You are not logged in.
Hi,
I recently enabled SMB encryption on my Samba 4 server using smb encrypt = mandatory, which works fine with Windows clients. I can see in Wireshark that SMB traffic is indeed encrypted.
My Arch clients however are unable to access the share. Initially I tried accessing the shares through Nemo as I always have, however I was continually prompted for credentials. I then tried using gvfs-mount smb://, but the same thing happens — I am continually prompted for a username and password even though I'm using the correct credentials. On the server during a failed login, I see:
[2015/08/08 15:14:02.545392, 0] ../source3/smbd/trans2.c:3656(call_trans2qfsinfo)
call_trans2qfsinfo: encryption required and info level 0x105 sent.
[2015/08/08 15:14:02.545459, 3] ../source3/smbd/error.c:82(error_packet_set)
NT error packet at ../source3/smbd/trans2.c(3657) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED
[2015/08/08 15:14:02.545937, 3] ../source3/smbd/process.c:1802(process_smb)
Transaction 8 of length 80 (0 toread)
[2015/08/08 15:14:02.546021, 3] ../source3/smbd/process.c:1405(switch_message)
switch message SMBtrans2 (pid 22367) conn 0x7efeb06a12c0
[2015/08/08 15:14:02.546107, 0] ../source3/smbd/trans2.c:8712(handle_trans2)
handle_trans2: encryption required with call 0x5
[2015/08/08 15:14:02.546170, 3] ../source3/smbd/error.c:82(error_packet_set)
NT error packet at ../source3/smbd/trans2.c(8713) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED
[2015/08/08 15:14:02.546657, 3] ../source3/smbd/process.c:1802(process_smb)
Transaction 9 of length 80 (0 toread)
[2015/08/08 15:14:02.546749, 3] ../source3/smbd/process.c:1405(switch_message)
switch message SMBtrans2 (pid 22367) conn 0x7efeb06a12c0
[2015/08/08 15:14:02.546856, 0] ../source3/smbd/trans2.c:8712(handle_trans2)
handle_trans2: encryption required with call 0x5
[2015/08/08 15:14:02.546937, 3] ../source3/smbd/error.c:82(error_packet_set)
NT error packet at ../source3/smbd/trans2.c(8713) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIEDAccording to the Samba documentation,
If this is set to mandatory then all traffic to a share must must be encrypted once the connection has been made to the share. The server would return "access denied" to all non-encrypted requests on such a share.
, so I am assuming the problem is that gvfs-smb is not using encryption.
Is it possible to mount encrypted shares with gvfs-smb, or is encryption not supported? I haven't found much regarding this, so I don't know if it's not possible or if I'm missing something.
I could use smbclient, however I'd like integration with file managers like Nemo. Setting smb encrypt = auto means Windows clients default to not using encryption.
Last edited by Ackmos (2015-08-08 14:25:27)
Offline