Bug 15428 - Linux mount.smb3 Fails With Windows Host After Update July 2023 Update kb5028166
Summary: Linux mount.smb3 Fails With Windows Host After Update July 2023 Update kb5028166
Status: NEW
Alias: None
Product: CifsVFS
Classification: Unclassified
Component: user space tools (show other bugs)
Version: 4.x
Hardware: All Linux
: P5 major
Target Milestone: ---
Assignee: Jeff Layton
QA Contact: cifs QA contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-22 00:00 UTC by Scott Harvey
Modified: 2023-07-28 19:21 UTC (History)
1 user (show)

See Also:


Attachments
Successful mount.smb3 prior to windows update (15.16 KB, text/plain)
2023-07-22 00:00 UTC, Scott Harvey
no flags Details
Unsuccessful mount.smb3 after windows update (234.59 KB, text/plain)
2023-07-22 00:04 UTC, Scott Harvey
no flags Details
Successful mount.smb3 prior to windows update(s) (14.85 KB, application/x-gzip)
2023-07-28 17:54 UTC, Scott Harvey
no flags Details
Window 10 not updated, Windows 11 update, Wireshark pcapng trascript (112.65 KB, application/x-gzip)
2023-07-28 18:37 UTC, Scott Harvey
no flags Details
Windows 11 and Windows 10 host failing to mount Wiresshark pcapng trascript (20.15 KB, application/x-gzip)
2023-07-28 18:44 UTC, Scott Harvey
no flags Details
pcapng trascript shows successful Linux mount of Windows 10/11 shares (47.82 KB, application/octet-stream)
2023-07-28 18:54 UTC, Scott Harvey
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Harvey 2023-07-22 00:00:11 UTC
Created attachment 17993 [details]
Successful mount.smb3 prior to windows update

Prior to July 2023 windows host "shares" could be mounted in Linux Servers with the command mount.smb3.  After Windows security update kb5028166 the mount command no longer functions. 

I believe this is related bug 15418 "Secure Channel Faulty ..." 
Attachments are added that show that a Windows 10 host "share" can be mounted
successfully and when the share cannot be added after the Window 10/11 security update kb5028166 has been applied.

Here is the dmesg message when the mount.smb3 command fails:
cat dmesg_mnt_failure.txt
[507009.217361] CIFS: Attempting to mount //win10-testhost.harvey.net/public
[509040.494271] CIFS: Attempting to mount //win10-testhost.harvey.net/public
[509040.665517] CIFS: Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE

Linux Version and distribution:
swupd info
Distribution:      Clear Linux OS
Installed version: 39630
Version URL:       https://cdn.download.clearlinux.org/update
Content URL:       https://cdn.download.clearlinux.org/update

uname -a
Linux netserver03 6.4.3-1333.native #1 SMP Mon Jul 10 21:56:56 PDT 2023 x86_64 GNU/Linux

samba --version
Version 4.18.1
Comment 1 Scott Harvey 2023-07-22 00:04:33 UTC
Created attachment 17994 [details]
Unsuccessful mount.smb3 after windows update

This what was logged after Windows 10 host was updated to kb5028166
Comment 2 Rowland Penny 2023-07-22 06:51:09 UTC
You will either need to patch your version of Samba or wait until Clear OS provides new packages that use the the latest Samba version 4.18.5 , released for security purposes, the patch is also in that release.
Comment 3 Scott Harvey 2023-07-24 15:44:41 UTC
Current Status, Clear Linux has not updated samba beyond version 4.18.1, it is
not certain when they will update Samba.  Meanwhile I am trying to stand up a working Clear Linux in VMware that emulates my working "production" server.  This is taking a little longer than expected.  Once that is setup I will need to download the code base for Samba make files etc.. I am thinking there are 
robust make files, since Samba has been around for so many years.

Is there a link for a how-to for how apply patches, compile, link and install for samba? I have never done this before.
Comment 4 Scott Harvey 2023-07-28 17:54:53 UTC
Created attachment 18009 [details]
Successful mount.smb3 prior to windows update(s)
Comment 5 Scott Harvey 2023-07-28 18:37:56 UTC
Created attachment 18010 [details]
Window 10 not updated, Windows 11 update, Wireshark pcapng trascript
Comment 6 Scott Harvey 2023-07-28 18:44:13 UTC
Created attachment 18011 [details]
Windows 11 and Windows 10 host failing to mount Wiresshark pcapng trascript
Comment 7 Scott Harvey 2023-07-28 18:54:31 UTC
Created attachment 18012 [details]
pcapng trascript shows successful Linux mount of Windows 10/11 shares

The mount.smb3 operation appears to be successful after confirming with Samba version 4.18.5.
Comment 8 Scott Harvey 2023-07-28 19:04:10 UTC
It seems the more detailed comments about conditions of samba domain server 
and the windows host did not make it into this reporting I will attach test files
that go along with each of the pcapng attachents. They are small text files
Comment 9 Scott Harvey 2023-07-28 19:16:00 UTC
Comment on attachment 18009 [details]
Successful mount.smb3 prior to windows update(s)

======================================================
Thu Jul 27 09:26:48 PM PDT 2023
======================================================

Version of software 
==================================================================
Server: 
swupd info
Distribution:      Clear Linux OS
Installed version: 39670
Version URL:       https://cdn.download.clearlinux.org/update
Content URL:       https://cdn.download.clearlinux.org/update

samba --version
Version 4.18.1

krb5-config --all
Version:     Kerberos 5 release 1.21.1
Vendor:      Massachusetts Institute of Technology
Prefix:      /usr
Exec_prefix: /usr

uname -a
Linux clr-linux-srv 6.4.4-1337.native #1 SMP Wed Jul 19 10:29:52 PDT 2023 x86_64 GNU/Linux
==================================================================

Windows 10 host KB5028816 re-installed 

Edition	Windows 10 Pro
Version	22H2
Installed on	8/11/?2022
OS build	19045.3208
Experience	Windows Feature Experience Pack 1000.19041.1000.0

==================================================================
Windoww 11 host All latest update installed

Edition	Windows 11 Pro
Version	22H2
Installed on	7/26/2023
OS build	22621.2070
Experience	Windows Feature Experience Pack 1000.22659.1000.0
Comment 10 Scott Harvey 2023-07-28 19:17:35 UTC
Comment on attachment 18010 [details]
Window 10 not updated, Windows 11 update, Wireshark pcapng trascript

======================================================
Thu Jul 27 04:53:48 PM PDT 2023
======================================================

Version of software 
==================================================================
Server: 
swupd info
Distribution:      Clear Linux OS
Installed version: 39670
Version URL:       https://cdn.download.clearlinux.org/update
Content URL:       https://cdn.download.clearlinux.org/update

samba --version
Version 4.18.1

krb5-config --all
Version:     Kerberos 5 release 1.21.1
Vendor:      Massachusetts Institute of Technology
Prefix:      /usr
Exec_prefix: /usr

uname -a
Linux clr-linux-srv 6.4.4-1337.native #1 SMP Wed Jul 19 10:29:52 PDT 2023 x86_64 GNU/Linux
==================================================================

Windows 10 host KB5028816 "hidden"

Edition	Windows 10 Pro
Version	22H2
Installed on	8/11/2022
OS build	19045.3208
Experience	Windows Feature Experience Pack 1000.19041.1000.0

wmic qfe list brief /format:table
Description      FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status
Update                        KB5028849               NT AUTHORITY\SYSTEM  7/18/2023
Update                        KB5028853               NT AUTHORITY\SYSTEM  7/18/2023
Update                        KB5003791                                    10/6/2021
Update                        KB5011048               NT AUTHORITY\SYSTEM  7/18/2023
Security Update               KB5012170               NT AUTHORITY\SYSTEM  8/12/2022
Update                        KB5015684               NT AUTHORITY\SYSTEM  7/17/2023
Update                        KB5015895               NT AUTHORITY\SYSTEM  8/11/2022
Update                        KB5016705               NT AUTHORITY\SYSTEM  9/13/2022
Update                        KB5026879               NT AUTHORITY\SYSTEM  7/17/2023
Update                        KB5028318               NT AUTHORITY\SYSTEM  7/17/2023
Security Update               KB5005699                                    10/6/2021

==================================================================
Windoww 11 host All latest update installed

Edition	Windows 11 Pro
Version	22H2
Installed on	7/26/2023
OS build	22621.2070
Experience	Windows Feature Experience Pack 1000.22659.1000.0

wmic qfe list brief /format:table
Description  FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status
Update                    KB5028851               NT AUTHORITY\SYSTEM  7/27/2023
Update                    KB5029517               NT AUTHORITY\SYSTEM  7/26/2023
Update                    KB5028254               NT AUTHORITY\SYSTEM  7/27/2023
Update                    KB5025351                                    5/5/2023
Update                    KB5028756               NT AUTHORITY\SYSTEM  7/27/2023
Comment 11 Scott Harvey 2023-07-28 19:18:29 UTC
Comment on attachment 18011 [details]
Windows 11 and Windows 10 host failing to mount Wiresshark pcapng trascript

======================================================
Thu Jul 27 09:26:48 PM PDT 2023
======================================================

Version of software
==================================================================
Server:
swupd info
Distribution:      Clear Linux OS
Installed version: 39670
Version URL:       https://cdn.download.clearlinux.org/update
Content URL:       https://cdn.download.clearlinux.org/update

samba --version
Version 4.18.1

krb5-config --all
Version:     Kerberos 5 release 1.21.1
Vendor:      Massachusetts Institute of Technology
Prefix:      /usr
Exec_prefix: /usr

uname -a
Linux clr-linux-srv 6.4.4-1337.native #1 SMP Wed Jul 19 10:29:52 PDT 2023 x86_64 GNU/Linux
==================================================================

Windows 10 host KB5028816 re-installed

Edition	Windows 10 Pro
Version	22H2
Installed on	8/11/?2022
OS build	19045.3208
Experience	Windows Feature Experience Pack 1000.19041.1000.0

wmic qfe list brief /format:table
Description      FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status
Update                        KB5028849               NT AUTHORITY\SYSTEM  7/18/2023
Update                        KB5028853               NT AUTHORITY\SYSTEM  7/18/2023
Update                        KB5003791                                    10/6/2021
Update                        KB5011048               NT AUTHORITY\SYSTEM  7/18/2023
Security Update               KB5012170               NT AUTHORITY\SYSTEM  8/12/2022
Update                        KB5015684               NT AUTHORITY\SYSTEM  7/17/2023
Security Update               KB5028166               NT AUTHORITY\SYSTEM  7/28/2023 ****
Update                        KB5015895               NT AUTHORITY\SYSTEM  8/11/2022
Update                        KB5016705               NT AUTHORITY\SYSTEM  9/13/2022
Update                        KB5026879               NT AUTHORITY\SYSTEM  7/17/2023
Update                        KB5028318               NT AUTHORITY\SYSTEM  7/17/2023
Security Update               KB5005699                                    10/6/2021



==================================================================
Windoww 11 host All latest update installed

Edition	Windows 11 Pro
Version	22H2
Installed on	7/26/2023
OS build	22621.2070
Experience	Windows Feature Experience Pack 1000.22659.1000.0

wmic qfe list brief /format:table
Description  FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status
Update                    KB5028851               NT AUTHORITY\SYSTEM  7/27/2023
Update                    KB5029517               NT AUTHORITY\SYSTEM  7/26/2023
Update                    KB5028254               NT AUTHORITY\SYSTEM  7/27/2023
Update                    KB5025351                                    5/5/2023
Update                    KB5028756               NT AUTHORITY\SYSTEM  7/27/2023
Comment 12 Scott Harvey 2023-07-28 19:21:59 UTC
Comment on attachment 18012 [details]
pcapng trascript shows successful Linux mount of Windows 10/11 shares

======================================================
Fri Jul 28 08:53:53 AM PDT 2023
======================================================
Version of software 
==================================================================
Server:
swupd info
Distribution:      Clear Linux OS
Installed version: 39690
Version URL:       https://cdn.download.clearlinux.org/update
Content URL:       https://cdn.download.clearlinux.org/update

samba --version
Version 4.18.5

krb5-config --all
Version:     Kerberos 5 release 1.21.1
Vendor:      Massachusetts Institute of Technology
Prefix:      /usr
Exec_prefix: /usr

uname -a
Linux clr-linux-srv 6.4.5-1338.native #1 SMP Sun Jul 23 06:26:44 PDT 2023 x86_64 GNU/Linux

Other server setup information
When looking a Wireshark pcapng files the ip addresses are

win10-testhost.tst-domain.net 10.0.0.49
win10-testhost.tst-domain.net 10.0.0.29

clr-linux-srv.tst-domain.net  10.0.0.1

Samba is setup as server role = active directory domain controller
Internal DNS is enabled
==================================================================

Windows 10 host KB5028816 re-installed 

Edition	Windows 10 Pro
Version	22H2
Installed on	8/11/2022
OS build	19045.3208
Experience	Windows Feature Experience Pack 1000.19041.1000.0

wmic qfe list brief /format:table
Description      FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status
Update                        KB5028849               NT AUTHORITY\SYSTEM  7/18/2023
Update                        KB5028853               NT AUTHORITY\SYSTEM  7/18/2023
Update                        KB5003791                                    10/6/2021
Update                        KB5011048               NT AUTHORITY\SYSTEM  7/18/2023
Security Update               KB5012170               NT AUTHORITY\SYSTEM  8/12/2022
Update                        KB5015684               NT AUTHORITY\SYSTEM  7/17/2023
Security Update               KB5028166               NT AUTHORITY\SYSTEM  7/28/2023
Update                        KB5015895               NT AUTHORITY\SYSTEM  8/11/2022
Update                        KB5016705               NT AUTHORITY\SYSTEM  9/13/2022
Update                        KB5026879               NT AUTHORITY\SYSTEM  7/17/2023
Update                        KB5028318               NT AUTHORITY\SYSTEM  7/17/2023
Security Update               KB5005699                                    10/6/2021

==================================================================
Windoww 11 host All latest update installed

Edition	Windows 11 Pro
Version	22H2
Installed on	7/26/2023
OS build	22621.2070
Experience	Windows Feature Experience Pack 1000.22659.1000.0

wmic qfe list brief /format:table
Description  FixComments  HotFixID   InstallDate  InstalledBy          InstalledOn  Name  ServicePackInEffect  Status
Update                    KB5028851               NT AUTHORITY\SYSTEM  7/27/2023
Update                    KB5029517               NT AUTHORITY\SYSTEM  7/26/2023
Update                    KB5028254               NT AUTHORITY\SYSTEM  7/27/2023
Update                    KB5025351                                    5/5/2023
Update                    KB5028756               NT AUTHORITY\SYSTEM  7/27/2023

==================================================================================
Other window operational notes with samba when not running 
samba version 4.18.5 or above:

In addition to Remote Desktop (RDP) authentication between 
Windows Hosts failing and Linux servers not being able to 
mount Windows shares, running utilities compmgmt.msc will 
indicate problems.  When compmgmt.msc is run 
(As Domain Administrator on member Windows client) will not 
show a SID number instead of the qualified name such as 
TST-DOMAIN\Domain User for example.  If you are seeing SID numbers,
that means there is some kind of Domain TRUST issue at play, 
Remote Desktop between Windows host will start to fail, and 
mounting of Windows shares from Linux will not work and 
possibly other issues.