greetings from ethernal blue – linux cifs smb windows share mount fails with “mount error(112): host is down” – no it is not

24.May.2019

Administration / Server, CyberSec / ITSec / Sicherheit / Security / SPAM, DataCenter / DataCenters, Fail, Fedora / RedHat / CentOS, Filesharing / NFS / SAMBA / SMB, fix errors, GNU-Linux, hacking, hacktivism, networking, storage / NAS / QNAP, windows FAIL

the best about samba:

thanks for samba, it provides users with a fast (of course depends also on harddisk speed) rock-solid no-limit-to-maximum-users file-server for maximum file-transfer-and-sharing-and-storage productivity (and they will USE that T: temp drive for EVERYTHING! prepare for TERRABYTES OF DATA!)

how to mount:

https://dwaves.de/2015/06/23/linux-mount-windows-samba-share-as-linux-client/

best hint ever: if there is an errors while smb mounting!

like “Mounting cifs drive gives: mount error(22): Invalid argument”

have a separate root-terminal open that is running this “debug the logs live” script

https://dwaves.de/2017/06/15/linux-monitor-all-logs-in-real-time-d-follow-all-show-changes-to-log-files-under-varlog/

tested on: CentOS Linux 7 with Kernel: 3.10.0-957 with cifs-utils.x86_64 version: 6.2-10.el7

when you ping the host (in this case a QNAP NAS) you – as the administrator – quickly realize – the host is up.

but samba client (cifs from package cifs-utils) falsely reports “host is down” because “host” in this case an QNAP NAS with old firmware does not speak the newer and secure dialects SMB v2.0 and SMB v3.0 and because of insecurity in SMB v1.0 an updated linux distribution will report this error – because cifs-utils per default tries to establish a SMB v2.0 connection – with a server that only speaks SMB v1.0.

instead of issuing a “security warning SMB v1.0 is insecure since ethernal blue exploit” it just fails with the mount error 112: host is down.

host is up.

the solution:

update all your smb servers so they can speak the more secure dialects SMB v2.0 and SMB v3.0.

“The current support for CIFS, SMB2, SMB2.1 and SMB3 dialects are stable and tested, and use of either CIFS or SMB3 (vers=1 or vers=3.0 on mount) is recommended depending on security requirements (SMB3 is much stronger security), server type and workload.” (src: wiki.samba.org)

well problem: once i lost a whole QNAP ext4 fielsystem to it’s Taiwaneese update mechanism. it contained mostly backups, but still not funny.

the workaround:

all you have to do is “force” cifs-utils to moint with the old insecure protocol by adding the option:

-o vers=1.0
# examples:

mount -t cifs //FILE-SERVER-IP-ADDRESS/NAME_OF_SHARE /mnt/cifs --verbose -o user=nobody -o vers=1.0;
# mount windows share, you will be asked for password

mount -t cifs //FILE-SERVER-IP-ADDRESS/NAME_OF_SHARE /mnt/cifs --verbose -o user=nobody,password=secret -o vers=1.0;
# you won't be bothered entering a password

# another elaborate example:
sudo mount -t cifs -o username=otto,password=geheim,uid=1000,gid=1000,file_mode=0660,dir_mode=0770 -o vers=1.0 //192.168.1.100/Tausch /media/austausch

first of all, THANKS to the work of the cifs-utils team (there is NOBODY FROM MICROSOFT ON THE TEAM!? WHY NOT? Microsoft, if you truly care about OpenSource and Linux you should donate at least one guy that helps implement your (ever changing definition) of this file sharing protocol), but please come up with an less misleading error message for this use-case in the future.

you find the source code of this magnificent piece of open source here: https://git.samba.org/?p=cifs-utils.git;a=summary

“Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.” (src)

# get info about installed package
yum info cifs-utils.x86_64
Installed Packages
Name        : cifs-utils
Arch        : x86_64
Version     : 6.2
Release     : 10.el7
Size        : 175 k
Repo        : installed
From repo   : base
Summary     : Utilities for mounting and managing CIFS mounts
URL         : http://linux-cifs.samba.org/cifs-utils/
License     : GPLv3
Description : The SMB/CIFS protocol is a standard file sharing protocol widely deployed
            : on Microsoft Windows machines. This package contains tools for mounting
            : shares on Linux using the SMB/CIFS protocol. The tools in this package
            : work in conjunction with support in the kernel to allow one to mount a
            : SMB/CIFS share onto a client and use it as if it were a standard Linux
            : file system.