| Summary: | cifs: fix NTLMSSP based signing to samba | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jeff Layton <jlayton> |
| Component: | kernel | Assignee: | Jeff Layton <jlayton> |
| Status: | CLOSED ERRATA | QA Contact: | Jian Li <jiali> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.2 | CC: | jiali, nmurray, rwheeler, sprabhu, steved |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | kernel-2.6.32-188.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 14:03:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Patch(es) available on kernel-2.6.32-188.el6 Test patch "39926", using mount option "sec=ntlmi", test steps are listed below. [root@ibm-x3650-01 ~]# tshark -w output.pcap -i lo tcp port 445 & [1] 30732 [root@ibm-x3650-01 ~]# mount.cifs //localhost/test /mnt/test -o sec=ntlmi,user=root,password=redhat ##stop tshark [root@ibm-x3650-01 ~]# grep BSRSPYL output.pcap Binary file output.pcap matches Test mounting with sec=ntlmsspi, cifs server uses samba with mandatory signing. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1530.html |
The 6.2 release has a stack of patches to add support for NTLMSSP authentication to cifs. There is one broken case however -- when NTLMSSP auth is used against samba and SMB signing is enabled, the client currently sends the wrong set of flags in some of the messages. Shirish P fixed this upstream recently, and fixing it for 6.2 would make testing easier: commit a817f5fd6217851742546d6d1ee7d75512be30d0 Author: Shirish Pargaonkar <shirishpargaonkar> Date: Tue Aug 9 14:31:55 2011 -0400 cifs: Fix signing failure when server mandates signing for NTLMSSP