linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Wout Mertens <wout.mertens@gmail.com>
To: "Aurélien Aptel" <aaptel@suse.com>
Cc: CIFS <linux-cifs@vger.kernel.org>
Subject: Re: Fwd: mount.cifs fails but smbclient succeeds
Date: Thu, 25 Jul 2019 15:24:45 +0200	[thread overview]
Message-ID: <CAO3V83+dmZNNaDQ14up=SL+pGv7ndiqG0y_rE7ciFyy1oNQCQw@mail.gmail.com> (raw)
In-Reply-To: <87zhlnvesj.fsf@suse.com>

Thank you so much Aurélien, smbcmp was really helpful!

Is there a way to force mount.cifs to use DFS? (cifs-utils 6.8, kernel 4.19.57)

It turns out that when smbclient connects, it sends that it supports
DFS, but mount.cifs sends that it does NOT support DFS. Then smbclient
connects to the host and figures out the correct server to talk to,
and connects as needed, but mount.cifs just fails to do that.

What I did was to sniff the smbclient traffic for the server that has
the path I wanted, and then mount that directly using mount.cifs. That
works, but I'm worried that if they move things around it will break
again, or maybe they'll split the mount in two servers.

Here's the comparison: (-: smbclient, +: mount.cifs)
======
smbclient first  has an extra "Negotiate Protocol Request" + Response,
which the mount.cifs doesn't do. Then there's a common "Negotiate
Protocol Request" + Response,
> Session Setup Request, NTLMSSP_NEGOTIATE  (same with the subsequent NTLMSSP_AUTH)
         Server Component: SMB2
     SMB2Header Length: 64
-        Credit Charge: 1
+        Credit Charge: 0
         Channel Sequence: 0
         Reserved: 0000
         Command: Session Setup (1)
-        Credits requested: 8192
-        Flags: 0x00000010, Priority
+        Credits requested: 130
+        Flags: 0x00000000
             .... .... .... .... .... .... .... ...0 = Response: This
is a REQUEST
             .... .... .... .... .... .... .... ..0. = Async command:
This is a SYNC command
             .... .... .... .... .... .... .... .0.. = Chained: This
pdu is NOT a chained command
             .... .... .... .... .... .... .... 0... = Signing: This
pdu is NOT signed
-            .... .... .... .... .... .... .001 .... = Priority: This
pdu contains a PRIORITY
+            .... .... .... .... .... .... .000 .... = Priority: This
pdu does NOT contain a PRIORITY
             ...0 .... .... .... .... .... .... .... = DFS operation:
This is a normal operation
             ..0. .... .... .... .... .... .... .... = Replay
operation: This is NOT a replay operation
         Chain Offset: 0x00000000
-        Message ID: Unknown (2)
-        Process Id: 0x00000000
+        Message ID: Unknown (1)
+        Process Id: 0x000040fc
[...]
-        Security mode: 0x01, Signing enabled
-            .... ...1 = Signing enabled: True
-            .... ..0. = Signing required: False
-        Capabilities: 0x00000001, DFS
-            .... .... .... .... .... .... .... ...1 = DFS: This host
supports DFS
+        Security mode: 0x02, Signing required
+            .... ...0 = Signing enabled: False
+            .... ..1. = Signing required: True
+        Capabilities: 0x00000000
+            .... .... .... .... .... .... .... ...0 = DFS: This host
does NOT support DFS

After that, they both do

> Session Setup Response
> Tree Connect Request Tree: \\corp.local\IPC$
> Tree Connect Response

and then smclient does
> Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \corp.local\ib
but mount.cifs does
> Ioctl Request FSCTL_VALIDATE_NEGOTIATE_INFO
======

I saw that there were fixes in 5.0 regarding crediting and DFS
reconnect, would they make a difference?

Wout.

On Tue, Jul 9, 2019 at 9:38 AM Aurélien Aptel <aaptel@suse.com> wrote:
>
> "Wout Mertens" <wout.mertens@gmail.com> writes:
> > Any suggestions? This is driving me crazy :-/
>
> If you make a network capture of smbclient connecting and a capture of
> mount.cifs failing you can use smbcmp [1] to compare them.
>
> https://github.com/aaptel/smbcmp
>
> --
> Aurélien Aptel / SUSE Labs Samba Team
> GPG: 1839 CB5F 9F5B FB9B AA97  8C99 03C8 A49B 521B D5D3
> SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
> GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 21284 (AG Nürnberg)

  reply	other threads:[~2019-07-25 13:25 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAO3V83L1Q9jCLBsjHgFE1jw2PPi_sHtQz4geDKC4jEPWkhNYBg@mail.gmail.com>
2019-07-09  0:26 ` Fwd: mount.cifs fails but smbclient succeeds Wout Mertens
2019-07-09  3:05   ` Steve French
2019-07-09  7:31     ` Wout Mertens
2019-07-09  7:38   ` Fwd: " Aurélien Aptel
2019-07-25 13:24     ` Wout Mertens [this message]
2019-07-25 14:51       ` Wout Mertens
2019-07-25 18:51       ` Steve French
2019-07-25 20:58         ` Wout Mertens
2019-07-25 23:22           ` Steve French

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAO3V83+dmZNNaDQ14up=SL+pGv7ndiqG0y_rE7ciFyy1oNQCQw@mail.gmail.com' \
    --to=wout.mertens@gmail.com \
    --cc=aaptel@suse.com \
    --cc=linux-cifs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).