Forced to authenticate with "pre-Windows 2000" logon names Nathan Shearer
@ 2019-08-01  7:50 ` Steve French
  2019-08-01 14:45   ` Nathan Shearer
  0 siblings, 1 reply; 3+ messages in thread
From: Steve French @ 2019-08-01  7:50 UTC (permalink / raw)
  To: Nathan Shearer; +Cc: CIFS

I tried some experiments today with longer usernames (e.g. 32
characters, which is the maximum allowed on the Linux distros I
tried).   mounting with 32 character usernames worked fine (at least
to Samba).  I wouldn't expect anything different to Windows.

I don't remember any recent change to add this support so as long as
you are running a kernel from the last three or four years, hard to
guess what is the issue (if you have evidence like a wireshark trace
or debugging information showing the username getting
remapped/corrupted when passed down that might be helpful)

Can you see the module version (modinfo cifs or "cat
/proc/fs/cifs/DebugData | grep Version") and the kernel version
("uname -a")?


On Wed, Jul 31, 2019 at 2:39 PM Nathan Shearer <mail@nathanshearer.ca> wrote:
>
> I spent the last two days trying to mount a windows share, and it turns
> out it was not a problem with:
>
>   * share permissions
>   * filesystem permissions
>   * incorrect password
>   * firewalls
>   * antivirus software
>   * smb version
>
> But was in fact an issue with the username. The username I had was 23
> characters, which is longer than the "pre-Windows 2000" logon name which
> is what cifs was using, even with smb vers=3.0. The error was always
> status code 0xc000006d STATUS_LOGON_FAILURE which this time was actually
> an authentication problem since the client was using the wrong username.
>
> Is there any plan to support windows usernames in samba/cifs that are
> *post* windows 2000 era?
>
> # mount.cifs -V
> mount.cifs version: 6.9
>


-- 
Thanks,

Steve

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Forced to authenticate with "pre-Windows 2000" logon names
  2019-08-01  7:50 ` Steve French
@ 2019-08-01 14:45   ` Nathan Shearer
  0 siblings, 0 replies; 3+ messages in thread
From: Nathan Shearer @ 2019-08-01 14:45 UTC (permalink / raw)
  To: Steve French; +Cc: CIFS

Hi Steve, thanks for looking into this.

The file server(s) I tried are members of a domain. One is a plain file 
server only, and the other is a domain controller, both are updated 
Windows Server 2012 installs. My linux system is not a member of the 
domain, and is an updated Gentoo install:

# cat /proc/fs/cifs/DebugData | grep Version
CIFS Version 2.20

# cat /proc/version
Linux version 5.2.2 (root@varws03) (gcc version 8.3.0 (Gentoo 8.3.0-r1 
p1.1)) #1 SMP PREEMPT Thu Jul 25 09:08:17 MDT 2019

The actual command I am using right now to mount the share only works 
with the pre-windows 2000 logon name (18 characters):

# mount -v -t cifs -o 
username=xx-xxxx-xxxxxxxxxx,password=xxxxxxxxxxxxxxxxxxxxxxxx,domain=xxxxxxxx-xxx,vers=3.0 
'//192.168.100.10/Test Share' /mnt/temp0

If I use the regular logon name (23 characters) I get these errors:

# mount -v -t cifs -o 
username=xx-xxxx-xxxxxxxxxxyyyyy,password=xxxxxxxxxxxxxxxxxxxxxxxx,domain=xxxxxxxx-xxx,vers=3.0 
'//192.168.100.10/Test Share' /mnt/temp0
mount.cifs kernel mount options: 
ip=192.168.100.10,unc=\\192.168.100.10\Test 
Share,vers=3.0,user=xx-xxxx-xxxxxxxxxxyyyyy,domain=xxxxxxxx-xxx,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

/var/log/messeges
Aug  1 08:43:06 testclient01 kernel: CIFS: Attempting to mount 
//192.168.100.10/Test Share
Aug  1 08:43:07 testclient01 kernel: Status code returned 0xc000006d 
STATUS_LOGON_FAILURE
Aug  1 08:43:07 testclient01 kernel: CIFS VFS: Send error in SessSetup = -13
Aug  1 08:43:07 testclient01 kernel: CIFS VFS: cifs_mount failed 
w/return code = -13

Is the domain considered part of the 32 character username character 
limit? My domain is 12 characters, full logon name with the domain would 
be 35 characters (including the \ separator), while the pre-windows 2000 
name would be 31 characters with the \ separator.

On 8/1/19 1:50 AM, Steve French wrote:
> I tried some experiments today with longer usernames (e.g. 32
> characters, which is the maximum allowed on the Linux distros I
> tried).   mounting with 32 character usernames worked fine (at least
> to Samba).  I wouldn't expect anything different to Windows.
>
> I don't remember any recent change to add this support so as long as
> you are running a kernel from the last three or four years, hard to
> guess what is the issue (if you have evidence like a wireshark trace
> or debugging information showing the username getting
> remapped/corrupted when passed down that might be helpful)
>
> Can you see the module version (modinfo cifs or "cat
> /proc/fs/cifs/DebugData | grep Version") and the kernel version
> ("uname -a")?
>
>
> On Wed, Jul 31, 2019 at 2:39 PM Nathan Shearer <mail@nathanshearer.ca> wrote:
>> I spent the last two days trying to mount a windows share, and it turns
>> out it was not a problem with:
>>
>>    * share permissions
>>    * filesystem permissions
>>    * incorrect password
>>    * firewalls
>>    * antivirus software
>>    * smb version
>>
>> But was in fact an issue with the username. The username I had was 23
>> characters, which is longer than the "pre-Windows 2000" logon name which
>> is what cifs was using, even with smb vers=3.0. The error was always
>> status code 0xc000006d STATUS_LOGON_FAILURE which this time was actually
>> an authentication problem since the client was using the wrong username.
>>
>> Is there any plan to support windows usernames in samba/cifs that are
>> *post* windows 2000 era?
>>
>> # mount.cifs -V
>> mount.cifs version: 6.9
>>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-08-01 14:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-31 18:16 Forced to authenticate with "pre-Windows 2000" logon names Nathan Shearer
2019-08-01  7:50 ` Steve French
2019-08-01 14:45   ` Nathan Shearer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).