[prev in list] [next in list] [prev in thread] [next in thread]
List: leaf-user
Subject: Re: [leaf-user] CIFS Mount
From: "Robert K Coffman Jr. -Info From Data Corp." <bcoffman () infofromdata ! com>
Date: 2019-11-25 19:25:03
Message-ID: 52fe99aa-2f21-9929-4f17-d18d8f5fa4b1 () infofromdata ! com
[Download RAW message or body]
This appears to be working (I am able to mount SMB 2.0 shares) in 6.23.
I see this in the change log:
>Support legacy servers which use less secure dialects in CIFS module
Thank you very much for this. It is very useful to me.
- Bob
On 9/24/2019 11:26 AM, Robert K Coffman Jr. -Info From Data Corp. wrote:
> Erich thanks!
>
> According to my research - it is a compile time option in the module
> config. Notes below.
>
> I am not actually using SAMBA on the Leaf box - just the CIFS module.
> I'd modify SAMBA on the target NAS to use a more modern/secure option if
> I could. That would be a better solution.
>
> - Bob
>
> From: https://github.com/torvalds/linux/blob/master/fs/cifs/Kconfig
>
> My guess is the default is now "n".
>
>
> =====
>
> config CIFS_ALLOW_INSECURE_LEGACY
> bool "Support legacy servers which use less secure dialects"
> depends on CIFS
> default y
> help
> Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1),
> have additional security features, including protection against
> man-in-the-middle attacks and stronger crypto hashes, so the use of
> legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
>
> Disabling this option prevents users from using vers=1.0 or
> vers=2.0 on mounts with cifs.ko
>
> If unsure, say Y.
> =====
>
>
> On 9/23/2019 7:28 PM, Erich Titl wrote:
>> Hi Bob
>>
>> Am 23.09.2019 um 15:43 schrieb Robert K Coffman Jr. -Info From Data
>> Corp.:
>>> I'm looking at upgrading from 6.04 to 6.22.
>>>
>>> One issue I've run into is I have been using SMB mounts to Buffalo
>>> Linkstation NAS devices that support SMB 2.0, but no higher. And no
>>> NFS...
>>>
>>> At some point, support for this was dropped, resulting in the following
>>> message when I try to mount those shares:
>>>
>>> CIFS VFS: vers=2.0 mount not permitted when legacy dialects disabled
>>>
>>> Is there any chance we can enable legacy dialects for cifs or is this
>>> just a bad idea?
>>
>> If I understand the configuration correctly this is something you need
>> to enable in your samba configuration and not at compile time.
>>
>> The current version of samba for LEAF is 3.6.25 whereas samba.org is
>> somewhere in the 4.x range. I have not looked for incompatibilities.
>>
>> cheers
>>
>> ET
>>
>>
>>
>>
>> ---
>> Diese E-Mail wurde von AVG auf Viren geprüft.
>> http://www.avg.com
>>
>>
>>
>> ------------------------------------------------------------------------
>> leaf-user mailing list: leaf-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request -- http://leaf-project.org/
>>
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic