search

centreon / centreon-plugins

Collection of standard plugins to discover and gather cloud-to-edge metrics and status across your whole IT infrastructure.
https://www.centreon.com
Apache License 2.0
311 stars 274 forks source link

apps::protocols::cifs::plugin CENTOS7 Working ALMA8 not #4936

Closed sdouce closed 7 months ago

sdouce commented 8 months ago

Bug report

Quick description

It seems there is a difference of security share on this tow pollers (SMB1/2/3 on client)

ON ALMALINUX8 POLLER:

/usr/lib/centreon/plugins/centreon_protocol_cifs.pl --plugin=apps::protocols::cifs::plugin --mode=connection --hostname='XX.XX.XX.XX' --directory='/XXXXXXX' --debug
Connecting to XX.XX.XX.XX at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=367360, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
map_errno_from_nt_status: 32 bit codes: code=c000020c
**CRITICAL: Software caused connection abort | 'connection.time.seconds'=0.013s;;;0;**

ON CENTOS7 POLLER:

/usr/lib/centreon/plugins/centreon_protocol_cifs.pl --plugin=apps::protocols::cifs::plugin --mode=connection --hostname='XX.XX.XX.XX' --directory='/XXXXXXX' --debug
OK: authentication succeeded - connection time: 0.027s | 'connection.time.seconds'=0.027s;;;0;

How to reproduce

execute same command on two different poller vesion : /usr/lib/centreon/plugins/centreon_protocol_cifs.pl --plugin=apps::protocols::cifs::plugin --mode=connection --hostname='XX.XX.XX.XX' --directory='/XXXXXXX'

Expected result

OK: authentication succeeded - connection time: 0.027s | 'connection.time.seconds'=0.027s;;;0;

Actual result

There is a security difference between smbclient version, blocking smb connection on ALMA8 distribution or perl package . Do you know how change option.

Installed package on ALMA8: 

samba-common-4.18.6-3.el8_9.alma.1.noarch
samba-client-libs-4.18.6-3.el8_9.alma.1.x86_64
samba-common-libs-4.18.6-3.el8_9.alma.1.x86_64
libsmbclient-4.18.6-3.el8_9.alma.1.x86_64
perl-Filesys-SmbClient-4.0-1.el8.x86_64

Installed package on CENTOS7:

samba-common-libs-4.10.16-20.el7_9.x86_64
samba-common-4.10.16-20.el7_9.noarch
samba-client-libs-4.10.16-20.el7_9.x86_64
libsmbclient-4.10.16-20.el7_9.x86_64
perl-Filesys-SmbClient-4.0-1.el7.x86_64
sdouce commented 7 months ago

Ok found ! To check a smb share on SMBV1 you have to edit /etc/samba/smb.conf and add to [global] client min protocol = NT1 server min protocol = NT1 ntlm auth = ntlmv1-permitted