挂载CIFS共享失败并出现如下错误:
[root@shizhanxia.com ~]# mount.cifs -o sec=ntlmssp //smb-server/sambagroup /cifstest/ -vvvv Password for root@//smb-server/sambagroup: ****** mount error(2): No such file or directory Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
在内核日志消息(dmesg)中观察到以下错误
[root@shizhanxia.com ~]# dmesg -T [Wed Aug 9 06:00:04 2023] alg: hmac(md5) (hmac(md5-generic)) is disabled due to FIPS [Wed Aug 9 06:00:04 2023] CIFS: VFS: Could not allocate shash TFM 'hmac(md5)' [Wed Aug 9 06:00:04 2023] CIFS: VFS: Error -2 during NTLMSSP authentication [Wed Aug 9 06:00:04 2023] CIFS: VFS: \\smb-server Send error in SessSetup = -2 [Wed Aug 9 06:00:04 2023] CIFS: VFS: cifs_mount failed w/return code = -2 [Wed Aug 9 07:17:33 2023] CIFS: Attempting to mount \\smb-server\sambagroup [..]
FIPS加密模块状态
[root@shizhanxia.com ~]# sysctl -a | grep fips crypto.fips_enabled = 1 [root@shizhanxia.com ~]# cat /proc/cmdline BOOT_IMAGE=/vmlinuz-5.14.21-150400.24.46-default root=UUID=c3c2cc2a-84f7-4495-9816-f8e2df8155e0 boot=/dev/sda3 USE_BY_UUID_DEVICE_NAMES=1 earlyprintk=ttyS0 console=ttyS0 rootdelay=300 net.ifnames=0 dis_ucode_ldr scsi_mod.use_blk_mq=1 multipath=off fips=1
解决方案
处理该问题有两种选择。第一种可以禁用FIPS,以便CIFS可以使用NTLMSSP安全性。第二种转换为使用Kerberos身份验证,Kerberos身份验证被认为足够安全,可以与FIPS兼容。Kerberos是一项庞大而复杂的工作,因此这里不涉及这些步骤。
原创文章,作者:保哥,如若转载,请注明出处:https://www.shizhanxia.com/976.html