mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)

O. Hartmann-4
I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 as NetBIOS
service (tcp/139) has been deprecated due to serious vulnerability issues.

Until the disabling of NetBIOS and tcp/139 we used successfully autofs and mount_smbfs.
this is no longer working. I tried to force autofs/mount_smbfs to bind to port 445 on the
server via ://@xxx.xxx.xxx.xxx:445/sharename, but this doesn't work.

Trying to mount a share from a samba 4.3 server (FreeBSD CURRENT, net/samba43, both most
recent sources), where I configured samba_server via smb ports = 445 to use port tcp 445
only and only SMB2 and SMB3 (server min protocol = SMB2) protocols via the following
command:

mount_smbfs -I xxx.xxx.xxx.xxx -U a_user -W \
WORKGROUP //[hidden email]:445/sharename /mnt

results in the error

mount_smbfs: unable to open connection: syserr = RPC struct is bad

Setting "smb ports = 139,445" and "server min protocol = NT1" seems to work, the share
can be bound, but this is SMB over tcp/139 and not CIFS.

I desperately need CIFS and I need tcp/445 since tcp/139 is from now on firewalled.

So: what do I miss here?

Kind regards and thank you in advance,

O. Hartmann

attachment0 (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)

Reko Turja
-----Original Message-----
From: O. Hartmann
Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)
>
> I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445 as NetBIOS
> service (tcp/139) has been deprecated due to serious vulnerability issues.
> .
> .
> .
> I desperately need CIFS and I need tcp/445 since tcp/139 is from now on firewalled.

There's actually alternative available that's far more UNIX-friendly and not depending on the SAMBA foibles.

https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396

Of course, you need to have admin access to the server or get the admins enable NFS on it.

-Reko

(I've used the Windows NFS the other way around- FreeBSD NFS shares mounted with on Win7.)
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)

O. Hartmann-4
On Tue, 1 Mar 2016 23:39:22 +0200
"Reko Turja" <[hidden email]> wrote:

> -----Original Message-----
> From: O. Hartmann
> Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)
> >
> > I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445
> > as NetBIOS service (tcp/139) has been deprecated due to serious
> > vulnerability issues. .
> > .
> > .
> > I desperately need CIFS and I need tcp/445 since tcp/139 is from now on
> > firewalled.  
>
> There's actually alternative available that's far more UNIX-friendly and not
> depending on the SAMBA foibles.
>
> https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396
>
> Of course, you need to have admin access to the server or get the admins
> enable NFS on it.
>
> -Reko
>
> (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted
> with on Win7.) _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

Using others than CIFS is impossible, I'm dependend on existing services.
Within the next forseable time port tcp/139 gets firewalled.

So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the
latter two are prerequests for NETSMB/SMBFS, didn't find much in the very
sparse and unfinished docs for that subject!) into the kernel.

I found this following the exact subject I ran into:

http://agreif.blogspot.de/2014/01/blog-post.html

It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider the
following situation.

Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is
ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf,
hashed:


[default]
charsets=utf-8:utf-8

[LOCUS:PIMMEL]
address=10.0.0.1
password=$$ajdhasuih57

The, following the above instructions, the mount_smbfs(8) command would be

mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt

If -W is fed with ASUF (all uppercase), I get a strange error:

mount_smbfs: invalid local charset specification (IT4)

Connecting to the SAMBA 4.3 server, and with -Wasuf, I get

mount_smbfs: unable to open connection: syserr = RPC struct is bad

Connectingto the Windows 2012 R2 server results in

mount_smbfs: unable to open connection: syserr = Connection reset by peer

First, the manpage for mount_smbfs(8) is everything else than FreeBSD standard!
There is an unexplained option "-n opt". What is that?

Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze world
- why is that fact not reflected by FreeBSD? I tried to find some
explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but
none found :-(

My interpretation of the above errors are: FreeBSD is incapable to handle CIFS
over tcp/445. The above URL/site claims to have solved the problem, but it
seems not true for CURRENT.

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)

Andrey V. Elsukov
On 02.03.16 17:29, O. Hartmann wrote:
> My interpretation of the above errors are: FreeBSD is incapable to handle CIFS
> over tcp/445. The above URL/site claims to have solved the problem, but it
> seems not true for CURRENT.

Did you try some FUSE CIFS implementations?

--
WBR, Andrey V. Elsukov


signature.asc (550 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)

Rainer Hurling
In reply to this post by O. Hartmann-4
Hi Oliver,

Am 02.03.16 um 15:29 schrieb O. Hartmann:

> On Tue, 1 Mar 2016 23:39:22 +0200
> "Reko Turja" <[hidden email]> wrote:
>
>> -----Original Message-----
>> From: O. Hartmann
>> Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)
>>>
>>> I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445
>>> as NetBIOS service (tcp/139) has been deprecated due to serious
>>> vulnerability issues. .
>>> .
>>> .
>>> I desperately need CIFS and I need tcp/445 since tcp/139 is from now on
>>> firewalled.
>>
>> There's actually alternative available that's far more UNIX-friendly and not
>> depending on the SAMBA foibles.
>>
>> https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396
>>
>> Of course, you need to have admin access to the server or get the admins
>> enable NFS on it.
>>
>> -Reko
>>
>> (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted
>> with on Win7.) _______________________________________________
>> [hidden email] mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> To unsubscribe, send any mail to "[hidden email]"
>
> Using others than CIFS is impossible, I'm dependend on existing services.
> Within the next forseable time port tcp/139 gets firewalled.
>
> So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the
> latter two are prerequests for NETSMB/SMBFS, didn't find much in the very
> sparse and unfinished docs for that subject!) into the kernel.
>
> I found this following the exact subject I ran into:
>
> http://agreif.blogspot.de/2014/01/blog-post.html
>
> It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider the
> following situation.
>
> Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is
> ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf,
> hashed:
>
>
> [default]
> charsets=utf-8:utf-8
>
> [LOCUS:PIMMEL]
> address=10.0.0.1
> password=$$ajdhasuih57
>
> The, following the above instructions, the mount_smbfs(8) command would be
>
> mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt
>
> If -W is fed with ASUF (all uppercase), I get a strange error:
>
> mount_smbfs: invalid local charset specification (IT4)
>
> Connecting to the SAMBA 4.3 server, and with -Wasuf, I get
>
> mount_smbfs: unable to open connection: syserr = RPC struct is bad
>
> Connectingto the Windows 2012 R2 server results in
>
> mount_smbfs: unable to open connection: syserr = Connection reset by peer
>
> First, the manpage for mount_smbfs(8) is everything else than FreeBSD standard!
> There is an unexplained option "-n opt". What is that?
>
> Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze world
> - why is that fact not reflected by FreeBSD? I tried to find some
> explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but
> none found :-(
>
> My interpretation of the above errors are: FreeBSD is incapable to handle CIFS
> over tcp/445. The above URL/site claims to have solved the problem, but it
> seems not true for CURRENT.

For me, the described scenario works well with base smbfs (on recent
HEAD amd64). My configuration differs in some way from yours.

GROUPNAME, SERVERNAME, and USERNAME should be written in capital letters
(?), domainname\\username in small letters (?):


# -------------------------------------------
#cat /etc/nsmb.conf
...
[default]
workgroup=GROUPNAME

[SERVERNAME]
nbns=xxx.xxx.xxx.xxx  (IPv4 address)
charsets=UTF-8:CP866
addr=servername.xxx.de

[SERVERNAME:USERNAME]
username=domainname\\username
password=HASHED_PASSWORD


# -------------------------------------------
My entries in /etc/fstab look like this:
...
### Mountpoints for mount_smbfs (of base system)
//username@servername/dir /SMB/DIR smbfs rw,late 0 0

[and this also works with port 445:]
//username@servername:445/dir /SMB/DIR smbfs rw,late 0 0


# -------------------------------------------
!!! If this was a real hashed password in your mail above, you should
change it ...

HTH and greetings,
Rainer

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)

O. Hartmann-4
Am Wed, 2 Mar 2016 16:01:57 +0100
Rainer Hurling <[hidden email]> schrieb:

> Hi Oliver,
>
> Am 02.03.16 um 15:29 schrieb O. Hartmann:
> > On Tue, 1 Mar 2016 23:39:22 +0200
> > "Reko Turja" <[hidden email]> wrote:
> >  
> >> -----Original Message-----
> >> From: O. Hartmann
> >> Subject: mounting CIFS share (tcp/455) with FreeBSD and mount_smbfs(8)  
> >>>
> >>> I need to mount a CIFS share from windows server 2012 r2 via CIFS, tcp/445
> >>> as NetBIOS service (tcp/139) has been deprecated due to serious
> >>> vulnerability issues. .
> >>> .
> >>> .
> >>> I desperately need CIFS and I need tcp/445 since tcp/139 is from now on
> >>> firewalled.  
> >>
> >> There's actually alternative available that's far more UNIX-friendly and not
> >> depending on the SAMBA foibles.
> >>
> >> https://technet.microsoft.com/en-us/library/jj574143.aspx?f=255&MSPPError=-2147217396
> >>
> >> Of course, you need to have admin access to the server or get the admins
> >> enable NFS on it.
> >>
> >> -Reko
> >>
> >> (I've used the Windows NFS the other way around- FreeBSD NFS shares mounted
> >> with on Win7.) _______________________________________________
> >> [hidden email] mailing list
> >> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> >> To unsubscribe, send any mail to "[hidden email]"  
> >
> > Using others than CIFS is impossible, I'm dependend on existing services.
> > Within the next forseable time port tcp/139 gets firewalled.
> >
> > So far I have compiled NETSMB, SMBFS, LIBMCHAIN and LIBICONV (I think the
> > latter two are prerequests for NETSMB/SMBFS, didn't find much in the very
> > sparse and unfinished docs for that subject!) into the kernel.
> >
> > I found this following the exact subject I ran into:
> >
> > http://agreif.blogspot.de/2014/01/blog-post.html
> >
> > It doesn't work with either SAMBA 4.3 or Windows Server 2012 R2. Consider the
> > following situation.
> >
> > Windows/samba server has IP 10.0.0.1, it's WINS name is locus, its domain is
> > ASUF the user is pimmel. The passowrd is in /etc/nsmb.conf,
> > hashed:
> >
> >
> > [default]
> > charsets=utf-8:utf-8
> >
> > [LOCUS:PIMMEL]
> > address=10.0.0.1
> > password=$$ajdhasuih57
> >
> > The, following the above instructions, the mount_smbfs(8) command would be
> >
> > mount_smbfs -I10.0.0.1 -Wasuf -N //pimmel@10.0.0.1:445/share /mnt
> >
> > If -W is fed with ASUF (all uppercase), I get a strange error:
> >
> > mount_smbfs: invalid local charset specification (IT4)
> >
> > Connecting to the SAMBA 4.3 server, and with -Wasuf, I get
> >
> > mount_smbfs: unable to open connection: syserr = RPC struct is bad
> >
> > Connectingto the Windows 2012 R2 server results in
> >
> > mount_smbfs: unable to open connection: syserr = Connection reset by peer
> >
> > First, the manpage for mount_smbfs(8) is everything else than FreeBSD standard!
> > There is an unexplained option "-n opt". What is that?
> >
> > Second, CIFS over tcp/445 seems to be now very(!) common in the Windooze world
> > - why is that fact not reflected by FreeBSD? I tried to find some
> > explanations/manpages for "man netsmb" or "smbfs" (the kernel options), but
> > none found :-(
> >
> > My interpretation of the above errors are: FreeBSD is incapable to handle CIFS
> > over tcp/445. The above URL/site claims to have solved the problem, but it
> > seems not true for CURRENT.  
>
> For me, the described scenario works well with base smbfs (on recent
> HEAD amd64). My configuration differs in some way from yours.
I use recent HEAD (most recent, just recompiled world a minute ago ...)

>
> GROUPNAME, SERVERNAME, and USERNAME should be written in capital letters
> (?), domainname\\username in small letters (?):

I have almost every permutation used by now. Using -WUPPERCASE on the commandline gives
me strange errors like:
mount_smbfs: invalid local charset specification (IT4),

-wlowercase doen't.

Using tcp/139 NetBIOS with both Samba 4.3 and Win 2012 R2 works with lowercase username,
servername.

>
>
> # -------------------------------------------
> #cat /etc/nsmb.conf
> ...
> [default]
> workgroup=GROUPNAME
>
> [SERVERNAME]
> nbns=xxx.xxx.xxx.xxx  (IPv4 address)
> charsets=UTF-8:CP866
> addr=servername.xxx.de
>
> [SERVERNAME:USERNAME]
> username=domainname\\username
> password=HASHED_PASSWORD
>
>
> # -------------------------------------------
> My entries in /etc/fstab look like this:
> ...
> ### Mountpoints for mount_smbfs (of base system)
> //username@servername/dir /SMB/DIR smbfs rw,late 0 0
>
> [and this also works with port 445:]
> //username@servername:445/dir /SMB/DIR smbfs rw,late
> 0 0
>
>
> # -------------------------------------------
> !!! If this was a real hashed password in your mail above, you should
> change it ...
it isn't ;-)

>
> HTH and greetings,
> Rainer

Thanks and kind regards,
Oliver

attachment0 (484 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: mounting CIFS share (tcp/445) with FreeBSD and mount_smbfs(8)

O. Hartmann-4
In reply to this post by Andrey V. Elsukov
On Wed, 2 Mar 2016 17:49:40 +0300
"Andrey V. Elsukov" <[hidden email]> wrote:

> On 02.03.16 17:29, O. Hartmann wrote:
> > My interpretation of the above errors are: FreeBSD is incapable to handle
> > CIFS over tcp/445. The above URL/site claims to have solved the problem,
> > but it seems not true for CURRENT.  
>
> Did you try some FUSE CIFS implementations?
>
FUSE and its sibblings doesn't get attention, since it is something additional
from ports. We have for the project security considerations and my intention is
to perform that task with most FreeBSD-only software. But thanks anyway - I
didn't have that project in mind so far, only SAMBA 4.3, misused as a client ...


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"