samba - Aug 2011 - mount.cifs with "sec=ntlmv2" fails ("mount error(22): Invalid argument")

Hello, everyone,

I'm trying to mount a CIFS share served by Samba using mount.cifs with
NTLMv2
authentication.


According to 'man mount.cifs' the option "sec=ntlmv2" should
be supported, but it
keeps giving me "mount error(22): Invalid argument".

The Samba server enforces the use of NTLMv2. When allowing for NTLMv1 on both
sides
everything works just fine.


The client runs kernel 2.6.37.6-0.7-desktop (fully patched openSUSE-11.4) with
the
CIFS kernel module version 1.68. mount.cifs identifies as "version:
4.6".


Mounting on the client side it looks like this:

--- snip ---
#  mount.cifs //abctest.box/abclaufwerk /mnt/mnt/ --verbose -o
domain=ABCTEST,user=abc,pass=secrect,sec=ntlmv2

mount.cifs kernel mount options:
ip=10.9.0.103,unc=\\abctest.box\abclaufwerk,sec=ntlmv2,ver=1,user=abc,domain=ABCTEST,pass=********
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
--- snap ---

CIFS debugging on the client is enabled:

--- snip ---
#  cat /proc/fs/cifs/cifsFYI
1
--- snap ---

Which yields the following lines in syslog (for the full log see attachment)

--- snip ---
Aug 22 17:47:34 client kernel: [28966.056081]
/usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/connect.c:
Security Mode: 0x3 Capabilities: 0x80f3fd TimeAdjust: -7200
Aug 22 17:47:34 client kernel: [28966.056088]
/usr/src/packages/BUILD/kernel-desktop-2.6.37.6/linux-2.6.37/fs/cifs/sess.c:
sess
setup type 2
--- snap ---

"sess setup type 2" seems to indicate that NTLMv2 is used.


The server is running a fully patched openSUSE 11.3 with kernel
2.6.34.8-0.2-default
and Samba 3.5.4. Both "lanman auth" and "ntlm auth" are
disabled, which should force
the use of NTLMv2 according to 'man smb.conf':

--- snip ---
server # testparm 2> /dev/null | egrep 'ntlm|lan'
        ntlm auth = No
server #
--- snap ---

The server's corresponding log entries are also attached.


Like said above, when I allow for the use of NTLMv1 on both sides (ntlm auth =
Yes on
the server and no sec=ntlmv2 on the client) everything works just fine.

When I enforce NTLMv2 on the server and don't specify "sec=ntlmv2"
with mount.cifs I
get "mount error(13): Permission denied" and syslog on the client
shows that NTLMv1
is tried ("sess setup type 1").


So is there anything wrong with my setup? Should NTLMv2 be working between Samba
and
mount.cifs? If it should, why isn't it in this particular setup?


Any hints will be greatly appreciated.


TIA -- Till
-- 
Dipl.-Inform. Till D?rges                  doerges at pre-sense.de
                                  Tel. +49 - 40 - 244 2407 - 14
                                  Fax  +49 - 40 - 244 2407 - 24
PRESENSE Technologies GmbH            Sachsenstr. 5, D-20097 HH
                                         USt-IdNr.: DE263765024
Gesch?ftsf?hrer/Managing Directors       AG Hamburg, HRB 107844
Till D?rges           J?rgen Sander              Axel Theilmann