Bug 220440 - mount_smbfs fails to mount samba 4.6.5 share
Summary: mount_smbfs fails to mount samba 4.6.5 share
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 10.3-RELEASE
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-fs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-03 00:36 UTC by Joshua Baillie
Modified: 2019-09-09 22:48 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Baillie 2017-07-03 00:36:28 UTC
mount_smbfs(8) fails to mount a share on Debian samba server 4.6.5 with the error: 

Authentication Error

The same share can be mounted on OS X and Ubuntu hosts.

If I switch the Debian samba server back to 4.3.11 then mount_smbfs(8) works as expected.
Comment 1 Joshua Baillie 2017-07-05 08:01:05 UTC
if you enable NTLMv1 Auth on the debian samba server:

"ntlm auth = yes"

Then the share mounts with mount_smbfs as expected
Comment 2 Sean McBride 2019-09-09 20:15:53 UTC
NTLMv1 is quite insecure, and samba sensibly disables it by default, so enabling it on your server is not advisable:

https://en.wikipedia.org/wiki/NT_LAN_Manager#Weakness_and_Vulnerabilities



If I'm not mistaken, the root of your issue is that FreeBSD's mount_smbfs supports only SMB1 and no newer version of the protocol. At least so says a FreeNAS programmer:
https://www.ixsystems.com/community/threads/mount_smbfs-vs-encoding.70250/#post-524802

I can't find any other ticket here in bugzilla that amounts to "mount_smbfs should support newer than SMB1".  This ticket seems closest.  Perhaps this bug should be re-titled?
Comment 3 Conrad Meyer freebsd_committer 2019-09-09 21:54:24 UTC
(In reply to Sean McBride from comment #2)
You're totally correct that NTLMv1 is insecure, enabling it is a bad idea, and that FreeBSD's kernel smbfs (mount_smbfs) only supports the insecure v1.

However, kernel smbfs isn't going to grow smb2 support on the basis of a PR -- Bugzilla just isn't a "major feature wishlist" tracking system.  So morphing this bug into "please implement v2+" isn't really viable.

One alternative would be to morph this into a Doc bug, where we spell out more explicitly how limited smbfs support is in the mount_smbfs.8 manual page and/or any web documentation of the filesystem.
Comment 4 Sean McBride 2019-09-09 22:07:17 UTC
Conrad, thanks for your fast reply.

I'm new to FreeBSD, so thanks for that info.

I created a bug against the man page a few hours ago:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240459

Maybe this bug should just be closed then?
Comment 5 Conrad Meyer freebsd_committer 2019-09-09 22:48:58 UTC
Sounds good to me.