Skip to content
  • There are no suggestions because the search field is empty.

CIFS share fails to mount after upgrade to RSA NetWitness 11.4.x

Issue

An SMB/CIFS share mount from a NetWitness appliance to a Windows Server share worked before upgrading to NetWitness 11.4.x, but now fails after the upgrade.

The /var/log/messages file reports the default SMB protocols now used is SMB2.1 or SMB3.
 
May 20 05:37:50 NWSRV kernel: Key type dns_resolver registered
May 20 05:37:50 NWSRV systemd-udevd: Network interface NamePolicy= disabled on kernel command line, ignoring.
May 20 05:37:51 NWSRV kernel: Key type cifs.spnego registered
May 20 05:37:51 NWSRV kernel: Key type cifs.idmap registered
May 20 05:37:51 NWSRV kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
May 20 05:37:51 NWSRV kernel: cifs_mount failed w/return code = -22


Cause

Due to security vulnerabilities, it is recommended to not use SMBv1 and SMBv2.


Resolution

To specifically use the older SMBv1 or SMBv2 protocol edit the /etc/fstab file and add a vers value into the options section of the CIFS mount line.

In the example below see the addition of, vers=2.0 to use the SMBv2 protocol.
# vi /etc/fstab

#
# /etc/fstab
# Created by anaconda on Mon Dec 23 00:09:33 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/netwitness_vg00-root / xfs defaults 0 0
UUID=510537fc-1902-40e4-a8b6-6a1ec9aeca5d /boot xfs defaults 0 0
/dev/mapper/netwitness_vg00-usrhome /home xfs nosuid 0 0
/dev/mapper/netwitness_vg00-varlog /var/log xfs defaults 0 0
/dev/mapper/netwitness_vg00-nwhome /var/netwitness xfs nosuid,noatime 0 0
/dev/mapper/netwitness_vg00-swap swap swap defaults 0 0
//192.168.1.1/nwbackups /var/netwitness/nwbackups cifs credentials=/etc/samba/credentials,_netdev,x-systemd.automount ,vers=2.0 0 0

Use the highest SMB version that works in your environment for the best security.

After updating the /etc/fstab file run the "mount -a" command to mount the CIFS share.

Notes

Allowed SMB protocol version values are:
  • 1.0 - The classic CIFS/SMBv1 protocol. This was the default.
  • 2.0 - The SMBv2.002 protocol. This was initially introduced in Windows Vista Service Pack 1, and Windows Server 2008. Note that the initial release version of Windows Vista spoke a slightly different dialect (2.000) that is not supported.
  • 2.1 - The SMBv2.1 protocol that was introduced in Microsoft Windows 7 and Windows Server 2008R2.
  • 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.
Note too that while this option governs the protocol version used, not all features of each version are available.

Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.4.x
Platform: CentOS
O/S Version: 7

Summary

The CIFS/SMB mount fails after upgrading to NetWitness 11.4.x


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue