Mensagem de erro CIFS VFS: revalidação do protocolo - incompatibilidade de configurações de segurança

2

Servidor: Debian 8, Clientes: alguns Windows e alguns Xubuntu 16.04

Desde que atualizei um Cliente Xubuntu para o 4.13.0-26, não consigo montar os compartilhamentos do samba.

[20390.135208] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
[20390.161744] CIFS VFS: protocol revalidation - security settings mismatch
[20390.162553] CIFS VFS: session ffffa06a57c23a00 has no tcon available for a dfs referral request
[20390.163395] CIFS VFS: cifs_mount failed w/return code = -5

Eu entendo que isso tem a ver com o smb-Protokoll, mas quando eu uso

testparm -v | grep protocol

no meu servidor ele diz:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[netlogon]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[firmendaten]"
Processing section "[downloads]"

Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

    server max protocol = SMB3
    server min protocol = LANMAN1
    client max protocol = default
    client min protocol = CORE
    client ipc max protocol = default
    client ipc min protocol = default

Aqui está meu smb.conf:

[global]
    workgroup = MYGROUP
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    logon path = \%L\profiles\.msprofile
    logon home = \%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = Yes
        os level = 20
        netbios name = SERVER
    server string = Linux Server 2013
    domain master = yes
        load printers = yes
        allow insecure wide links = yes
        follow symlinks = yes
        wide links = yes
    unix extensions = no


[homes]
    recycle:touch = Yes
    browseable = No
    writeable = yes
    invalid users = daten
    vfs object = recycle 
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    recycle:keeptree = Yes
    comment = Home Directories
    valid users = %S,%D%w%S
    recycle:repository = .Papierkorb
    recycle:versions = Yes
    recycle:directory_mode = 0700
    inherit acls = Yes


[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700


[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon


[printers]
    browseable = no
    writeable = yes
    printable = yes
    path = /var/tmp
    create mask = 0700
    comment = Alle Drucker
    public = yes

[print$]
    path = /var/lib/samba/drivers
    write list = root,@ntadmin
    force group = ntadmin
    create mask = 0664
    comment = Printer Drivers
    directory mask = 0775
    valid users = @firma,@privat

[firmendaten]
    write list = @users
    recycle:excludedir = /tmp,/temp,/cache,.Papierkorb
    force directory mode = 0770
    force group = firma
    recycle:keeptree = Yes
    inherit acls = Yes
    recycle:touch = Yes
    vfs objects = recycle
    writeable = yes
    path = /home/files/firma
    preexec = mkdir -p .Papierkorb
    force create mode = 0770
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    comment = Firmendaten
    valid users = @firma
    create mode = 0770
    recycle:repository = .Papierkorb
    recycle:versions = Yes
    recycle:directory_mode = 0770
    directory mode = 0770

[downloads]
    recycle:excludedir = /tmp,/temp,/cache,.Papierkorb
    write list = @users
    force group = firma
    recycle:keeptree = Yes
    create mask = 0770
    inherit acls = Yes
    recycle:touch = Yes
    vfs objects = recycle
    writable = yes
    path = /home/files/downloads
    preexec = mkdir -p .Papierkorb
    recycle:exclude = *.tmp,*.temp,*.o,*.obj,~$*,*.~??
    directory mask = 0770
    comment = Firmendaten
    recycle:versions = Yes
    recycle:directory_mode = 0770
    recycle:repository = .Papierkorb

Tanto quanto eu entendo, o servidor tem suporte a SMB2 e SMB3. Eu tentei esta adição em

[home]
min protocol = SMB2

respectivamente

[home]
min protocol = SMB3

Do que eu posso ver no servidor:

server max protocol = SMB3
server min protocol = SMB3

respectivamente

server max protocol = SMB3
server min protocol = SMB2

Mas o cliente ainda não consegue montar.

esta é a parte do fstab do cliente:

//192.168.0.251/firmendaten /home/username/server/firmendaten cifs gid=1000,uid=1000,file_mode=0660,dir_mode=0770,user,noauto,credentials=/home/username/.smbcredentials

Como posso montar usando o protocolo seguro SMB2 / SMB3?

Obrigado antecipadamente!

    
por sneaky 20.01.2018 / 17:43

1 resposta

1

Eu encontrei uma solução. Ele funciona adicionando a versão na montagem do cliente

//192.168.0.251/firmendaten /home/username/server/firmendaten cifs gid=1000,uid=1000,file_mode=0660,dir_mode=0770,user,noauto,vers=2.1,credentials=/home/username/.smbcredentials

Eu pensei que poderia fazer algo no smb.conf do servidor, mas isso também funciona.

    
por 21.01.2018 / 08:36