Bug 30783

Summary: Failure in mounting cifs vers=1.0 since kernel 5.16
Product: Mageia Reporter: Marcel Pol <marcel>
Component: BackportsAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: Normal    
Version: 8   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: kernel-5.18.15-1.mga8.src.rpm CVE:
Status comment:

Description Marcel Pol 2022-08-29 16:53:17 CEST 
Description of problem:
Mounting a cifs share with `vers=1.0` through fstab as root doesn't work since kernel 5.16. With kernel 5.17 and 5.18 it doesn't work either. Booting with kernel 5.10 up to 5.15 does work.
mount.cifs returns error -6.

Version-Release number of selected component (if applicable):
Broken:
- kernel-desktop-5.16.18-1.mga8-1-1.mga8
- kernel-desktop-5.17.4-2.mga8-1-1.mga8
- kernel-desktop-5.18.15-1.mga8-1-1.mga8
Working:
- kernel-desktop-5.10.78-1.mga8-1-1.mga8
- kernel-desktop-5.12.15-1.mga8-1-1.mga8
- kernel-desktop-5.13.14-1.mga8-1-1.mga8
- kernel-desktop-5.14.17-1.mga8-1-1.mga8
- kernel-desktop-5.15.58-2.mga8-1-1.mga8

How reproducible:
Always.

Steps to Reproduce:
1. Make sure to have a Samba server which only supports CIFS version 1.0 (yes, very old :) ). 
2. Add a line to /etc/fstab like:
   //192.168.0.11/volume_1 /mnt/worlddomination cifs noauto,vers=1.0 0 0
3. As root run the command: 
   mount /mnt/worlddomination

Changing the smb.conf to a min protocol doesn't help, since cifs is a kernel module that doesn't use smb.conf.
I checked if there is anything done with the `disable_legacy_dialects` in the cifs module, but that defaults to No. There are no patches that change this in the kernel config afaik. There is no option added to the module at load time. Loading cifs with this option explicitly to No doesn't fix the issue.
Comment 1 sturmvogel 2022-08-29 19:03:33 CEST 
Support for unsecure SMB1 got removed in all upstream kernels from 5.15 ongoing. This is an upstream decision:
https://bugzilla.kernel.org/show_bug.cgi?id=215375
Comment 2 sturmvogel 2022-08-29 19:07:57 CEST 
See also the notes at samba page which clearly states:

5.15 kernel:
Support for weaker authentication algorithms (NTLMv1 and LANMAN) removed.

https://wiki.samba.org/index.php/LinuxCIFSKernel
Comment 3 Marcel Pol 2022-08-29 19:44:56 CEST 
Ah, too bad.

It does work on 5.15 though, not on 5.16 :)
Comment 4 Thomas Backlund 2022-08-29 20:41:30 CEST 
(In reply to Marcel Pol from comment #3)
> Ah, too bad.
> 
> It does work on 5.15 though, not on 5.16 :)

That's because I reverted the removal in our 5.15 series kernels as I dont like regressions in a stable release.

but for the backport kernels I dont revert it as that comes with a maintenance overhead I'm not interested in ...

And anyway it will be gone in mga9 anyway, so people need to start coping with it anyway...

so you need to choose... 
stay with 5.15 to have the support or use 5.16+ for new features...

Resolution: (none) => WONTFIX
Status: NEW => RESOLVED