Bug 729437

Summary: cifs: fix NTLMSSP based signing to samba
Product: Red Hat Enterprise Linux 6 Reporter: Jeff Layton <jlayton>
Component: kernelAssignee: Jeff Layton <jlayton>
Status: CLOSED ERRATA QA Contact: Jian Li <jiali>
Severity: low Docs Contact:
Priority: low    
Version: 6.2CC: jiali, nmurray, rwheeler, sprabhu, steved
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-2.6.32-188.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 14:03:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jeff Layton 2011-08-09 18:36:13 UTC 
The 6.2 release has a stack of patches to add support for NTLMSSP authentication to cifs. There is one broken case however -- when NTLMSSP auth is used against samba and SMB signing is enabled, the client currently sends the wrong set of flags in some of the messages. Shirish P fixed this upstream recently, and fixing it for 6.2 would make testing easier:

commit a817f5fd6217851742546d6d1ee7d75512be30d0
Author: Shirish Pargaonkar <shirishpargaonkar>
Date:   Tue Aug 9 14:31:55 2011 -0400

    cifs: Fix signing failure when server mandates signing for NTLMSSP
Comment 1 RHEL Program Management 2011-08-09 18:40:03 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.
Comment 3 Kyle McMartin 2011-08-15 12:50:30 UTC 
Patch(es) available on kernel-2.6.32-188.el6
Comment 7 Jian Li 2011-09-22 17:01:52 UTC 
Test patch "39926", using mount option "sec=ntlmi", test steps are listed below.

[root@ibm-x3650-01 ~]# tshark -w output.pcap -i lo tcp port 445 &
[1] 30732
[root@ibm-x3650-01 ~]# mount.cifs //localhost/test /mnt/test -o sec=ntlmi,user=root,password=redhat
##stop tshark
[root@ibm-x3650-01 ~]# grep BSRSPYL output.pcap 
Binary file output.pcap matches
Comment 8 Jian Li 2011-09-26 04:29:11 UTC 
Test mounting with sec=ntlmsspi, cifs server uses samba with mandatory signing.
Comment 9 errata-xmlrpc 2011-12-06 14:03:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1530.html