Bug 1462746

Summary: Mount "Windows10 Creators Update"-Shares on RHEL6 (SAMBA-AD 4.5 Env with "ntlm auth= no")
Product: Red Hat Enterprise Linux 6 Reporter: Tim <tk>
Component: cifs-utilsAssignee: Ronnie Sahlberg <lsahlber>
Status: CLOSED WONTFIX QA Contact: Filesystem QE <fs-qe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.9CC: xifeng, xzhou
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-06 11:43:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tim 2017-06-19 12:54:47 UTC 
Description of problem:
We mount via autofs W10-Shares on our RHEL6 Server.
Since W10-Creators-Update (W10-C-U) and SAMBA 4.5 (NTLMv1 authentication disabled by default) we can't mount shares from clients with W10-C-U.
The option 'sec="ntlmssp"' in mount.cifs won't help.

FYI:
We noticed this problem since we update our SAMBA-AD-Env from 4.4.X to 4.5.10
-> "4.5 NTLMv1 authentication disabled by default"

If we undo the changes from samba 4.5 with "ntlm auth = yes" in smb.conf. We can mount CIFS-Shares on Clients with and without W10-C-U (Of cource sec options is default sec=ntlm in this cifs-kernel-module-version).
But if we set "ntlm auth = no" we can only mount shares from W10-Clients without the W10-C-U and with mount.cifs option 'sec="ntlmssp"'.

Version-Release number of selected component (if applicable):
kernel-firmware-2.6.32-696.3.1.el6.noarch
cifs-utils-4.8.1-20.el6.x86_64

How reproducible:

Steps to Reproduce:
W10-Client with W10-C-U
# mount.cifs -o user=cifs_user,domain=ds,password=PASSWORD,sec=ntlmssp //testclientw10cu/share /mnt/test/ -v
mount.cifs kernel mount options: ip=192.168.1.95,unc=\\testclientw10cu\share,sec=ntlmssp,user=cifs_user,,domain=ds,pass=********
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)


W10-Client without W10-C-U
 mount.cifs -o user=cifs_user,domain=ds,password=PASSWORD,sec=ntlmssp //testclientnow10cu/share /mnt/test/ -v
mount.cifs kernel mount options: ip=192.168.1.102,unc=\\testclientnow10cu\share,sec=ntlmssp,user=cifs_user,,domain=ds,pass=********
-> Share is mounted
Comment 2 Tim 2017-06-19 15:14:09 UTC 
With RHEL7 no Problems ;-)
Comment 3 Jan Kurik 2017-12-06 11:43:17 UTC 
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/