Context Navigation

← Previous Ticket
Next Ticket →

#289 closed enhancem. (fixed)

Add encryption checkbox to plugin configuration panel

Reported by:	Lewis Rosenthal	Owned by:
Priority:	minor	Milestone:
Component:	Samba Client Plugin	Version:	Client 3.0.x
Keywords:		Cc:

Description

When the server has:

[global]

smb encrypt = mandatory

It is not possible to successfully authenticate to a mapped share (smbclient works with the "-e" switch). A checkbox to enable SMB transport encryption is required in order to access such shares via NetDrive.

log.smbc snippet from a mapping attempt to a Linux host running Samba 4.5.3 configured as above, authenticating via NTLMv2:

2017/01/12 13:36:51.1: 9 2: NdpMountResource rc=0
2017/01/12 13:36:51.5: 9 2: NdpMountResource in
2017/01/12 13:36:51.5: 9 2: dircache_create: 10 seconds, 32 entries
2017/01/12 13:36:51.5: 9 2: dircache_create: 0x66fae0, rc = 0
2017/01/12 13:36:51.5: 9 2: checkMountResource in tid#2
2017/01/12 13:36:51.5: 1 2: Connecting to \\lewis:*********@workgroup:dp45sg\lewis. Master WORKGROUP:1
2017/01/12 13:36:51.24: 4 2: Server supports SMB3_11 protocol
2017/01/12 13:36:51.78: 4 2: lewis/******** login failed
2017/01/12 13:36:51.83: 1 2: session setup failed: NT_STATUS_OK
2017/01/12 13:36:51.84: 4 2: Anonymous login failed
2017/01/12 13:36:51.84: 9 2: NdpMountResource rc=65

Change History (2)

comment:1 Changed 7 years ago by Paul Smedley

An attempt at enabling this is at http://smedley.id.au/tmp/ndpsmb-20170115.zip

If the checkbox is enabled, you should see the following in log.ndpsmb if setting encyrption succeeds: Attempting to force encryption followed by Forcing encryption succeeded!

In the event that encryption fails, you should see: Attempting to force encryption cli_cm_force_encryption failed: %s

Not tested here (except with encryption disabled to ensure it didn't break normal shares)

comment:2 Changed 7 years ago by Lewis Rosenthal

Resolution:	→ fixed
Status:	new → closed

Upgrading was a bit of a bumpy ride. Perhaps I should have rebooted. It took me three or four attempts at stopping and starting NDCTL to finally get this plugin fully working.

Yes, I do see:

2017/01/15 02:40:03.39: 4 2: Forcing encryption succeeded!
2017/01/15 02:40:03.39: 4 2:  tconx ok.
2017/01/15 02:40:03.39: 9 2: NdpMountResource rc=0

with the server set to auto.

Setting the server to mandatory...yes. This seems to do the trick.

Thanks!!

Note: See TracTickets for help on using tickets.

Download in other formats: