CIFS broken again

[antonmatsiuk]

As already was reported here, I have problems to mount CIFS (Azure Files share) to PhotonOS2. The same command works on CentOS7.5 and no firewalling is applied.

Kernel versions tested:

4.9.210-3.ph2-esx
4.9.224-2.ph2-esx

Command:

mount -v -t cifs //***.file.core.windows.net/***/*** -cifs -o dir_mode=0777,file_mode=0777,username=***,password=***

Result:

mount error(11): Resource temporarily unavailable
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

[dcasota]

Have you already checked the Azure config according to https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux: “If your Linux distribution does not support SMB 3.0 with encryption or if it only supports SMB 2.1, you may only mount from an Azure VM within the same region as the storage account. To mount your Azure file share on a Linux distribution that does not support SMB 3.0 with encryption, you will need to disable encryption in transit for the storage account.”

[antonmatsiuk]

Then here is the question, does PhotonOS2 with ESX kernel support SMB 3.0 with encryption?

[dcasota]

Afaik there are no official docs with which Microsoft SMB dialect is supported on which VMware Photon OS release.

Some 'Microsoft SMB'-only descriptions are:

• https://docs.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview
• learning curve story at https://techcommunity.microsoft.com/t5/storage-at-microsoft/controlling-smb-dialects/ba-p/860024
• SMB protocol revision at https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5606ad47-5ee0-437a-817e-70c366052962

Some 'Photon OS'-related descriptions are:

• https://vmware.github.io/photon/assets/files/html/3.0/photon_user/nfs-utils.html and https://www.virtuallyghetto.com/2016/01/quick-tip-how-to-mount-cifs-nfs-volumes-on-photon-os.html

SMB 3.0 with encryption is supported by Microsoft Windows 8, Server 2012 and above. For Linux, Samba 4.0 and above supports SMB 3.0 (see https://wiki.samba.org/index.php/LinuxCIFSKernel). There is no obvious SMB dialects key features mapping between Linux releases, Samba cifs-utils and Photon NFS-Utils releases.

Samba cifs-utils comes with an own mount.cifs command. A test on a Photon3rev2 Azure GenV1 VM and installed cifs-utils 6.9 release from https://www.samba.org/ftp/linux-cifs/cifs-utils mounting an azure share on the same storageaccount and resourcegroup succeeded successfully. I've attached the bash script (rename it to .sh).

You may need to modify some tdnf packages to get it work on Photon2 as well. Please share your findings.

mount-azure-share.txt

[antonmatsiuk]

@dcasota thanks for a comprehensive investigation! So far it didn't work with cifs-utils 6.7 on PhotonOS2, I'll try it with cifs-utils 6.9

[dcasota]

@antonmatsiuk well, on PhotonOS2 (tested on build number 0922243, kernel 4.9.226-1.ph2) using cifs-utils 6.9 there is still the issue mount error(11): Resource temporarily unavailable. Just saw that configuring cifs-utils throws out 3 warnings.

[...]
configure: WARNING: krb5.h not found, consider installing krb5-devel or krb5-libs-devel. Disabling cifs.upcall.
[...]
configure: WARNING: wbclient.h not found, consider installing libwbclient-devel. Disabling cifs.idmap.
configure: WARNING: wbclient.h not found, consider installing libwbclient-devel. Disabling cifsacl.
[...]

Didn't find any way. Unfortunately the utility-driven way using PowerShell Core 7.x is not an alternative. Cmdlets in nettcpip and in other net* modules are not cross-platform (yet?). [System.Net.Dns]::GetHostEntry("***.file.core.windows.net")works on pwsh7.1.0-preview.4 though.

[antonmatsiuk]

@dcasota I upgraded the VM to PhotonOS3 and it works with cifs-utils-6.8.3.ph3

uname -a
Linux de-dd-srv-1235.datacenter.as42699.net 4.19.198-1.ph3-esx 

[dcasota]

@antonmatsiuk I've assembled some smb interoperability information. smb-interoperability.xlsx

• Photon 3.0 its Linux kernel 4.19 includes basic smb 3.1.1 support.
• Photon 4.0 uses Linux kernel 5.10. Referring to blog articles, default mount and AES-128-GCM encryption are included. Accordingly to cifs-utils-6.12, the automated (backport) tests were successfully processed for Linux kernel 5.10. Afaik the new SMB compression feature which is included in MS Windows 11 hasn't been backported yet.

[leducvin]

Have been trying to get that working in Photon 4.0 Rev2.

From a Ubuntu 20.04 (linux 5.13 / cifs-utils 6.9) client, this works (after typing in my password):

sudo mount.cifs -v //192.168.1.1/share /mnt/share -o rw,username=myuser,iocharset=utf8,gid=1513,file_mode=0775,dir_mode=0775,vers=3,sec=ntlmv2

mount.cifs kernel mount options: ip=192.168.1.1,unc=\\192.168.1.1\share,iocharset=utf8,file_mode=0775,dir_mode=0775,vers=3,sec=ntlmv2,gid=1513,user=myuser,pass=********

While from Photon 4.0 (linux 5.10 / cifs-utils 6.13) the exact same (except sudo) will give:

mount.cifs kernel mount options: ip=192.168.1.1,unc=\\192.168.1.1\share,iocharset=utf8,file_mode=0775,dir_mode=0775,vers=3,sec=ntlmv2,gid=1513,user=myuser,pass=********

mount error(2): No such file or directory Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

dmesg doesn't really help: [ 1249.690522] CIFS: Attempting to mount //192.168.1.1/share

I downgraded to cifs-utils 6.9 and upgraded to cifs-utils 6.14, and it still doesn't work.

[dcasota]

@leducvin Is Ph4 mount.cifs still an issue ?

[leducvin]

@dcasota just ran tdnf distro-sync to update packages and tried again, with the same results, unfortunately

[leducvin]

Hey, happy to report mount.cifs is now working in Photon OS 5.0GA :)

[loadit]

On my end cifs seams broken?!

root@demo-portainer02 [ ~ ]# uname -a
Linux demo-portainer02 6.1.10-10.ph5-esx #1-photon SMP Mon Apr 24 22:51:08 UTC 2023 x86_64 GNU/Linux
root@demo-portainer02 [ ~ ]# modprobe cifs
modprobe: FATAL: Module cifs not found in directory /lib/modules/6.1.10-10.ph5-esx
root@demo-portainer02 [ ~ ]#mount -t cifs //xyz.xyz.xyz.xyz/share /testing -o username=user,password=pass
mount error: cifs filesystem not supported by the system
mount error(19): No such device
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

EDIT:// REBOOT ;-) did the trick after installing cifs-utils

[Vasavisirnapalli]

@sshedi

[sshedi]

@loadit it seems like an user error.

rpm -qlp linux-esx-6.1.10-10.ph5.x86_64.rpm | grep cifs
/lib/modules/6.1.10-10.ph5-esx/kernel/fs/cifs
/lib/modules/6.1.10-10.ph5-esx/kernel/fs/cifs/cifs.ko.xz
/lib/modules/6.1.10-10.ph5-esx/kernel/fs/smbfs_common/cifs_arc4.ko.xz
/lib/modules/6.1.10-10.ph5-esx/kernel/fs/smbfs_common/cifs_md4.ko.xz

So, modprobe cifs should work fine. Also, cifs-utils provides mount.cifs binary.

root@ph5dev [ ~ ]# tdnf repoquery --list cifs-utils
/usr/bin/smb2-quota
/usr/bin/smbinfo
/usr/sbin/mount.cifs
/usr/sbin/mount.smb3

You don't need cifs-utils to load cifs kernel module.