Roman Sommer
2005-Nov-30 07:27 UTC
[Samba] windows server 2003 shares (smbmount & signing or cifs & kerberos)
hello everyone, the old problem persists :X I'm currently running Novell Linux Desktop 9 (SP2) featuring a 2.6.5series kernel. Smbclient (3.0.14a-0.4-SUSE) seems to support signing negotiation.. at least the following command works just fine: smbclient -k -L //hostname turning signing off manually (-S off) ends up in the common error message cli_negprot: SMB signing is mandatory and we have disabled it. Now the not so satisfying part... smbmount doesn't seem to support or at least it doesn't use client signing. And I couldn't find any way to tell it to do so. mount -t smbfs //service/share /mountpoint -o krb,debug=4 (not working) So I decided to stick with cifs as it is the successor of smb. mount -t cifs -o username=user@domain mount -t smbfs //service/share /mountpoint (working). ...but I really do need kerberos authentication. So either I need smbmount to do client signing or kerberos authentication for cifs. Any idea? regards, Roman
Andrew Bartlett
2005-Nov-30 21:18 UTC
[Samba] windows server 2003 shares (smbmount & signing or cifs & kerberos)
On Wed, 2005-11-30 at 08:27 +0100, Roman Sommer wrote:> hello everyone, > > the old problem persists :X I'm currently running Novell Linux Desktop > 9 (SP2) featuring a 2.6.5series kernel. Smbclient (3.0.14a-0.4-SUSE) > seems to support signing negotiation.. at least the following command > works just fine: > > smbclient -k -L //hostname > turning signing off manually (-S off) ends up in the common error > message cli_negprot: SMB signing is mandatory and we have disabled it. > > Now the not so satisfying part... smbmount doesn't seem to support or > at least it doesn't use client signing. And I couldn't find any way to > tell it to do so. > mount -t smbfs //service/share /mountpoint -o krb,debug=4 (not working) > > So I decided to stick with cifs as it is the successor of smb. > mount -t cifs -o username=user@domain mount -t smbfs //service/share > /mountpoint (working). > > ...but I really do need kerberos authentication. So either I need > smbmount to do client signing or kerberos authentication for cifs. Any > idea?It's just not possible at this stage. The CIFSVFS maintainer (sfrench) and I have discussed how to add kerberos to the in-kernel cifs connection code (by a userspace callback), but I'm not sure where the implementation is at. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20051201/a3222a82/attachment.bin
Reasonably Related Threads
- smbmount and windows 2003
- How to turn on SMB signing
- Q: mount -t smbfs: "cli_negprot: SMB signing is mandatory and we have disabled it."
- problems mounting Win2003 Server Share - smbclient is working smbmount is not
- samba3 to Win 2003, signing mandatory but disabled?