Ubuntu
linux package

mount.cifs stopped working with protocol version>1 and sec=ntlm

Bug #1746482 reported by Dariusz Gadomski
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Expired
Medium
Unassigned

Bug Description

On a Xenial installation after upgrading to the HWE 4.13.0-32-generic kernel it is not possible to use mount.cifs with -o vers=x.y different than 1.0.

Steps to reproduce:
1. Setup a local Samba share with ntlm auth = yes.
2. Run:
mount.cifs -o user=<myuser>,sec=ntlm,vers=2.0 //localhost/theshare/ /mnt/theshare
3. This may be repeated for the following versions: 2.0, 2.1, 3.0.

Expected result:
The share gets mounted at /mnt/theshare.

Actual result:
The share is not mounted, this gets printed in the console:
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

and in dmesg:
[ 61.935687] CIFS VFS: Unable to select appropriate authentication method!
[ 61.935689] CIFS VFS: Send error in SessSetup = -22
[ 61.935744] CIFS VFS: cifs_mount failed w/return code = -22

See original description
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1746482

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: artful
Revision history for this message
Dariusz Gadomski (dgadomski) wrote : Re: mount.cifs stopped working with protocol version != 1.0

As discussed with cascardo I tested the mainline builds from [1].

After some tests the results were:
v4.12.14 - good
v4.13 - bad

So the regression seems to be introduced in v4.13.

[1] http://kernel.ubuntu.com/~kernel-ppa/mainline/

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

dmesg output after reproducing the issue with
echo 7 > /proc/fs/cifs/cifsFYI

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Can you see if this bug has been fixed in the latest mainline kernel:
http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.15/

If the bug still exists in 4.15, we can bisect between 4.12 and 4.13.

tags: added: kernel-da-key needs-bisect
Changed in linux (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Surprisingly it works perfectly fine for 4.15.0-041500-generic.

I have tested vers= parameter from 1.0 to 3.0 - no issues at all.

I went forward and tested v4.14 - it is not affected by the issue as well.

Dariusz Gadomski (dgadomski)
description: updated
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Looks like I've been mislead by the man page of mount.cifs and linux/fs/cifs/connect.c which state:

man mount.cifs:
vers=
           SMB protocol version. Allowed values are:

           · 1.0 - The classic CIFS/SMBv1 protocol. This is the default.

4.13 kernel code:
pr_warn("No dialect specified on mount. Default has changed to "
                        "a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS "
                        "(SMB1). To use the less secure SMB1 dialect to access "
                        "old servers which do not support SMB3 (or SMB2.1) specify vers=1.0"
                        " on mount.\n");

So looks like I need to explicitly apply the version number to mount.cifs argument to have consistent results.

More over sec=ntlm is needed in smb.conf and mount.cifs cmdline.

Updating the description.

description: updated
description: updated
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Added updated dmesg (with verbose error message).

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Conclusion after correcting the parameters in my test procedure:
v4.10 - good
v4.11 - bad
v4.15 - bad

I'm performing a bisect between v4.10 and v4.11.

Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

Bisecting between v4.10 and v4.11 resulted in finding that this was caused by the following commit:
[ef65aaede23f75977af56a8c330bb9be8c6e125c] smb2: Enforce sec= mount option

Reverting it on top of v4.11 makes it go away.

Looking more into it.

Dariusz Gadomski (dgadomski)
summary: - mount.cifs stopped working with protocol version != 1.0
+ mount.cifs stopped working with protocol version>1 and sec=ntlm
Revision history for this message
Dariusz Gadomski (dgadomski) wrote :

After the preliminary analysis my understanding is as follows:
since the change found thanks to the bisection the behaviour change in a way that if an unsupported security mode is requested it results in an error (invalid argument in this case).

Looks like NTLM was not supported even before the change in question, it was just unnoticed since it was silently mapped to NTLMSSP.

So no actual regression in functionality is observed, but rather regression in UI being less restrictive before the kernel change.

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.