Hi all, My server machine is running samba version 4.4.4 on Linux with 'smb encryption = mandatory' option. My client is a Ubuntu 16.10 Linux machine. I am looking for a way to mount the encrypted samba share on the Linux client machine. I noticed that mount.cifs does not support encryption but smbclient does with an -e flag, however it seems to only be usable in a ftp-like interface. Is there any way to mount this share with smbclient or any other software that supports encrypted samba shares? Kind regards, Draxter.
On Sat, Apr 01, 2017 at 12:20:23AM +0100, Draxter via samba wrote:> Hi all, > > My server machine is running samba version 4.4.4 on Linux with 'smb > encryption = mandatory' option. > > My client is a Ubuntu 16.10 Linux machine. > > I am looking for a way to mount the encrypted samba share on the Linux > client machine. I noticed that mount.cifs does not support encryption > but smbclient does with an -e flag, however it seems to only be usable > in a ftp-like interface. Is there any way to mount this share with > smbclient or any other software that supports encrypted samba shares?Sending to Steve, who can explain why he *still* hasn't implemented this in cifsfs, depite it being designed to his spec. and included in the server since Samba 3.2.0.... Bitter, Moi ? :-). Over to you Steve !
On Fri, Mar 31, 2017 at 06:49:37PM -0500, Steve French wrote:> Kernel cifs supports encryption!! (Thank you Pavel for good work, redoing > the transport layer for this!). > > See e.g. this series which was merged a couple months ago into mainline > Linux kernel: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/cifs?id=ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 > > > mount -t cifs //localhost/test /mnt -o vers=3.0,seal .... > > See attached screenshot of it in action to Samba (just did a quick mount > and displayed wireshark trace of the data so you could see)Oh, it's a fair cop guv'nor :-). Didn't know it'd finally been merged. I should pay more attention to the cifsfs list I guess :-). Still, it has been a *long* while :-).
Would be good to continue to encourage backports by the distros of recent kernel cifs, not just for encryption support, but also for SMB3 DFS support and various other features, and some very exciting patches are in progress for the upcoming kernels. On Fri, Mar 31, 2017 at 6:49 PM, Steve French <smfrench at gmail.com> wrote:> Kernel cifs supports encryption!! (Thank you Pavel for good work, redoing > the transport layer for this!). > > See e.g. this series which was merged a couple months ago into mainline > Linux kernel: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/ > linux.git/commit/fs/cifs?id=ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 > > > mount -t cifs //localhost/test /mnt -o vers=3.0,seal .... > > See attached screenshot of it in action to Samba (just did a quick mount > and displayed wireshark trace of the data so you could see) > > > > On Fri, Mar 31, 2017 at 6:39 PM, Jeremy Allison <jra at samba.org> wrote: > >> On Sat, Apr 01, 2017 at 12:20:23AM +0100, Draxter via samba wrote: >> > Hi all, >> > >> > My server machine is running samba version 4.4.4 on Linux with 'smb >> > encryption = mandatory' option. >> > >> > My client is a Ubuntu 16.10 Linux machine. >> > >> > I am looking for a way to mount the encrypted samba share on the Linux >> > client machine. I noticed that mount.cifs does not support encryption >> > but smbclient does with an -e flag, however it seems to only be usable >> > in a ftp-like interface. Is there any way to mount this share with >> > smbclient or any other software that supports encrypted samba shares? >> >> Sending to Steve, who can explain why he *still* >> hasn't implemented this in cifsfs, depite it being >> designed to his spec. and included in the server since >> Samba 3.2.0.... >> >> Bitter, Moi ? :-). >> >> Over to you Steve ! >> > > > > -- > Thanks, > > Steve >-- Thanks, Steve
Thanks Steve. That's great news. Pretty recent commit. Which kernel version (onward) is it in? Regards, Draxter. On 01/04/17 00:49, Steve French wrote:> Kernel cifs supports encryption!! (Thank you Pavel for good work, > redoing the transport layer for this!). > > See e.g. this series which was merged a couple months ago into > mainline Linux kernel: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/cifs?id=ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 > > > mount -t cifs //localhost/test /mnt -o vers=3.0,seal .... > > See attached screenshot of it in action to Samba (just did a quick > mount and displayed wireshark trace of the data so you could see) > > > > On Fri, Mar 31, 2017 at 6:39 PM, Jeremy Allison <jra at samba.org > <mailto:jra at samba.org>> wrote: > > On Sat, Apr 01, 2017 at 12:20:23AM +0100, Draxter via samba wrote: > > Hi all, > > > > My server machine is running samba version 4.4.4 on Linux with 'smb > > encryption = mandatory' option. > > > > My client is a Ubuntu 16.10 Linux machine. > > > > I am looking for a way to mount the encrypted samba share on the > Linux > > client machine. I noticed that mount.cifs does not support > encryption > > but smbclient does with an -e flag, however it seems to only be > usable > > in a ftp-like interface. Is there any way to mount this share with > > smbclient or any other software that supports encrypted samba > shares? > > Sending to Steve, who can explain why he *still* > hasn't implemented this in cifsfs, depite it being > designed to his spec. and included in the server since > Samba 3.2.0.... > > Bitter, Moi ? :-). > > Over to you Steve ! > > > > > -- > Thanks, > > Steve
4.11 - But am hoping it will be broadly backported On Fri, Mar 31, 2017 at 7:52 PM, Draxter <admin at draxter.me> wrote:> Thanks Steve. > > > That's great news. Pretty recent commit. Which kernel version (onward) is > it in? > > > Regards, > > Draxter. > > > On 01/04/17 00:49, Steve French wrote: > > Kernel cifs supports encryption!! (Thank you Pavel for good work, redoing > the transport layer for this!). > > See e.g. this series which was merged a couple months ago into mainline > Linux kernel: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/ > linux.git/commit/fs/cifs?id=ae6f8dd4d0c87bfb72da9d9b56342adf53e69c31 > > > mount -t cifs //localhost/test /mnt -o vers=3.0,seal .... > > See attached screenshot of it in action to Samba (just did a quick mount > and displayed wireshark trace of the data so you could see) > > > > On Fri, Mar 31, 2017 at 6:39 PM, Jeremy Allison <jra at samba.org> wrote: > >> On Sat, Apr 01, 2017 at 12:20:23AM +0100, Draxter via samba wrote: >> > Hi all, >> > >> > My server machine is running samba version 4.4.4 on Linux with 'smb >> > encryption = mandatory' option. >> > >> > My client is a Ubuntu 16.10 Linux machine. >> > >> > I am looking for a way to mount the encrypted samba share on the Linux >> > client machine. I noticed that mount.cifs does not support encryption >> > but smbclient does with an -e flag, however it seems to only be usable >> > in a ftp-like interface. Is there any way to mount this share with >> > smbclient or any other software that supports encrypted samba shares? >> >> Sending to Steve, who can explain why he *still* >> hasn't implemented this in cifsfs, depite it being >> designed to his spec. and included in the server since >> Samba 3.2.0.... >> >> Bitter, Moi ? :-). >> >> Over to you Steve ! >> > > > > -- > Thanks, > > Steve > > >-- Thanks, Steve
As others have said, encryption support was merged upstream few monthes
ago ('seal' mount option).
Steve French via samba <samba at lists.samba.org>
writes:> Would be good to continue to encourage backports by the distros of recent
> kernel cifs, not just for encryption support, but also for SMB3 DFS support
> and various other features, and some very exciting patches are in progress
> for the upcoming kernels.
Can't talk about RHEL but cifs.ko comes with encryption support in
SLE12SP3 (</end_of_ad> :).
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)