Created attachment 17993 [details] Successful mount.smb3 prior to windows update Prior to July 2023 windows host "shares" could be mounted in Linux Servers with the command mount.smb3. After Windows security update kb5028166 the mount command no longer functions. I believe this is related bug 15418 "Secure Channel Faulty ..." Attachments are added that show that a Windows 10 host "share" can be mounted successfully and when the share cannot be added after the Window 10/11 security update kb5028166 has been applied. Here is the dmesg message when the mount.smb3 command fails: cat dmesg_mnt_failure.txt [507009.217361] CIFS: Attempting to mount //win10-testhost.harvey.net/public [509040.494271] CIFS: Attempting to mount //win10-testhost.harvey.net/public [509040.665517] CIFS: Status code returned 0xc000018d STATUS_TRUSTED_RELATIONSHIP_FAILURE Linux Version and distribution: swupd info Distribution: Clear Linux OS Installed version: 39630 Version URL: https://cdn.download.clearlinux.org/update Content URL: https://cdn.download.clearlinux.org/update uname -a Linux netserver03 6.4.3-1333.native #1 SMP Mon Jul 10 21:56:56 PDT 2023 x86_64 GNU/Linux samba --version Version 4.18.1
Created attachment 17994 [details] Unsuccessful mount.smb3 after windows update This what was logged after Windows 10 host was updated to kb5028166
You will either need to patch your version of Samba or wait until Clear OS provides new packages that use the the latest Samba version 4.18.5 , released for security purposes, the patch is also in that release.
Current Status, Clear Linux has not updated samba beyond version 4.18.1, it is not certain when they will update Samba. Meanwhile I am trying to stand up a working Clear Linux in VMware that emulates my working "production" server. This is taking a little longer than expected. Once that is setup I will need to download the code base for Samba make files etc.. I am thinking there are robust make files, since Samba has been around for so many years. Is there a link for a how-to for how apply patches, compile, link and install for samba? I have never done this before.
Created attachment 18009 [details] Successful mount.smb3 prior to windows update(s)
Created attachment 18010 [details] Window 10 not updated, Windows 11 update, Wireshark pcapng trascript
Created attachment 18011 [details] Windows 11 and Windows 10 host failing to mount Wiresshark pcapng trascript
Created attachment 18012 [details] pcapng trascript shows successful Linux mount of Windows 10/11 shares The mount.smb3 operation appears to be successful after confirming with Samba version 4.18.5.
It seems the more detailed comments about conditions of samba domain server and the windows host did not make it into this reporting I will attach test files that go along with each of the pcapng attachents. They are small text files
Comment on attachment 18009 [details] Successful mount.smb3 prior to windows update(s) ====================================================== Thu Jul 27 09:26:48 PM PDT 2023 ====================================================== Version of software ================================================================== Server: swupd info Distribution: Clear Linux OS Installed version: 39670 Version URL: https://cdn.download.clearlinux.org/update Content URL: https://cdn.download.clearlinux.org/update samba --version Version 4.18.1 krb5-config --all Version: Kerberos 5 release 1.21.1 Vendor: Massachusetts Institute of Technology Prefix: /usr Exec_prefix: /usr uname -a Linux clr-linux-srv 6.4.4-1337.native #1 SMP Wed Jul 19 10:29:52 PDT 2023 x86_64 GNU/Linux ================================================================== Windows 10 host KB5028816 re-installed Edition Windows 10 Pro Version 22H2 Installed on 8/11/?2022 OS build 19045.3208 Experience Windows Feature Experience Pack 1000.19041.1000.0 ================================================================== Windoww 11 host All latest update installed Edition Windows 11 Pro Version 22H2 Installed on 7/26/2023 OS build 22621.2070 Experience Windows Feature Experience Pack 1000.22659.1000.0
Comment on attachment 18010 [details] Window 10 not updated, Windows 11 update, Wireshark pcapng trascript ====================================================== Thu Jul 27 04:53:48 PM PDT 2023 ====================================================== Version of software ================================================================== Server: swupd info Distribution: Clear Linux OS Installed version: 39670 Version URL: https://cdn.download.clearlinux.org/update Content URL: https://cdn.download.clearlinux.org/update samba --version Version 4.18.1 krb5-config --all Version: Kerberos 5 release 1.21.1 Vendor: Massachusetts Institute of Technology Prefix: /usr Exec_prefix: /usr uname -a Linux clr-linux-srv 6.4.4-1337.native #1 SMP Wed Jul 19 10:29:52 PDT 2023 x86_64 GNU/Linux ================================================================== Windows 10 host KB5028816 "hidden" Edition Windows 10 Pro Version 22H2 Installed on 8/11/2022 OS build 19045.3208 Experience Windows Feature Experience Pack 1000.19041.1000.0 wmic qfe list brief /format:table Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB5028849 NT AUTHORITY\SYSTEM 7/18/2023 Update KB5028853 NT AUTHORITY\SYSTEM 7/18/2023 Update KB5003791 10/6/2021 Update KB5011048 NT AUTHORITY\SYSTEM 7/18/2023 Security Update KB5012170 NT AUTHORITY\SYSTEM 8/12/2022 Update KB5015684 NT AUTHORITY\SYSTEM 7/17/2023 Update KB5015895 NT AUTHORITY\SYSTEM 8/11/2022 Update KB5016705 NT AUTHORITY\SYSTEM 9/13/2022 Update KB5026879 NT AUTHORITY\SYSTEM 7/17/2023 Update KB5028318 NT AUTHORITY\SYSTEM 7/17/2023 Security Update KB5005699 10/6/2021 ================================================================== Windoww 11 host All latest update installed Edition Windows 11 Pro Version 22H2 Installed on 7/26/2023 OS build 22621.2070 Experience Windows Feature Experience Pack 1000.22659.1000.0 wmic qfe list brief /format:table Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB5028851 NT AUTHORITY\SYSTEM 7/27/2023 Update KB5029517 NT AUTHORITY\SYSTEM 7/26/2023 Update KB5028254 NT AUTHORITY\SYSTEM 7/27/2023 Update KB5025351 5/5/2023 Update KB5028756 NT AUTHORITY\SYSTEM 7/27/2023
Comment on attachment 18011 [details] Windows 11 and Windows 10 host failing to mount Wiresshark pcapng trascript ====================================================== Thu Jul 27 09:26:48 PM PDT 2023 ====================================================== Version of software ================================================================== Server: swupd info Distribution: Clear Linux OS Installed version: 39670 Version URL: https://cdn.download.clearlinux.org/update Content URL: https://cdn.download.clearlinux.org/update samba --version Version 4.18.1 krb5-config --all Version: Kerberos 5 release 1.21.1 Vendor: Massachusetts Institute of Technology Prefix: /usr Exec_prefix: /usr uname -a Linux clr-linux-srv 6.4.4-1337.native #1 SMP Wed Jul 19 10:29:52 PDT 2023 x86_64 GNU/Linux ================================================================== Windows 10 host KB5028816 re-installed Edition Windows 10 Pro Version 22H2 Installed on 8/11/?2022 OS build 19045.3208 Experience Windows Feature Experience Pack 1000.19041.1000.0 wmic qfe list brief /format:table Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB5028849 NT AUTHORITY\SYSTEM 7/18/2023 Update KB5028853 NT AUTHORITY\SYSTEM 7/18/2023 Update KB5003791 10/6/2021 Update KB5011048 NT AUTHORITY\SYSTEM 7/18/2023 Security Update KB5012170 NT AUTHORITY\SYSTEM 8/12/2022 Update KB5015684 NT AUTHORITY\SYSTEM 7/17/2023 Security Update KB5028166 NT AUTHORITY\SYSTEM 7/28/2023 **** Update KB5015895 NT AUTHORITY\SYSTEM 8/11/2022 Update KB5016705 NT AUTHORITY\SYSTEM 9/13/2022 Update KB5026879 NT AUTHORITY\SYSTEM 7/17/2023 Update KB5028318 NT AUTHORITY\SYSTEM 7/17/2023 Security Update KB5005699 10/6/2021 ================================================================== Windoww 11 host All latest update installed Edition Windows 11 Pro Version 22H2 Installed on 7/26/2023 OS build 22621.2070 Experience Windows Feature Experience Pack 1000.22659.1000.0 wmic qfe list brief /format:table Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB5028851 NT AUTHORITY\SYSTEM 7/27/2023 Update KB5029517 NT AUTHORITY\SYSTEM 7/26/2023 Update KB5028254 NT AUTHORITY\SYSTEM 7/27/2023 Update KB5025351 5/5/2023 Update KB5028756 NT AUTHORITY\SYSTEM 7/27/2023
Comment on attachment 18012 [details] pcapng trascript shows successful Linux mount of Windows 10/11 shares ====================================================== Fri Jul 28 08:53:53 AM PDT 2023 ====================================================== Version of software ================================================================== Server: swupd info Distribution: Clear Linux OS Installed version: 39690 Version URL: https://cdn.download.clearlinux.org/update Content URL: https://cdn.download.clearlinux.org/update samba --version Version 4.18.5 krb5-config --all Version: Kerberos 5 release 1.21.1 Vendor: Massachusetts Institute of Technology Prefix: /usr Exec_prefix: /usr uname -a Linux clr-linux-srv 6.4.5-1338.native #1 SMP Sun Jul 23 06:26:44 PDT 2023 x86_64 GNU/Linux Other server setup information When looking a Wireshark pcapng files the ip addresses are win10-testhost.tst-domain.net 10.0.0.49 win10-testhost.tst-domain.net 10.0.0.29 clr-linux-srv.tst-domain.net 10.0.0.1 Samba is setup as server role = active directory domain controller Internal DNS is enabled ================================================================== Windows 10 host KB5028816 re-installed Edition Windows 10 Pro Version 22H2 Installed on 8/11/2022 OS build 19045.3208 Experience Windows Feature Experience Pack 1000.19041.1000.0 wmic qfe list brief /format:table Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB5028849 NT AUTHORITY\SYSTEM 7/18/2023 Update KB5028853 NT AUTHORITY\SYSTEM 7/18/2023 Update KB5003791 10/6/2021 Update KB5011048 NT AUTHORITY\SYSTEM 7/18/2023 Security Update KB5012170 NT AUTHORITY\SYSTEM 8/12/2022 Update KB5015684 NT AUTHORITY\SYSTEM 7/17/2023 Security Update KB5028166 NT AUTHORITY\SYSTEM 7/28/2023 Update KB5015895 NT AUTHORITY\SYSTEM 8/11/2022 Update KB5016705 NT AUTHORITY\SYSTEM 9/13/2022 Update KB5026879 NT AUTHORITY\SYSTEM 7/17/2023 Update KB5028318 NT AUTHORITY\SYSTEM 7/17/2023 Security Update KB5005699 10/6/2021 ================================================================== Windoww 11 host All latest update installed Edition Windows 11 Pro Version 22H2 Installed on 7/26/2023 OS build 22621.2070 Experience Windows Feature Experience Pack 1000.22659.1000.0 wmic qfe list brief /format:table Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status Update KB5028851 NT AUTHORITY\SYSTEM 7/27/2023 Update KB5029517 NT AUTHORITY\SYSTEM 7/26/2023 Update KB5028254 NT AUTHORITY\SYSTEM 7/27/2023 Update KB5025351 5/5/2023 Update KB5028756 NT AUTHORITY\SYSTEM 7/27/2023 ================================================================================== Other window operational notes with samba when not running samba version 4.18.5 or above: In addition to Remote Desktop (RDP) authentication between Windows Hosts failing and Linux servers not being able to mount Windows shares, running utilities compmgmt.msc will indicate problems. When compmgmt.msc is run (As Domain Administrator on member Windows client) will not show a SID number instead of the qualified name such as TST-DOMAIN\Domain User for example. If you are seeing SID numbers, that means there is some kind of Domain TRUST issue at play, Remote Desktop between Windows host will start to fail, and mounting of Windows shares from Linux will not work and possibly other issues.