Date: Mon, 09 Jan 2006 21:06:57 +0600 From: Victor Snezhko <snezhko@indorsoft.ru> To: freebsd-fs@freebsd.org Subject: mount_smbfs, windows 2003 domain shares and NETSMBCRYPTO Message-ID: <ufynxqw32.fsf@indorsoft.ru>
next in thread | raw e-mail | index | archive | help
Hello, Recently I wanted to mount a windows share to my freebsd(-current) box. Windows share resides on a machine that is a part of domain, domain controller is Windows 2003 machine. I used # mount_smbfs -W MYDOMAIN //domain_user@SERVER/share mountpoint and got "Authentication error" (password was right) Surprisingly, when I tried to google a bit for a reason, I didn't find any decent solution. Most pages suggest turning off digital signing on the domain controller, and others contain whining about the fact that modifying DC's settings is not allowed for security reasons. Only here: http://www.opennet.ru/tips/info/585.shtml I saw recommendation(in Russian) to recompile a kernel with those kernel options: options NETSMB #SMB/CIFS requester options NETSMBCRYPTO #encrypted password support for SMB options LIBMCHAIN #mbuf management library options LIBICONV options SMBFS I was dumb enough to ignore it, (and it's outdated anyway, as at least LIBMCHAIN and LIBICONV can be loaded (and are loaded) as a modules by need). I went to dig into sources and found that option NETSMBCRYPTO is a solution. On my -current box it is the only option that needs to be added to make things work. Hope this message will be more helpful than bullshit about turning off signing on DC (it works, but it's just not right). Couple of questions: 1) Would it be right to include this hint to a mount_smbfs manpage? I could prepare a patch and send it to the doc@ maillist. 2) Is there a reason for this option not being in GENERIC? It's absence makes mount_smbfs in conjunction with default kernel more and more useless (as time passes and more domain controllers jump to windows 2003). -- WBR, Victor V. Snezhko E-mail: snezhko@indorsoft.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ufynxqw32.fsf>