@Tom Jones:- Can yuo please give an example explaining the use of real name.?

Tom, or anyone, did you ever get the CIFS mount to work on RHEL6 with NTLMv2 enabled in the 2008R2 domain?

I've been searching for help with this but so far - no love. I know it works great in RHEL7, but I can't use that.

Thanks

Tom, thanks for the fast reply. I'm in a heavily "secured" environment.

As soon as the Windows admin changed the following options, I lost my ability to mount CIFS from RHEL 6.6.
He activated the settings in 2008R2:
* Lan Manager authentication levelL send NTMLv2 response only ; refuse LM/NTML
* Minimum session security for NTML SSP based clients/servers to "require NTMLv2 session security
* Domain Member: REquire Strong session Key: Enabled

In my /etc/samba/smb.conf file I do have "client signing = mandatory"

Also I've tried every CIFS mount security option (sec= ), including:
ntmlv2, ntmlv2i, ntlmssp and ntlmsspi

I normally get a "permission denied for them, except for ntlmv2i where I get "Operation not supported".

I've tried on both types of servers that are AD integrated via krb5/samba ADS and even via SSSD, which we're eventually going to migrate too for all servers (time permitting).

I'm all patched up on my RHEL6.6 as well. Kernel 2.6.32-504.12.2 and cifs-utils 4.8.1-19.

I've tried for a long time to get this to work without luck.

Any help is MUCH appreciated.

Well that's discouraging. There's something we're missing then. I'm probably missing some better way to troubleshoot the issue.

Thanks again Tom, We really appreciate the experience you provide the Community.

Just to report any minor successes we have in this post:

We were able to get a few non-DFS shares to mount with sec=ntlmssp option, but only AFTER we changed the SecurityFlags in memory with 0x04004. Found that code at Samba.Org. For some reason the DFS shares were problematic - I think I saw that mentioned somewhere on-line. More testing and researching is needed tomorrow. UHG!

echo 0x04004 > /proc/fs/cifs/SecurityFlags

We're getting closer though. I feel more secure everyday. :-)

There should be a new book series entitled:
"Windoze & Linux Integration in a Very, VERY Secured Enterprise for Complete Morons - The Saga Continues (Book 12)".

LOL

For nearly a year we've had no issues mounting to DFS shares in the Win2008R2 environment. I don't have my notes in front of me, but I think this is all we've ever done to succeed. Works like a champ.

Just ensure keyutils is installed, add the two lines to /etc/request-key.conf and BAM, mount as needed. I'll double check when I'm at work tomorrow, but I'm sure this is all we ever done to all our CIFS clients on RHEL 6.6 servers and workstations.

http://mikemstech.blogspot.com/2012/10/how-to-mount-dfs-share-in-linux.html

We push a TON of data via a RHEL6 FTP server to our production storage, which is currently EMC NAS appliances.

Oh, I did go back and test all our mount CIFS requirements on a RHEL 7.0 host. Damn'd if it didn't just work with ntlmssp (no options selected). Shame I won't see that in production for at least 24 months - at best. Oh well.

Thanks!

As it is now my RHEL team needs therapy after all the STIG'ing of in-productions hosts and related documentation and "check lists".

We'll do better as we migrate to RHEL 7 - again, when ever that'll be. Not looking forward to more migration work though.

:-(

Thanks again!