'Re: [leaf-user] CIFS Mount'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       leaf-user
Subject:    Re: [leaf-user] CIFS Mount
From:       "Robert K Coffman Jr. -Info From Data Corp." <bcoffman () infofromdata ! com>
Date:       2019-11-25 19:25:03
Message-ID: 52fe99aa-2f21-9929-4f17-d18d8f5fa4b1 () infofromdata ! com
[Download RAW message or body]

This appears to be working (I am able to mount SMB 2.0 shares) in 6.23.

I see this in the change log:

 >Support legacy servers which use less secure dialects in CIFS module

Thank you very much for this.  It is very useful to me.

- Bob

On 9/24/2019 11:26 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
> Erich thanks!
> 
> According to my research - it is a compile time option in the module 
> config.  Notes below.
> 
> I am not actually using SAMBA on the Leaf box - just the CIFS module. 
> I'd modify SAMBA on the target NAS to use a more modern/secure option if 
> I could.  That would be a better solution.
> 
> - Bob
> 
> From:  https://github.com/torvalds/linux/blob/master/fs/cifs/Kconfig
> 
> My guess is the default is now "n".
> 
> 
> =====
> 
> config CIFS_ALLOW_INSECURE_LEGACY
>      bool "Support legacy servers which use less secure dialects"
>      depends on CIFS
>      default y
>      help
>        Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), 
> have additional security features, including protection against 
> man-in-the-middle attacks and stronger crypto hashes, so the use of 
> legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
> 
>        Disabling this option prevents users from using vers=1.0 or 
> vers=2.0 on mounts with cifs.ko
> 
>        If unsure, say Y.
> =====
> 
> 
> On 9/23/2019 7:28 PM, Erich Titl wrote:
>> Hi Bob
>>
>> Am 23.09.2019 um 15:43 schrieb Robert K Coffman Jr. -Info From Data 
>> Corp.:
>>> I'm looking at upgrading from 6.04 to 6.22.
>>>
>>> One issue I've run into is I have been using SMB mounts to Buffalo
>>> Linkstation NAS devices that support SMB 2.0, but no higher.  And no 
>>> NFS...
>>>
>>> At some point, support for this was dropped, resulting in the following
>>> message when I try to mount those shares:
>>>
>>> CIFS VFS: vers=2.0 mount not permitted when legacy dialects disabled
>>>
>>> Is there any chance we can enable legacy dialects for cifs or is this
>>> just a bad idea?
>>
>> If I understand the configuration correctly this is something you need
>> to enable in your samba configuration and not at compile time.
>>
>> The current version of samba for LEAF is 3.6.25 whereas samba.org is
>> somewhere in the 4.x range. I have not looked for incompatibilities.
>>
>> cheers
>>
>> ET
>>
>>
>>
>>
>> ---
>> Diese E-Mail wurde von AVG auf Viren geprüft.
>> http://www.avg.com
>>
>>
>>
>> ------------------------------------------------------------------------
>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>



------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic