mount_smbfs, windows 2003 domain shares and NETSMBCRYPTO
Victor Snezhko
snezhko at indorsoft.ru
Mon Jan 9 07:07:19 PST 2006
Hello,
Recently I wanted to mount a windows share to my freebsd(-current)
box. Windows share resides on a machine that is a part of domain,
domain controller is Windows 2003 machine.
I used
# mount_smbfs -W MYDOMAIN //domain_user at SERVER/share mountpoint
and got "Authentication error" (password was right)
Surprisingly, when I tried to google a bit for a reason, I didn't find
any decent solution. Most pages suggest turning off digital signing on
the domain controller, and others contain whining about the fact that
modifying DC's settings is not allowed for security reasons.
Only here:
http://www.opennet.ru/tips/info/585.shtml
I saw recommendation(in Russian) to recompile a kernel with those
kernel options:
options NETSMB #SMB/CIFS requester
options NETSMBCRYPTO #encrypted password support for SMB
options LIBMCHAIN #mbuf management library
options LIBICONV
options SMBFS
I was dumb enough to ignore it, (and it's outdated anyway, as at least
LIBMCHAIN and LIBICONV can be loaded (and are loaded) as a modules by
need).
I went to dig into sources and found that option NETSMBCRYPTO is a
solution. On my -current box it is the only option that needs to be
added to make things work.
Hope this message will be more helpful than bullshit about turning
off signing on DC (it works, but it's just not right).
Couple of questions:
1) Would it be right to include this hint to a mount_smbfs manpage?
I could prepare a patch and send it to the doc@ maillist.
2) Is there a reason for this option not being in GENERIC? It's
absence makes mount_smbfs in conjunction with default kernel more
and more useless (as time passes and more domain controllers jump
to windows 2003).
--
WBR, Victor V. Snezhko
E-mail: snezhko at indorsoft.ru
More information about the freebsd-fs
mailing list