Summary: | mount_smbfs fails to mount samba 4.6.5 share | ||
---|---|---|---|
Product: | Base System | Reporter: | Joshua Baillie <baillie.joshua> |
Component: | kern | Assignee: | freebsd-fs (Nobody) <fs> |
Status: | Closed Overcome By Events | ||
Severity: | Affects Only Me | CC: | sean |
Priority: | --- | ||
Version: | 10.3-RELEASE | ||
Hardware: | amd64 | ||
OS: | Any |
Description
Joshua Baillie
2017-07-03 00:36:28 UTC
if you enable NTLMv1 Auth on the debian samba server: "ntlm auth = yes" Then the share mounts with mount_smbfs as expected NTLMv1 is quite insecure, and samba sensibly disables it by default, so enabling it on your server is not advisable: https://en.wikipedia.org/wiki/NT_LAN_Manager#Weakness_and_Vulnerabilities If I'm not mistaken, the root of your issue is that FreeBSD's mount_smbfs supports only SMB1 and no newer version of the protocol. At least so says a FreeNAS programmer: https://www.ixsystems.com/community/threads/mount_smbfs-vs-encoding.70250/#post-524802 I can't find any other ticket here in bugzilla that amounts to "mount_smbfs should support newer than SMB1". This ticket seems closest. Perhaps this bug should be re-titled? (In reply to Sean McBride from comment #2) You're totally correct that NTLMv1 is insecure, enabling it is a bad idea, and that FreeBSD's kernel smbfs (mount_smbfs) only supports the insecure v1. However, kernel smbfs isn't going to grow smb2 support on the basis of a PR -- Bugzilla just isn't a "major feature wishlist" tracking system. So morphing this bug into "please implement v2+" isn't really viable. One alternative would be to morph this into a Doc bug, where we spell out more explicitly how limited smbfs support is in the mount_smbfs.8 manual page and/or any web documentation of the filesystem. Conrad, thanks for your fast reply. I'm new to FreeBSD, so thanks for that info. I created a bug against the man page a few hours ago: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240459 Maybe this bug should just be closed then? Sounds good to me. |