[Samba] SMB Signing issues... smbclient works, mount does not...
Julian Houghton
I have an issue that remains unresolved on my usual forum, linuxforums.org.=
.. it relates to SMB Signing when connecting from Linux to a Win 2003 file =
server.
My OS:
>> PClinuxOS - a Mandriva derivative
My Samba versions:
>> samba-client-3.0.30-3pclos2007.i586.rpm
>> samba-common-3.0.30-3pclos2007.i586.rpm
>> samba-doc-3.0.30-3pclos2007.i586.rpm
>> samba-server-3.0.30-3pclos2007.i586.rpm
When attempting to mount a remote share, "mount -t smbfs //server/share /mn=
t/dir -o username=3Duser,password=3Dpass" I get the following error:
<snip>
cli_negprot: SMB signing is mandatory and we have disabled it.
14216: protocol negotiation failed
SMB connection failed
<snip>
When I try smbclient... "smbclient //server/share -U user" and enter my pas=
sword, smbclient connects without issue.
I have tried to solve things, but have come across a void in the help files=
, man files and online postings with regards to SMB Signing. LOL I was espe=
cially mystified to learn from a posting on your mail-list that there is an=
undocumented smbclient switch ("-S", i.e. capital "S") which can be used t=
o enabled or disable SMB signing at the command-line. Why is this switch no=
t in any of the man files???
Anyway, using "smbclient //server/share -U user -S off" results in the exac=
t same error message quoted above, as you would expect. If I use "-S on" ho=
wever, smbclient connects properly.
In an effort to get the mount command to work, I have assumed that smb.conf=
is the reference that mount.smbfs uses. I have tried all the various combi=
nations of "server signing =3D <x>" and "client signing =3D <x>" (where <x>=
is either Auto, Mandatory or Disabled as per the man file and other refs f=
or smb.conf). I have even tried "on" and "off". Nothing works... mount, via=
mount.smbfs, always gives the SMB Signing error. It's like it isn't readin=
g the config file.
Any help on this issue would be appreciated, especially info on what variab=
les mount.smbfs reads and what the -S hidden switch really does.
Also, please note that I am aware of cifs... using cifs in the mount comman=
d also fails, with:
<snip>
mount error 13 =3D Permission denied
Refer to the mount.cifs manual page (e.g.man mount.cifs)
<snip>
Which the /var/log/messages (and dedug etc.) file tells you is because of S=
MB Signing failures... didn't note the exact error down, but was something =
about an unexpected SMB signature.
I am hoping that since smbclient works I should be able to get mount via sm=
bfs to work too.
Thanks.
--=20
Respectfully... Sarlac II
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The moving clock of K` appears to observer K
to run slow by the factor (1-v2/c2)^(1/2)
relative to the stationary clocks in K.
This is the phenomenon of time dilation.
The faster you run, the younger you look,
to everyone but yourself.
To reply, remove "nospam"...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html=0A=0A=0A
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Kai Blin
Content-Type: multipart/signed; boundary="nextPart3801880.hzRlIskslo";
protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
--nextPart3801880.hzRlIskslo
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Sunday 25 January 2009 19:35:15 Julian Houghton wrote:
> When attempting to mount a remote share, "mount -t smbfs //server/share
> /mnt/dir -o username=3Duser,password=3Dpass" I get the following error:
smbfs has been deprecated quite a while ago. Please try using cifs.
Cheers,
Kai
=2D-=20
Kai Blin
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
=2D-
Will code for cotton.
--nextPart3801880.hzRlIskslo
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBJfNZbEKXX/bF2FpQRAqFHAJwMlNjZ/nY6oggAYAlLQ1jER4MgNACfebos
VgpFuyHsVqkTVjGtHgLtXDg=
=isKu
-----END PGP SIGNATURE-----
--nextPart3801880.hzRlIskslo--
--===============0972421729==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--===============0972421729==--
Julian Houghton
<snip>
> smbfs has been deprecated quite a while ago. Please try
> using cifs.
Hi Kai
Thanks for the reply... I will stick to CIFS as you suggest.
Thus, as per my previous posting, smbclient works fine. However, trying to =
mount with the following command results in the usual error:
<snip>
[root@localhost ~]# mount -t cifs -o username=3Duser,password=3Dpass,ip=3D1=
92.200.200.10,servern=3DSERVER //server/share /mnt/share/
mount error 13 =3D Permission denied
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
<snip>
A look at messages shows:
<snip>
[root@localhost cifs]# tail -n 3 /var/log/messages
Jan 26 21:22:15 localhost kernel: CIFS VFS: Unexpected SMB signature
Jan 26 21:22:15 localhost kernel: CIFS VFS: Send error in SessSetup =3D -1=
3
Jan 26 21:22:15 localhost kernel: CIFS VFS: cifs_mount failed w/return cod=
e =3D -13
<snip>
My question is, how do I enable SMB Signing for the CIFS kernel module. I'm=
guessing that I need to add something to the /proc/fs/cifs/ directory?
I cannot find an online resource that lists all the possible module paramet=
ers... does one exist (the user manual isn't exhuastive)?
Thanks.
***************************
Other info that may relate:
I am running kernel 2.6.22.17.tex2, with tools mount-cifs-3.0.30-3pclos2007=
installed. Running modprobe returns the following:
<snip>
[root@localhost ~]# modinfo cifs.ko
filename: /lib/modules/2.6.22.17.tex2/kernel/fs/cifs/cifs.ko.gz
author: Steve French <sfr...@us.ibm.com>
license: GPL
description: VFS to access servers complying with the SNIA CIFS Specific=
ation e.g. Samba and Windows
version: 1.49
vermagic: 2.6.22.17.tex2 SMP mod_unload 686
depends:
srcversion: 30616BA7D30E1F22CF9B850
parm: cifs_max_pending:Simultaneous requests to server. Default: =
50 Range: 2 to 256 (int)
parm: cifs_min_small:Small network buffers in pool. Default: 30 R=
ange: 2 to 256 (int)
parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 t=
o 64 (int)
parm: CIFSMaxBufSize:Network buffer size (not including header). =
Default: 16384 Range: 8192 to 130048 (int)
<snip>=0A=0A=0A
Günter Kukkukk
> --- On Sun, 25/1/09, Kai Blin <k...@samba.org> wrote:
> <snip>
> > smbfs has been deprecated quite a while ago. Please try
> > using cifs.
> <snip>
> Hi Kai
>=20
> Thanks for the reply... I will stick to CIFS as you suggest.
> Thus, as per my previous posting, smbclient works fine. However, trying t=
o mount with the following command results in the usual error:
> <snip>
> [root@localhost ~]# mount -t cifs -o username=3Duser,password=3Dpass,ip=
> mount error 13 =3D Permission denied
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> <snip>
> A look at messages shows:
> <snip>
> [root@localhost cifs]# tail -n 3 /var/log/messages
> Jan 26 21:22:15 localhost kernel: CIFS VFS: Unexpected SMB signature
=2D13
> Jan 26 21:22:15 localhost kernel: CIFS VFS: cifs_mount failed w/return c=
ode =3D -13
> <snip>
>=20
> My question is, how do I enable SMB Signing for the CIFS kernel module. I=
'm guessing that I need to add something to the /proc/fs/cifs/ directory?
>=20
> I cannot find an online resource that lists all the possible module param=
eters... does one exist (the user manual isn't exhuastive)?
>=20
> Thanks.
>=20
> ***************************
> Other info that may relate:
> I am running kernel 2.6.22.17.tex2, with tools mount-cifs-3.0.30-3pclos20=
07 installed. Running modprobe returns the following:
> <snip>
> [root@localhost ~]# modinfo cifs.ko
> filename: /lib/modules/2.6.22.17.tex2/kernel/fs/cifs/cifs.ko.gz
> author: Steve French <sfr...@us.ibm.com>
> license: GPL
ication e.g. Samba and Windows
> version: 1.49
> vermagic: 2.6.22.17.tex2 SMP mod_unload 686
> depends:
> srcversion: 30616BA7D30E1F22CF9B850
: 50 Range: 2 to 256 (int)
> parm: cifs_min_small:Small network buffers in pool. Default: 30=
Range: 2 to 256 (int)
to 64 (int)
> parm: CIFSMaxBufSize:Network buffer size (not including header)=
=2E Default: 16384 Range: 8192 to 130048 (int)
> <snip>
>=20
>=20
> =20
at least most recent cifs vfs (version 1.56) from kernel 2.6.28 does
support the mount option "sign".
Have a look at the following url for the files README and CHANGES
to see the full details regarding options and change notes:
(should be _one_ long url line!)
http://git.kernel.org/?p=3Dlinux/kernel/git/sfrench/cifs-2.6.git;a=3Dtree;f=
=3Dfs/cifs;h=3D34a787a31402775e2dffc6f3f3c50aaf2e6e24b9;hb=3Dc996d2b116a0f3=
e1c4d09cfc0e2c926558fece79
You'll also notice the description of the pseudo file at
/proc/fs/cifs/PacketSigningEnabled
Cheers, G=C3=BCnter
Julian Houghton
> From: G=FCnter Kukkukk <li...@kukkukk.com>
> Subject: Re: [Samba] SMB Signing issues... smbclient works, mount does no=
t...
> To: sa...@lists.samba.org
<snip>=20
> at least most recent cifs vfs (version 1.56) from kernel
> 2.6.28 does
> support the mount option "sign".
> Have a look at the following url for the files README and
> CHANGES
> to see the full details regarding options and change notes:
> (should be _one_ long url line!)
> http://git.kernel.org/?p=3Dlinux/kernel/git/sfrench/cifs-2.6.git;a=3Dtree=
;f=3Dfs/cifs;h=3D34a787a31402775e2dffc6f3f3c50aaf2e6e24b9;hb=3Dc996d2b116a0=
f3e1c4d09cfc0e2c926558fece79
>=20
> You'll also notice the description of the pseudo file
> at
> /proc/fs/cifs/PacketSigningEnabled
<snip>
Hi G=FCnter
Mount option "sign" sounds like a good idea... navigating kernel options is=
intimidating.
Thanks for link, got it all in one line (LOL). Have subsequently downloaded=
kernel source via apt-get. Browsed to "/usr/src/linux-2.6.22.17.tex2/fs/ci=
fs/" and opened README in less. Way more info than the "info" file. :o) Sho=
t.
Okay, so looking at things now, I do not have the PacketSigningEnabled psue=
do-file in my /proc/fs/cifs/ directory. And the dir is readonly. How do I c=
reate the file? chmod u+w /proc/fs/cifs & touch Packet... etc.?
I also see that I can play with the SecurityFlags... eg. 0x07007 to enable =
NTML with signing.
However, setting SecurityFlags to 0x7007 and trying the mount again still f=
ails. Sigh.
*****************************************
Further debug info:
[root@localhost cifs]# tail -n 70 /var/log/syslog
<snip>
Jan 26 23:18:58 localhost kernel: fs/cifs/cifsfs.c: Devname: //inhep-fs/ju=
lian flags: 64
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: CIFS VFS: in cifs_mou=
nt as Xid: 2345245 with uid: 0
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: Username: julian
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: UNC: \\inhep-fs\julia=
n ip: 192.200.200.10
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: Socket created
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: sndbuf 16384 rcvbuf 8=
7380 rcvtimeo 0x7fffffff
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: Demultiplex PID: 2108=
3
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: Existing smb sess not=
found
Jan 26 23:18:58 localhost kernel: fs/cifs/cifssmb.c: secFlags 0x1003
Jan 26 23:18:58 localhost kernel: fs/cifs/transport.c: For smb_command 114
Jan 26 23:18:58 localhost kernel: fs/cifs/transport.c: Sending smb of leng=
th 47
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: rfc1002 length 0x6f)
Jan 26 23:18:58 localhost kernel: fs/cifs/cifssmb.c: Dialect: 0
Jan 26 23:18:58 localhost kernel: fs/cifs/cifssmb.c: negprot rc 0
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: Security Mode: 0xf Ca=
pabilities: 0x1f3fd TimeAdjust: -7200
Jan 26 23:18:58 localhost kernel: fs/cifs/sess.c: sess setup type 1
Jan 26 23:18:58 localhost kernel: fs/cifs/transport.c: For smb_command 115
Jan 26 23:18:58 localhost kernel: fs/cifs/transport.c: Sending smb: total=
_len 240
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: rfc1002 length 0x27)
Jan 26 23:18:58 localhost kernel: CIFS VFS: Unexpected SMB signature
Jan 26 23:18:58 localhost kernel: fs/cifs/netmisc.c: !!Mapping smb error =
code 2240 to POSIX err -13 !!
Jan 26 23:18:58 localhost kernel: fs/cifs/misc.c: Null buffer passed to ci=
fs_small_buf_release
Jan 26 23:18:58 localhost kernel: fs/cifs/sess.c: ssetup rc from sendrecv2=
is -13
Jan 26 23:18:58 localhost kernel: fs/cifs/sess.c: ssetup freeing small buf=
cd70de40
Jan 26 23:18:58 localhost kernel: CIFS VFS: Send error in SessSetup =3D -1=
3
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: No session or bad tco=
n
Jan 26 23:18:58 localhost kernel: fs/cifs/connect.c: CIFS VFS: leaving cif=
s_mount (xid =3D 2345245) rc =3D -13
Jan 26 23:18:58 localhost kernel: CIFS VFS: cifs_mount failed w/return cod=
e =3D -13
<snip>
My /proc/fs/cifs/ dir display as follows:
<snip>
[root@localhost cifs]# grep ^ *
cifsFYI:1
DebugData:Display Internal CIFS Data Structures for Debugging
DebugData:---------------------------------------------------
DebugData:CIFS Version 1.49
DebugData:Active VFS Requests: 0
DebugData:Servers:
DebugData:Shares:
Experimental:0
LinuxExtensionsEnabled:0
LookupCacheEnabled:1
MultiuserMount:0
OplockEnabled:1
SecurityFlags:0x7
Stats:Resources in use
Stats:CIFS Session: 0
Stats:Share (unique mount targets): 0
Stats:SMB Request/Response Buffer: 0 Pool size: 4
Stats:SMB Small Req/Resp Buffer: 0 Pool size: 30
Stats:Operations (MIDs): 0
Stats:
Stats:124 session 4 share reconnects
Stats:Total vfs operations: 2345245 maximum at one time: 2
Stats:
traceSMB:0
<snip>=0A=0A=0A