+++ This bug was initially created as a clone of Bug #349291 +++ Escalated to Bugzilla from IssueTracker -- Additional comment from tao on 2007-10-23 14:54 EST -- Description of problem: When trying to mount a share from windows 2003 server with SMB signing using ntlmv2 authentication, the mount fails. How reproducible: Always. Steps to Reproduce: Try to mount a share from Windows 2003 with the below options, authentication should fail. Local Policies/Security Options - Microsoft network client: Digitally sign communications (always): Enabled - Microsoft network server: Digitally sign communications (always): Enabled - Network security: LAN Manager authentication level: Send NTLMv2 response only\\refuse LM & NTLM #mount -t cifs //10.65.7.170/share /mnt -o username=administrator,password=1redsmB,sec=ntlmv2i Actual results: Mount fails. Expected results: Mount should be successful. Additional info: In dmesg: CIFS VFS: Unexpected SMB signature CIFS VFS: Unexpected SMB signature CIFS VFS: Unexpected SMB signature CIFS VFS: cifs_mount failed w/return code = -13 From dmesg after bumping up the cifsFYI to 7 fs/cifs/cifsfs.c: Devname: //10.65.7.170/share flags: 64 fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 148 with uid: 0 fs/cifs/connect.c: Username: administrator fs/cifs/connect.c: UNC: \\\\10.65.7.170\\share ip: 10.65.7.170 fs/cifs/connect.c: Socket created fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x7fffffff fs/cifs/connect.c: Demultiplex PID: 13270 fs/cifs/connect.c: Existing smb sess not found fs/cifs/cifssmb.c: secFlags 0x1005 fs/cifs/transport.c: For smb_command 114 fs/cifs/transport.c: Sending smb of length 56 fs/cifs/connect.c: rfc1002 length 0x6f) fs/cifs/cifssmb.c: Dialect: 0 fs/cifs/cifssmb.c: negprot rc 0 fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x1f3fd Time Zone: 65206 fs/cifs/sess.c: sess setup type 2 fs/cifs/transport.c: For smb_command 115 fs/cifs/transport.c: Sending smb: total_len 284 fs/cifs/connect.c: rfc1002 length 0xc1) CIFS VFS: Unexpected SMB signature fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release fs/cifs/sess.c: ssetup rc from sendrecv2 is 0 fs/cifs/sess.c: UID = 4096 fs/cifs/sess.c: bleft 148 fs/cifs/sess.c: words left: 0 fs/cifs/sess.c: ssetup freeing small buf c7f9b700 fs/cifs/connect.c: CIFS Session Established successfully fs/cifs/connect.c: file mode: 0x7f7 dir mode: 0x1ff fs/cifs/transport.c: For smb_command 117 fs/cifs/transport.c: Sending smb of length 90 fs/cifs/connect.c: rfc1002 length 0x27) CIFS VFS: Unexpected SMB signature Status code returned 0xc0000022 NT_STATUS_ACCESS_DENIED fs/cifs/netmisc.c: !!Mapping smb error code 5 to POSIX err -13 !! fs/cifs/connect.c: CIFS Tcon rc = -13 fs/cifs/cifssmb.c: In SMBLogoff for session disconnect fs/cifs/transport.c: For smb_command 116 fs/cifs/transport.c: Sending smb of length 39 fs/cifs/connect.c: rfc1002 length 0x27) CIFS VFS: Unexpected SMB signature Status code returned 0xc0000022 NT_STATUS_ACCESS_DENIED fs/cifs/netmisc.c: !!Mapping smb error code 5 to POSIX err -13 !! fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 148) rc = -13 CIFS VFS: cifs_mount failed w/return code = -13 Attaching the strace and tcpdump. To work this perfectly we need to backport the upstream patch - http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=b609f06ac4ac77433035366e9aa4dcd7a0f743a0 - to our kernel. The upstream patch is only available in cifs-1.50. Please escalate this to Engineering as Jeff Layton has agreed to backport it for RHEL-4.7 and 5.2. See details at http://post-office.corp.redhat.com/archives/tech-list/2007-October/msg00710.html --Sadique This event sent from IssueTracker by fleitner [SEG - Storage] issue 135777 -- Additional comment from tao on 2007-10-23 14:54 EST -- State the problem 1. Provide time and date of problem. Problem happens when following the above reproducer. 2. Provide clear and concise problem description as it is understood at the time of escalation Already given. 3. State specific action requested of SEG Need to escalate this to Engineering as Engineering has agreed to look into this for 4.7 by backporting the upstream patch. 4. State whether or not a defect in the product is suspected Suspected. * Provide Bugzilla if one already exists Already given. Provide supporting info 1. State other actions already taken in working the problem: * tech-list, google searches, fulltext, consulting with another engineer Already given. * Provide any relevant data found 2. Attach sosreport 3. Attach other supporting data 4. Provide issue repro information: * List steps or... * ...reference the specific ticket update which contains the steps. Attaching sysreport, tcpdump strace. * Provide location and access information for repro machine, if available Windows 2003 server - 10.65.7.170 - Use any client and try to access share "share" using administrator password 1redsmB. 5. List any known hot-fix packages on the system None 6. List any customer applied changes from the last 30 days NA RHEL specific 1. Provide core file (if one is involved) and state: * Location * Access info * Backtrace output from the core file NA 2. Provide the base and kernel info output from ''checksysreport'' Latest version of kernel. This event sent from IssueTracker by fleitner [SEG - Storage] issue 135777 -- Additional comment from tao on 2007-10-23 14:54 EST -- File uploaded: dgrootendorst.tar.bz2 This event sent from IssueTracker by fleitner [SEG - Storage] issue 135777 it_file 106177 -- Additional comment from tao on 2007-10-23 14:54 EST -- File uploaded: strace.out This event sent from IssueTracker by fleitner [SEG - Storage] issue 135777 it_file 106178 -- Additional comment from tao on 2007-10-23 14:54 EST -- File uploaded: tcpdump.out This event sent from IssueTracker by fleitner [SEG - Storage] issue 135777 it_file 106179
Created attachment 279861 [details] patch -- backported patch to fix ntlmv2 packet signatures This patch seems to fix the issue. I'll post details about how to reproduce this as well.
I've proposed an update of CIFS to a newer upstream rev for 5.2, so I'm going to fold this BZ into that one. *** This bug has been marked as a duplicate of 417961 ***