Re: Possible regression: unable to mount CIFS 1.0 shares from older machines since 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c

From: Steve French
Date: Mon Jan 10 2022 - 22:16:20 EST


We do still need a little more data from the users affected to ensure
that it isn't something more subtle. One user noted Windows 11 worked
as a client, but not Linux which would imply that it is probably
something other than NTLM (NTLM has been strongly discouraged if not
disabled for more than 20 years).

On Mon, Jan 10, 2022 at 9:07 PM Thorsten Leemhuis
<regressions@xxxxxxxxxxxxx> wrote:
>
> Hi, this is your Linux kernel regression tracker speaking.
>
> On 10.01.22 06:53, Davyd McColl wrote:
> >
> > I'm following advice from the thread at
> > https://bugzilla.kernel.org/show_bug.cgi?id=215375
> > <https://bugzilla.kernel.org/show_bug.cgi?id=215375> as to how to report
> > this, so please bear with me and redirect me as necessary.
> >
> > Since commit 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c,
>
> FWIW, that is "cifs: remove support for NTLM and weaker authentication
> algorithms"
>
> > I'm unable to
> > mount a CIFS 1.0 share ( from a media player: mede8er med600x3d, which
> > runs some older linux). Apparently I'm not the only one, according to
> > that thread, though the other affected party there is windows-based.
> >
> > I first logged this in the Gentoo bugtracker
> > (https://bugs.gentoo.org/821895 <https://bugs.gentoo.org/821895>) and a
> > reversion patch is available there for the time being.
> >
> > I understand that some of the encryption methods upon which the original
> > feature relied are to be removed and, as such, the ability to mount
> > these older shares was removed. This is sure to affect anyone running
> > older Windows virtual machines (or older, internally-visible windows
> > hosts) in addition to anyone attempting to connect to shares from
> > esoteric devices like mine.
>
> > Whilst I understand the desire to clean up code and remove dead
> > branches, I'd really appreciate it if this particular feature remains
> > available either by kernel configuration (which suits me fine, but is
> > likely to be a hassle for anyone running a binary distribution) or via
> > boot parameters. In the mean-time, I'm updating my own sync software to
> > support this older device because if I can't sync media to the player,
> > the device is not very useful to me.
>
> From my point of view this afaics looks like one of those issues where
> the "no regressions" rule gets tricky. But I told Davyd to bring it
> forward here to get it discussed in the open. I also wonder if some
> middle-ground solution could be found in this particular case -- e.g.
> one where the commit stated above gets reverted and the code then
> slightly changed to only allow weaker authentication if the user
> manually requests in somehow, for example using a module parameter or
> something in /proc or /sys.
>
> Ciao, Thorsten
>
> P.S.: Anyway, getting this tracked:
>
> #regzbot ^introduced 76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c
> #regzbot title cifs: unable to shares that require NTLM or weaker
> authentication algorithms
> #regzbot link: https://bugzilla.kernel.org/show_bug.cgi?id=215375



--
Thanks,

Steve