On 04/19/2016 1:44 PM, Helmut Hullen wrote:> Hallo, Dale, > > Du meintest am 19.04.16: > >>> Found some more info: >>> >>> mount.cifs to mount shares from my DCs (samba 4.2.11) works >>> mount.cifs to mount shares from smbserver (also 4.2.11) does NOT >>> work. > [...] > >>> As for smb.conf options: similar on the DCs and the smbserver, with: >>> >>> server signing = mandatory >>> ntlm auth = yes >>> server min protocol = SMB2 >>> client max protocol = SMB3 >>> >>> Any ideas why mount.cifs doesn't connect to our smbserver? > >> I echo MJ's request, what is now needed to mount a CIFS share? Using >> krb5 was mentioned, but what about standalone servers that don't use >> kerberos? > Again: try (the default) > > max protocol = NT1 > > instead of the above options. > > Viele Gruesse! > HelmutHelmut, I added that parameter to smb.conf, then ran this: mount -t cifs //path/to/share /path/to/mount_point -o sec=ntlmv2,credentials=/path/to/credentials_file and got this: mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) It seems that something more is needed. Thanks, Dale
Hallo, Dale, Du meintest am 19.04.16:>>>> As for smb.conf options: similar on the DCs and the smbserver, >>>> with: >>>> >>>> server signing = mandatory >>>> ntlm auth = yes >>>> server min protocol = SMB2 >>>> client max protocol = SMB3>> Again: try (the default) >> >> max protocol = NT1 >> >> instead of the above options.> I added that parameter to smb.conf, then ran this:You should not add it, this option should _replace_ the above options. Viele Gruesse! Helmut
Hi all, The solution for me turned out to be, adding this: server min protocol = NT1 So I did NOT want to set a max protocol, because the way I understand things, that would force ALL my connections to use that as a maximum: not acceptable for us. However, specifying a min protocol, we allow samba to serve clients with lower security as well. It would be nice to allow these lower security options to *specific* clients only, instead of just global on/off. Anyway: with the above option, mount.cifs works again. MJ
On 04/19/2016 3:49 PM, Helmut Hullen wrote:> Hallo, Dale, > > Du meintest am 19.04.16: > >>>>> As for smb.conf options: similar on the DCs and the smbserver, >>>>> with: >>>>> >>>>> server signing = mandatory >>>>> ntlm auth = yes >>>>> server min protocol = SMB2 >>>>> client max protocol = SMB3 > >>> Again: try (the default) >>> >>> max protocol = NT1 >>> >>> instead of the above options. > > >> I added that parameter to smb.conf, then ran this: > You should not add it, this option should _replace_ the above options. > > Viele Gruesse! > HelmutHi Helmut, Thanks for your help. The additions above were MJ's not mine. I have no such declarations, so they are the defaults ==> server min protocol = LANMAN1 server signing = default ntlm auth = Yes This is on Debian with Samba version 4.3.7. If I am to replace some values, which ones are you suggesting? Thanks, Dale