We use a Drobo FS to do backups with tar and mount it via autofs/automount. This issue cropped up in kernel 4.13 and is similar but different than https://bugzilla.redhat.com/show_bug.cgi?id=1502606 The Drobo FS only supports SMB version 1. We have been using for years the auto.cifs file in https://www.howtoforge.com/accessing_windows_or_samba_shares_using_autofs The solution should simply be to add vers=1.0 here:: mountopts="-fstype=cifs,vers=1.0,file_mode=0644,dir_mode=0755,uid=user,gid=users" Note it appears that fstype has to be the first option. Whenever automount tries to mount the share we get these errors:Nov 7 15:46:05 ourserver automount[11963]: parse_mount: parse(sun): core of entry: options=fstype=cifs,rw,user,suid,credentials=/etc/auto.smb.drobo-down, loc=://drobo-down/drobo-up Nov 7 15:46:05 ourserver automount[11963]: sun_mount: parse(sun): mounting root /drobo-down, mountpoint drobo-up, what //drobo-down/drobo-up, fstype cifs, options rw,user,suid,credentials=/etc/auto.smb.drobo-down Nov 7 15:46:05 ourserver automount[11963]: do_mount: //drobo-down/drobo-up /drobo-down/drobo-up type cifs options rw,user,suid,credentials=/etc/auto.smb.drobo-down using module generic Nov 7 15:46:05 ourserver automount[11963]: mount_mount: mount(generic): calling mkdir_path /drobo-down/drobo-up Nov 7 15:46:05 ourserver automount[11963]: mount_mount: mount(generic): calling mount -t cifs -o rw,user,suid,credentials=/etc/auto.smb.drobo-down //drobo-down/drobo-up /drobo-down/drobo-up Nov 7 15:46:05 ourserver kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. When running: ypcat -k auto.cifs $SMBCLIENT $smbclientopts -gL $key 2>>/var/log/autofs.log | awk -v key="$key" -v opts="$mountopts" -F'|' -- ' [ -x $SMBCLIENT ] || exit 1 credfile="/etc/auto.smb.$key" do done else fi for P in /bin /sbin /usr/bin /usr/sbin if [ -e "$credfile" ] key="$1" mountopts="-fstype=cifs,file_mode=0600,dir_mode=0700,uid=root,gid=root" smbclientopts="" then Clearly the 'vers=1.0' option is not being passed to automont/autofs. Could it be hard coded in the kernel? Should this be assigned to NIS maintainers?
cifs-utils-6.7-5.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b4a6234451
Note that this update does not change the behavior you're seeing. It is only a documentation update. I suppose you'd need to talk to the maintainer of your auto.cifs file if you needed that added to its options. Do note that any server that supports only 1.0 likely has serious security issues. I don't think we'll be making that the default anywhere. SMBv1.0 needs to be explicitly opt-in in this day and age.
(In reply to Jeff Layton from comment #2) > Note that this update does not change the behavior you're seeing. It is only > a documentation update. I suppose you'd need to talk to the maintainer of > your auto.cifs file if you needed that added to its options. > > Do note that any server that supports only 1.0 likely has serious security > issues. I don't think we'll be making that the default anywhere. SMBv1.0 > needs to be explicitly opt-in in this day and age. I am the maintainer and I modified the file as mentioned. That's why I reported the bug. The results of ypcat -k shows that the change in the auto.cifs file is NOT being incorporated. It has to be coming from some where else. I tried editing the auto.cifs on the NIS server, same results.
And perhaps this will shame the Drobo company to release a firmware update. Their support said they would only do so on a paid basis.
It's not clear to me what problem you're having. mount.cifs mostly just passes whatever options it's given to the kernel. If you're not getting the options you expect, then you probably need to look at the higher layers in the stack (i.e. autofs or whatever is calling mount) Maybe you're not using the autofs map that you think you are?
(In reply to Jeff Layton from comment #5) > It's not clear to me what problem you're having. > > mount.cifs mostly just passes whatever options it's given to the kernel. If > you're not getting the options you expect, then you probably need to look at > the higher layers in the stack (i.e. autofs or whatever is calling mount) To the best of my knowledge, autofs is calling mount via the local auto.cifs file. > Maybe you're not using the autofs map that you think you are? We do use NIS for authentication. The results from the above ypcat -k command however seem to imply that the vers=1.0 is not being passed to autofs. How can I trace that down? Note with kernels lower than 4.13, we don't experience this issue. I put some logs in the bodhi page.
You don't experience that issue in earlier kernels because the default is 1.0 in earlier kernels and your configuration isn't specifying a version. As to how to track that down, I'd suggest looking closely at your autofs configuration and ensure that you understand what map it's using to mount your cifs shares and where it's getting its options.
(In reply to Jeff Layton from comment #7) > You don't experience that issue in earlier kernels because the default is > 1.0 in earlier kernels and your configuration isn't specifying a version. > > As to how to track that down, I'd suggest looking closely at your autofs > configuration and ensure that you understand what map it's using to mount > your cifs shares and where it's getting its options. The debug logs are below. The entries with "lookup(yp)" and "parse_mount: parse(sun)" befuddle me. I can't figure out where those are coming from. I checked the main NIS server auto.cifs and auto.smb files and the mount commands have the vers=1.0 option. Nov 8 10:44:16 curie automount[26741]: handle_packet_missing_indirect: token 96, name drobo-lc, request pid 27132 Nov 8 10:44:16 curie automount[26741]: attempting to mount entry /drobo-rh/drobo-lc Nov 8 10:44:16 curie automount[26741]: lookup_mount: lookup(yp): looking up drobo-lc Nov 8 10:44:16 curie automount[26741]: lookup_mount: lookup(yp): drobo-lc -> -fstype=cifs,rw,user,suid,credentials=/etc/auto.smb.drobo-rh ://drobo-rh/drobo-lc Nov 8 10:44:16 curie automount[26741]: parse_mount: parse(sun): expanded entry: -fstype=cifs,rw,user,suid,credentials=/etc/auto.smb.drobo-rh ://drobo-rh/drobo-lc Nov 8 10:44:16 curie automount[26741]: parse_mount: parse(sun): gathered options: fstype=cifs,rw,user,suid,credentials=/etc/auto.smb.drobo-rh Nov 8 10:44:16 curie automount[26741]: parse_mount: parse(sun): dequote("://drobo-rh/drobo-lc") -> ://drobo-rh/drobo-lc Nov 8 10:44:16 curie automount[26741]: parse_mount: parse(sun): core of entry: options=fstype=cifs,rw,user,suid,credentials=/etc/auto.smb.drobo-rh, loc=://drobo-rh/drobo-lc Nov 8 10:44:16 curie automount[26741]: sun_mount: parse(sun): mounting root /drobo-rh, mountpoint drobo-lc, what //drobo-rh/drobo-lc, fstype cifs, options rw,user,suid,credentials=/etc/auto.smb.drobo-rh Nov 8 10:44:16 curie automount[26741]: do_mount: //drobo-rh/drobo-lc /drobo-rh/drobo-lc type cifs options rw,user,suid,credentials=/etc/auto.smb.drobo-rh using module generic Nov 8 10:44:16 curie automount[26741]: mount_mount: mount(generic): calling mkdir_path /drobo-rh/drobo-lc Nov 8 10:44:16 curie automount[26741]: mount_mount: mount(generic): calling mount -t cifs -o rw,user,suid,credentials=/etc/auto.smb.drobo-rh //drobo-rh/drobo-lc /drobo-rh/drobo-lc Nov 8 10:44:16 curie kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount. Nov 8 10:44:16 curie kernel: CIFS VFS: cifs_mount failed w/return code = -112
Found the source! Indeed on the NIS server we have a couple files for both Drobo units for each campus: cat /etc/auto.drobo-uptown drobo-downtown -fstype=cifs,vers=1.0,rw,user,suid,credentials=/etc/auto.smb.drobo-uptown ://drobo-uptown/drobo-downtown But the other thing that escaped me was I had to run make -C /var/yp after making a change, for the other workstations/servers in the NIS domain to see the change!
cifs-utils-6.7-5.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b4a6234451
cifs-utils-6.7-5.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.