From: "Aurélien Aptel" <aaptel@suse.com>
To: Nate Collins <ncollins@xes-inc.com>, linux-cifs@vger.kernel.org
Subject: Re: multiuser/cifscreds not functioning on newer Ubuntu releases
Date: Tue, 06 Apr 2021 11:51:15 +0200 [thread overview]
Message-ID: <87k0pf4u7g.fsf@suse.com> (raw)
In-Reply-To: <3798863.814011.1617658480343.JavaMail.zimbra@xes-inc.com>
Nate Collins <ncollins@xes-inc.com> writes:
> I initially posted this to the Samba mailing list, where it didn't
> receive much attention, but it might be more appropriate for a
> CIFS-specific mailing list. Per the subject, this may be an
> Ubuntu-specific bug, but I don't have the familiarity with CIFS to
> claim this is so and that nothing is wrong with my setup.
You can try to look at what happens in Wireshark. If you are getting
STATUS_ACCESS_DENIED during session setup it could be a signing problem
or kerberos issue. I would be interesting to see to which request are
you getting that error back from anyway.
Ubuntu 18 is from 2018 right? There have been multiple regressions and
fixes related to signing since then. After a quick scan I see these
fixes (from most recent to oldest):
05946d4b7a73 cifs: Fix preauth hash corruption
edad734c74a4 smb3: use SMB2_SIGNATURE_SIZE define
cc95b6772790 cifs: fix channel signing
ff6b6f3f9160 cifs: Always update signing key of first channel
46f17d17687e smb3: fix signing verification of large reads
8c11a607d1d9 SMB3: Fix SMB3.1.1 guest mounts to Samba
e71ab2aa06f7 cifs: allow guest mounts to work for smb3.11
a5c62f4833c2 CIFS: fix uninitialized ptr deref in smb2 signing
a12d0c590cc7 cifs: Make sure all data pages are signed correctly
8de8c4608fe9 cifs: Fix validation of signed data in smb2
27c32b49c3db cifs: Fix validation of signed data in smb3+
83ffdeadb46b cifs: Fix invalid check in __cifs_calc_signature()
...
For debugging keyrings you can write a shell script wrapper for all the
cifs keys defined in /etc/request-keys.conf. This allows you to log
calls, strace the bins, etc. See Sashin's blog:
http://sprabhu.blogspot.com/2014/12/debugging-calls-to-cifsupcall.html
If you can recompile the cifs-utils upcall bins you can add calls to log
PID and sleep so you can attach gdb and step into it, can be really
useful as well.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
next prev parent reply other threads:[~2021-04-06 9:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-05 21:34 multiuser/cifscreds not functioning on newer Ubuntu releases Nate Collins
2021-04-06 9:51 ` Aurélien Aptel [this message]
2021-04-06 20:19 ` Nate Collins
2021-04-06 15:00 ` Shyam Prasad N
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k0pf4u7g.fsf@suse.com \
--to=aaptel@suse.com \
--cc=linux-cifs@vger.kernel.org \
--cc=ncollins@xes-inc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox