Bug 220440

if you enable NTLMv1 Auth on the debian samba server:

"ntlm auth = yes"

Then the share mounts with mount_smbfs as expected

NTLMv1 is quite insecure, and samba sensibly disables it by default, so enabling it on your server is not advisable:

https://en.wikipedia.org/wiki/NT_LAN_Manager#Weakness_and_Vulnerabilities



If I'm not mistaken, the root of your issue is that FreeBSD's mount_smbfs supports only SMB1 and no newer version of the protocol. At least so says a FreeNAS programmer:
https://www.ixsystems.com/community/threads/mount_smbfs-vs-encoding.70250/#post-524802

I can't find any other ticket here in bugzilla that amounts to "mount_smbfs should support newer than SMB1".  This ticket seems closest.  Perhaps this bug should be re-titled?

Comment 3 Conrad Meyer 2019-09-09 21:54:24 UTC

(In reply to Sean McBride from comment #2)
You're totally correct that NTLMv1 is insecure, enabling it is a bad idea, and that FreeBSD's kernel smbfs (mount_smbfs) only supports the insecure v1.

However, kernel smbfs isn't going to grow smb2 support on the basis of a PR -- Bugzilla just isn't a "major feature wishlist" tracking system.  So morphing this bug into "please implement v2+" isn't really viable.

One alternative would be to morph this into a Doc bug, where we spell out more explicitly how limited smbfs support is in the mount_smbfs.8 manual page and/or any web documentation of the filesystem.

Conrad, thanks for your fast reply.

I'm new to FreeBSD, so thanks for that info.

I created a bug against the man page a few hours ago:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240459

Maybe this bug should just be closed then?

Comment 5 Conrad Meyer 2019-09-09 22:48:58 UTC

Sounds good to me.