Mounting Windows shares on Linux using cifs fails after CVE-2020-1472 update

1

A patch/update to Windows domain controllers to address the CVE-2020-1472 vulnerability at my organization is causing cifs-based mounting of shared drives to fail on Ubuntu Linux machines.

The Linux machines are connecting to the Windows shares using directives in /etc/fstab, like so:

//12.34.56.78/shared_folder /home/username/shared_folder cifs credentials=/home/username/.smbcredentials,iocharset=utf8,file_mode=0777,dir_mode=0777 0 0

I have verified that the credentials in the /home/username/.smbcredentials file are correct.

This was working until our IT dept applied updates to the domain controllers last week, now I get an error when attempting to mount the drives:

mount error(13): Permission denied

In /var/log/syslog:

Feb 18 14:58:53 MyServer kernel: [ 8722.931641] Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Feb 18 14:58:53 MyServer kernel: [ 8722.931655] CIFS VFS: Send error in SessSetup = -13
Feb 18 14:58:53 MyServer kernel: [ 8722.932725] CIFS VFS: cifs_mount failed w/return code = -13

Microsoft has some documentation about the updates here, unfortunately the advice is a bit vague:

If the non-compliant device supports secure RPC with Netlogon secure channel, then enable secure RPC on the device.

Any tips on how to overcome this, or to "enable secure RPC" on my Ubuntu machine would be greatly appreciated.

I have tried adding server schannel = yes to /etc/samba/smb.conf as suggested here, but that did not solve the issue.

linux
active-directory
samba
cifs
asked on Server Fault Feb 18, 2021 by eben.english

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0