Unix & Linux Asked by elbarna on February 11, 2021
My server has for security reason SMB3 protocol only enabled.
server min protocol = SMB3
client max protocol = SMB3
Also client has the same settings.
Smbclient works fine, the problem is: impossible to mount with mount.cifs.
Give me error -95
I have tried with kerberos
mount -t cifs -o vers=3.0,username=myuser,rw,soft,sec=krb5i //myserver/Myshare /mnt
and with the pass
mount -t cifs -o vers=3.0,username=myuser,password=mypass,rw,soft //myserver/Myshare /mnt
but in both case give me the same error -95
CIFS VFS: Dialect not supported by server. Consider specifying vers=1.0 or vers=2.0 on mount for accessing older servers
CIFS VFS: cifs_mount failed w/return code = -95
Solution found at least for kerberos and version 3.1.1
Suppose my user is called "pino" First we must create on AD server(Windows, Samba4, other..) the keytab for the fake user "cifs1".
ssh samba4.ad.server
samba-tool user delete cifs1
samba-tool user create cifs1 --random-password
samba-tool spn add cifs/yourclient.fqdn cifs1
samba-tool domain exportkeytab cifs1.keytab --principal=cifs/yourclient.fqdn
then we edit the file /etc/request.key.conf and we add those two lines
create cifs.spnego * * /usr/sbin/cifs.upcall %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
then we safe copy the keytab from ad server to our client and merge with keytab krb5.keytab on client
(echo rkt cifs1.keytab ; echo wkt /etc/krb5.keytab )|ktutil
the user "pino" is authenticated, but for security reason we redo the kinit
echo passofpino|kinit
Now finally we can mount our share with version=3.1.1, the most important part is "cruid" otherwise will fail
sudo mount.cifs -vvv //client.fqdn/Publicshare -o sec=krb5,user=pino,cruid=pino,vers=3.1.1 /mnt
return
mount.cifs kernel mount options: ip=192.168.0.2,unc=\client.fqdnPublicshare,sec=krb5,vers=3.1.1,cruid=10003,user=pino,pass=********
If I try the normal password instead of krb5 return error, but with kerberos is more safe, so is not a problem. If you want to write in share, the line is
sudo mount.cifs -vvv //client.fqdn/Publicshare -o sec=krb5,user=pino,cruid=pino,vers=3.1.1,forceuid,forcegid,uid=$(id -u pino),gid=$(id -g pino) /mnt
Answered by elbarna on February 11, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP