Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 09 Jan 2006 21:06:57 +0600
From:      Victor Snezhko <snezhko@indorsoft.ru>
To:        freebsd-fs@freebsd.org
Subject:   mount_smbfs, windows 2003 domain shares and NETSMBCRYPTO
Message-ID:  <ufynxqw32.fsf@indorsoft.ru>
next in thread | raw e-mail | index | archive | help 
Hello,

Recently I wanted to mount a windows share to my freebsd(-current)
box. Windows share resides on a machine that is a part of domain,
domain controller is Windows 2003 machine.

I used

  # mount_smbfs -W MYDOMAIN //domain_user@SERVER/share mountpoint

and got "Authentication error" (password was right)

Surprisingly, when I tried to google a bit for a reason, I didn't find
any decent solution. Most pages suggest turning off digital signing on
the domain controller, and others contain whining about the fact that
modifying DC's settings is not allowed for security reasons.

Only here:
http://www.opennet.ru/tips/info/585.shtml
I saw recommendation(in Russian) to recompile a kernel with those
kernel options: 

  options NETSMB        #SMB/CIFS requester
  options NETSMBCRYPTO  #encrypted password support for SMB
  options LIBMCHAIN     #mbuf management library
  options LIBICONV
  options SMBFS

I was dumb enough to ignore it, (and it's outdated anyway, as at least
LIBMCHAIN and LIBICONV can be loaded (and are loaded) as a modules by
need).

I went to dig into sources and found that option NETSMBCRYPTO is a
solution. On my -current box it is the only option that needs to be
added to make things work.

Hope this message will be more helpful than bullshit about turning
off signing on DC (it works, but it's just not right). 

Couple of questions:

1) Would it be right to include this hint to a mount_smbfs manpage?
   I could prepare a patch and send it to the doc@ maillist.

2) Is there a reason for this option not being in GENERIC? It's
   absence makes mount_smbfs in conjunction with default kernel more
   and more useless (as time passes and more domain controllers jump
   to windows 2003).

-- 
WBR, Victor V. Snezhko
E-mail: snezhko@indorsoft.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ufynxqw32.fsf>