Hi everyone. first and foremost thanks for the Nethserver project! I have used it to successfully migrate a friend off of exchange to an open-source solution that has most of the same functionality they needed (and in some cases, more ;))
So here’s my problem. I migrated from Nethserver 6 to 7 (to new hardware so it was a messy migration but it’s complete at this point). The backup on the old server worked flawlessly backing up to a windows server (using a local credential and complex password) credential was in the format of USERNAME: .\backupuser and PASSWORD: blah%blah&blah% (there are 2 percentage signs and a single $ sign)
This worked before. On the new Nethserver I enter the same credentials and I get a mount failure (invalid permissions (13). I then mounted the volume manually on the nethserver by escaping the characters (blah%blah$blah%) and the mount succeeded. I entered that in as the new password in the password field but it still doesn’t mount successfully ( same error).
Does anyone have any recommendations? or thoughts?
Okay. So I tested the backup with an account that had a simple password (Password123-).
Failed again with a mount permission error(13).
Checked the eventlogs on the windows box (witch is on a separate domain across a wan link) and it shows the user account failed to login but it seems that the .\ didn’t force the account to use the local db instead of the domain auth.
So maybe it’s not the password being the problem but how the account is presented? Again, I tested manually mounting it using mount -t cifs \server\share /mount/mountpath/ -o username=demouser,password=Password123-,domain=.\ and that worked.
I tried to backup to a Windows Server 2016 DC now and it worked just without “.”. You may also try if it works with local hostname like WINDOWSSERVER\backupuser.
Firstly, mrmarkuz, having the account on the DC kinda negates what I’m trying to achieve here. The server I’m backing up to is in a seperate domain but the account is local to that server.
I have tried with just the username, servername\username and .\username. none seem to work.
Manually mounting does work, And the old server’s backup (NS6) still works too.
What changed in the backup script that could cause this?
For now I’m going to add an account into my other domain and see if that works, although that will only be a temporary solution as i don’t use like having cross domain accounts.
I tested it now with Windows Server 2016 joined to another domain and you are right. It worked with local domain, it worked with no AD at all but it didn’t work as member.
Thanks to @nrauso, sec=ntlm did the trick in my tests.
So this worked for me:
mount -t cifs //192.168.1.121/backup /mnt/backup/ -o sec=ntlm,username=Administrator,password=SeCrEt1$%
Workaround till we have a better solution:
Edit /etc/e-smith/events/actions/mount-cifs and add “sec=ntlm” at line 66 to change it from
As I’ve read this is a kind of compatibility mode for older devices as ntlmssp is the new default. The question is: Why does Windows Server needs NTLM when joined another domain but I think that’s another MS feature
The difference between NS6 and NS7 in this case is just a change in samba default behaviour so it’s not directly NS related.
thanks for the help! It’s been awesome. I’m going to make the changes to the template file as detailed.
The other thing I might add is that this domain is a vanilla domain so it’s pretty default. Might explain why it’s still accepting NTLM. I might try as a future test to modify the NTLM acceptance policy on all the systems to drop ntlm instead of allowing it.