0

The description of the environment might sound complicated at first, but it is a typical small office setup -- Windows Domain, Windows and Linux workstations, a few NAS.

I have two machines that are the subject of my problem. One was recently installed with Fedora 36 Workstation and the other with Fedora 36 Server. "Installed" is not "upgraded"; I completely erased the disks and installed Fedora 36 from scratch. Each is running selinux "Enforcing" and each has firewalld running. During diagnosis of my problem machine, I disabled both SELinux and firewalld with no change, so I conclude that this is neither SELinux prohibition, not firewalld restriction.

I also have several NAS -- Two Buffalo and one ASUStore. The Buffalo are old and the ASUStore is relatively new.

I also have a Windows Server 2012R2 which is serving Microsoft DFS.

The Fedora 36 Workstation:

  • Able to mount the Buffalo NAS "-o vers=1.0" with the Domain Administrator's credentials
  • Able to mount the ASUStore NAS with the Domain Administrator's credentials.
  • Able to mount a Windows Server 2012R2 DFS Share with the Domain Administrator's credentials

The Fedora 36 Server:

  • Able to mount the Buffalo NAS "-o vers=1.0" with the Domain Administrator's credentials
  • Able to mount the ASUStore NAS with the Domain Administrator's credentials.
  • NOT Able to mount a Windows Server 2012R2 DFS Share with the Domain Administrator's credentials

Each Fedora 36 machine has an identical /etc/fstab entry for the DFS Share:

//TCLC.org/TCLC     /net/tclc   cifs auto,user,exec,domain=TCLC.org,username=sa,password=abc123,gid=root,uid=root,fscontext="unconfined_u:object_r:mnt_t:s0",vers=1.0   0 0

/var/log/messages reports:

2022-06-14T08:43:58.637206-07:00 Tryx kernel: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
2022-06-14T08:43:58.661711-07:00 Tryx kernel: CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers
2022-06-14T08:43:58.661796-07:00 Tryx kernel: CIFS: Attempting to mount \\TCLC.org\TCLC
2022-06-14T08:44:09.833223-07:00 Tryx kernel: CIFS: VFS: Error connecting to socket. Aborting operation.
2022-06-14T08:44:09.877209-07:00 Tryx kernel: CIFS: VFS: cifs_mount failed w/return code = -115

In short, I cannot detect one iota of configuration difference between the two, which explains this behavioral difference. Why does "Workstation" mount and "Server" fail? (What is the socket in question?)

Thanks for the help,

Chris.

Chris
  • 11
  • 3
  • Looks like a networking problem. Can you resolve the Windows server's host name from both machine? Are you able to ping it? And, last but not least: can you actually connect to TCP port 445 on the Windows server from both machines? – Massimo Jun 14 '22 at 16:34
  • > ... Are you able to ping it? Yes. nslookup reports are identical from each machine, and ping works on each. > And, ...: can you ... connect to TCP port 445 ... from both machines? The two Fedora 36 machines are literally physically sitting next to each other on the same rack and logically sitting next to each other on the same subnet, and I have tested these assertions, so I suspect that there is no problem with this, but it is a good idea to test it anyway. I am not sure how to test connectivity to port 445. Can you advise? Thanks for the help. – Chris Jun 14 '22 at 17:16
  • `nc`, or just plain old `telnet`. See here: https://superuser.com/questions/621870/test-if-a-port-on-a-remote-system-is-reachable-without-telnet – Massimo Jun 14 '22 at 23:43
  • Also check Windows Firewall settings on the Windows Server system. Maybe it accepts connections from one machine but not from the other one. – Massimo Jun 14 '22 at 23:43
  • Hi @Massimo, I used "nmap -P 445 -A 10.1.1.11" from each machine and got identical reports. I did not report that I dropped Windows Firewall as well as firewalld and selinux, but I did. I highlight the fact that "WorkStation" works with all security provisions in place and "Server" does not. I don't think I am suffering self-inflicted security prohibitions. I think there is an obscure, fundamental difference between them, and there is no reason that I can imagine to justify any such difference. They are presumably the same code! – Chris Jun 15 '22 at 14:01

1 Answers1

1

The problem turned out to be DNS search domains. For whatever reason, Windows did not return a FQDN, and my search sequence, which was unintentionally different between the two machines, appended the wrong suffix in the case of SERVER.

Chris
  • 11
  • 3