Bug 523173 - Setting lower samba security for CIFS does not work anymore
Summary: Setting lower samba security for CIFS does not work anymore
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 11
Hardware: x86_64
OS: Linux
low
high
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-14 11:37 UTC by Panos Kavalagios
Modified: 2009-09-30 08:23 UTC (History)
2 users (show)

Fixed In Version: 2.6.30.8-64.fc11
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-29 14:34:12 UTC


Attachments (Terms of Use)

Description Panos Kavalagios 2009-09-14 11:37:43 UTC
Description of problem: You cannot set the plain text password flag for mounting samba shares of an old samba server that does not supports password encryption.


Version-Release number of selected component (if applicable): kernel-2.6.30.5-43.fc11.x86_64


How reproducible: Start a 2.6.30 kernel and issue an echo command to alter the security flags of CIFS. It worked fine till 2.6.29.


Steps to Reproduce:
1. echo '0x30' > /proc/fs/cifs/SecurityFlags
2.
3.
  
Actual results:
echo: write error: Invalid argument
cat /proc/fs/cifs/SecurityFlags
0x7


Expected results: "cat /proc/fs/cifs/SecurityFlags" should have reported the new security flags and you should have been able to mount samba shares supporting only plain text passwords (CIFS_WEAK_PW_HASH).


Additional info: A workaround would be to compile an old samba version that supports smbfs. You may also need smbfs support on your kernel, since fedora default kernel does not support smbfs.

Comment 1 Chuck Ebbert 2009-09-15 05:29:46 UTC
If you are only using plaintext, this should work:

 echo '0x20' > /proc/fs/cifs/SecurityFlags

This problem was caused by:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ac68392460ffefed13020967bae04edc4d3add06

That added ntlmssp support to the flags (0x80) but seems to have inadvertently removed lanman (0x10).

Comment 2 Chuck Ebbert 2009-09-15 05:47:59 UTC
Should be fixed in 2.6.30.7-56.rc1

Comment 3 Panos Kavalagios 2009-09-15 07:08:02 UTC
Hello,

  The flag 0x20 is accepted, but my mount attempt returns:

mount error(95): Operation not supported
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

Comment 4 Fedora Update System 2009-09-25 16:02:09 UTC
kernel-2.6.30.8-64.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/kernel-2.6.30.8-64.fc11

Comment 5 Fedora Update System 2009-09-29 14:33:24 UTC
kernel-2.6.30.8-64.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Panos Kavalagios 2009-09-30 08:23:15 UTC
Indeed, I've updated my kernel today and it works fine. I can access again old Solaris samba shares using plain text passwords. Thank you very much!


Note You need to log in before you can comment on or make changes to this bug.