|Issue||An SMB/CIFS share mount from a NetWitness appliance to a Windows Server share worked before upgrading to NetWitness 11.4.x, but now fails after the upgrade.|
The /var/log/messages file reports the default SMB protocols now used is SMB2.1 or SMB3.
May 20 05:37:50 NWSRV kernel: Key type dns_resolver registered
May 20 05:37:50 NWSRV systemd-udevd: Network interface NamePolicy= disabled on kernel command line, ignoring.
May 20 05:37:51 NWSRV kernel: Key type cifs.spnego registered
May 20 05:37:51 NWSRV kernel: Key type cifs.idmap registered
May 20 05:37:51 NWSRV kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
May 20 05:37:51 NWSRV kernel: cifs_mount failed w/return code = -22
|Resolution||To specifically use the older SMBv1 or SMBv2 protocol edit the /etc/fstab file and add a vers value into the options section of the CIFS mount line.|
In the example below see the addition of,vers=2.0 to use the SMBv2 protocol.
# vi /etc/fstab
# Created by anaconda on Mon Dec 23 00:09:33 2019
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
/dev/mapper/netwitness_vg00-root / xfs defaults 0 0
UUID=510537fc-1902-40e4-a8b6-6a1ec9aeca5d /boot xfs defaults 0 0
/dev/mapper/netwitness_vg00-usrhome /home xfs nosuid 0 0
/dev/mapper/netwitness_vg00-varlog /var/log xfs defaults 0 0
/dev/mapper/netwitness_vg00-nwhome /var/netwitness xfs nosuid,noatime 0 0
/dev/mapper/netwitness_vg00-swap swap swap defaults 0 0
//192.168.1.1/nwbackups /var/netwitness/nwbackups cifs credentials=/etc/samba/credentials,_netdev,x-systemd.automount,vers=2.0 0 0
Use the highest SMB version that works in your environment for the best security.
After updating the /etc/fstab file run the "mount -a" command to mount the CIFS share.