Bug 523173

Summary: Setting lower samba security for CIFS does not work anymore
Product: [Fedora] Fedora Reporter: Panos Kavalagios <Panos.Kavalagios>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 11CC: itamar, kernel-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 2.6.30.8-64.fc11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-29 14:34:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Panos Kavalagios 2009-09-14 11:37:43 UTC
Description of problem: You cannot set the plain text password flag for mounting samba shares of an old samba server that does not supports password encryption.


Version-Release number of selected component (if applicable): kernel-2.6.30.5-43.fc11.x86_64


How reproducible: Start a 2.6.30 kernel and issue an echo command to alter the security flags of CIFS. It worked fine till 2.6.29.


Steps to Reproduce:
1. echo '0x30' > /proc/fs/cifs/SecurityFlags
2.
3.
  
Actual results:
echo: write error: Invalid argument
cat /proc/fs/cifs/SecurityFlags
0x7


Expected results: "cat /proc/fs/cifs/SecurityFlags" should have reported the new security flags and you should have been able to mount samba shares supporting only plain text passwords (CIFS_WEAK_PW_HASH).


Additional info: A workaround would be to compile an old samba version that supports smbfs. You may also need smbfs support on your kernel, since fedora default kernel does not support smbfs.

Comment 1 Chuck Ebbert 2009-09-15 05:29:46 UTC
If you are only using plaintext, this should work:

 echo '0x20' > /proc/fs/cifs/SecurityFlags

This problem was caused by:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ac68392460ffefed13020967bae04edc4d3add06

That added ntlmssp support to the flags (0x80) but seems to have inadvertently removed lanman (0x10).

Comment 2 Chuck Ebbert 2009-09-15 05:47:59 UTC
Should be fixed in 2.6.30.7-56.rc1

Comment 3 Panos Kavalagios 2009-09-15 07:08:02 UTC
Hello,

  The flag 0x20 is accepted, but my mount attempt returns:

mount error(95): Operation not supported
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Comment 4 Fedora Update System 2009-09-25 16:02:09 UTC
kernel-2.6.30.8-64.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/kernel-2.6.30.8-64.fc11

Comment 5 Fedora Update System 2009-09-29 14:33:24 UTC
kernel-2.6.30.8-64.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Panos Kavalagios 2009-09-30 08:23:15 UTC
Indeed, I've updated my kernel today and it works fine. I can access again old Solaris samba shares using plain text passwords. Thank you very much!