000038873 - CIFS share fails to mount after upgrade to RSA NetWitness 11.4.x

Document created by RSA Customer Support Employee on May 27, 2020
Version 1Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000038873
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.4.x
Platform: CentOS
O/S Version: 7
IssueAn SMB/CIFS share mount from a NetWitness appliance to a Windows Server share worked before upgrading to NetWitness 11.4.x, but now fails after the upgrade.

The /var/log/messages file reports the default SMB protocols now used is SMB2.1 or SMB3.
 

May 20 05:37:50 NWSRV kernel: Key type dns_resolver registered
May 20 05:37:50 NWSRV systemd-udevd: Network interface NamePolicy= disabled on kernel command line, ignoring.
May 20 05:37:51 NWSRV kernel: Key type cifs.spnego registered
May 20 05:37:51 NWSRV kernel: Key type cifs.idmap registered
May 20 05:37:51 NWSRV kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
May 20 05:37:51 NWSRV kernel: cifs_mount failed w/return code = -22


 
CauseDue to security vulnerabilities, it is recommended to not use SMBv1 and SMBv2.
ResolutionTo specifically use the older SMBv1 or SMBv2 protocol edit the /etc/fstab file and add a vers value into the options section of the CIFS mount line.

In the example below see the addition of,vers=2.0 to use the SMBv2 protocol.

# vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Mon Dec 23 00:09:33 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/netwitness_vg00-root /                       xfs     defaults        0 0
UUID=510537fc-1902-40e4-a8b6-6a1ec9aeca5d /boot                   xfs     defaults        0 0
/dev/mapper/netwitness_vg00-usrhome /home                   xfs     nosuid          0 0
/dev/mapper/netwitness_vg00-varlog /var/log                xfs     defaults        0 0
/dev/mapper/netwitness_vg00-nwhome /var/netwitness         xfs     nosuid,noatime  0 0
/dev/mapper/netwitness_vg00-swap swap                    swap    defaults        0 0
//192.168.1.1/nwbackups /var/netwitness/nwbackups cifs credentials=/etc/samba/credentials,_netdev,x-systemd.automount,vers=2.0 0 0


Use the highest SMB version that works in your environment for the best security.

After updating the /etc/fstab file run the "mount -a" command to mount the CIFS share.
NotesAllowed SMB protocol version values are:
  • 1.0 - The classic CIFS/SMBv1 protocol. This was the default.
  • 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) that is not supported.
  • 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.
  • 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.
Note too that while this option governs the protocol version used, not all features of each version are available.

Attachments

    Outcomes