Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 2 Mar 2016 16:01:57 +0100
From:      Rainer Hurling <rhurlin@gwdg.de>
To:        "O. Hartmann" <ohartman@zedat.fu-berlin.de>
Cc:        Reko Turja <reko.turja@liukuma.net>, FreeBSD CURRENT <freebsd-current@freebsd.org>
Subject:   Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)
Message-ID:  <56D70065.2010304@gwdg.de>
In-Reply-To: <20160302152939.17333d19@freyja.zeit4.iv.bundesimmobilien.de>
References:  <20160301222004.4cdaafc9.ohartman@zedat.fu-berlin.de> <32E522F2674A4DEBBE2492D3A307A0C1@Rivendell> <20160302152939.17333d19@freyja.zeit4.iv.bundesimmobilien.de>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Oliver,

Am 02.03.16 um 15:29 schrieb O. Hartmann:
> On Tue, 1 Mar 2016 23:39:22 +0200
> "Reko Turja" <reko.turja@liukuma.net> wrote:
>
>> -----Original Message-----
>> From: O. Hartmann
>> Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)
>>>
>>> I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445
>>> as NetBIOS service (tcp/139) has been deprecated due to serious
>>> vulnerability issues. .
>>> .
>>> .
>>> I desperately need CIFS and I need tcp/445 since tcp/139 is from now on
>>> firewalled.
>>
>> There's actually alternative available that's far more UNIX-friendly and not
>> depending on the SAMBA foibles.
>>
>> https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396
>>
>> Of course, you need to have admin access to the server or get the admins
>> enable NFS on it.
>>
>> -Reko
>>
>> (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted
>> with on Win7.) _______________________________________________
>> freebsd-current@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>
> Using others than CIFS is impossible, I'm dependend on existing services.
> Within the next forseable time port tcp/139 gets firewalled.
>
> So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the
> latter two are prerequests for NETSMB/SMBFS, didn't find much in the very
> sparse and unfinished docs for that subject!) into the kernel.
>
> I found this following the exact subject I ran into:
>
> http://agreif.blogspot.de/2014/01/blog-post.html
>
> It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider the
> following situation.
>
> Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is
> ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf,
> hashed:
>
>
> [default]
> charsets=utf-8:utf-8
>
> [LOCUS:PIMMEL]
> address=10.0.0.1
> password=$$ajdhasuih57
>
> The, following the above instructions, the mount_smbfs(8) command would be
>
> mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt
>
> If -W is fed with ASUF (all uppercase), I get a strange error:
>
> mount_smbfs: invalid local charset specification (IT4)
>
> Connecting to the SAMBA 4.3 server, and with -Wasuf, I get
>
> mount_smbfs: unable to open connection: syserr = RPC struct is bad
>
> Connectingto the Windows 2012 R2 server results in
>
> mount_smbfs: unable to open connection: syserr = Connection reset by peer
>
> First, the manpage for mount_smbfs(8) is everything else than FreeBSD standard!
> There is an unexplained option "-n opt". What is that?
>
> Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze world
> - why is that fact not reflected by FreeBSD? I tried to find some
> explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but
> none found :-(
>
> My interpretation of the above errors are: FreeBSD is incapable to handle CIFS
> over tcp/445. The above URL/site claims to have solved the problem, but it
> seems not true for CURRENT.

For me, the described scenario works well with base smbfs (on recent 
HEAD amd64). My configuration differs in some way from yours.

GROUPNAME, SERVERNAME, and USERNAME should be written in capital letters 
(?), domainname\\username in small letters (?):


# -------------------------------------------
#cat /etc/nsmb.conf
...
[default]
workgroup=GROUPNAME

[SERVERNAME]
nbns=xxx.xxx.xxx.xxx  (IPv4 address)
charsets=UTF-8:CP866
addr=servername.xxx.de

[SERVERNAME:USERNAME]
username=domainname\\username
password=HASHED_PASSWORD


# -------------------------------------------
My entries in /etc/fstab look like this:
...
### Mountpoints for mount_smbfs (of base system)
//username@servername/dir	/SMB/DIR	smbfs	rw,late	0	0

[and this also works with port 445:]
//username@servername:445/dir	/SMB/DIR	smbfs	rw,late	0	0


# -------------------------------------------
!!! If this was a real hashed password in your mail above, you should 
change it ...

HTH and greetings,
Rainer




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56D70065.2010304>