How to Create an ISO Storage Repository by Using a CIFS Share with NTLMv2 Authentication Enabled

book

Article ID: CTX123536

calendar_today

Updated On:

Description

This article describes how to create an ISO Storage Repository by using a CIFS share with NTLMv2 authentication enabled.
When Group Policy Object (GPO) of the Windows domain enforces NTLMv2 authentication, you are unable to create the ISO Storage Repository by using XenCenter.
The following procedure explains how to create a Storage Repository by using the Command Line Interface (CLI) of XenServer.

Requirements

Basic knowledge of Linux
Administrator (root) access to XenServer host using the Command Line Interface (CLI)
Windows domain name, username and password to access Windows share to be mapped
Server name or IP address of the server and Share folder name (such as //server/share)

Instructions

To create an ISO Storage Repository, complete the following procedure:

Log on to any XenServer host in the pool as a root user.
Run the following command to create the Storage Repository by using the following command:
# xe-mount-iso-sr //server/share -o username=arg,password=arg,domain=arg,sec=ntlmv2

If using XenServer 7 or above append cache=none to the command:

# xe-mount-iso-sr //server/share -o username=arg,password=arg,domain=arg,sec=ntlmv2,cache=none
Note: Alternative sec options are listed in the Troubleshooting section.
It is sufficient to proceed with the preceding operation on one host. The Storage Repository should now be created for the whole pool or for a single host, if there is only a single host used without the pool.
Use XenCenter to verify that the new Storage Repository has been added successfully.

Troubleshooting

If the ISO Storage Repository is not created after following the preceding procedure, run the following command to check the last kernel messages:

# dmesg

The detailed reason for failing logged by Linux SMB client is displayed.

If the CIFS share is located on Windows Server 2008 or on Windows Vista and the following error is displayed in the dmesg output, refer to the Microsoft Knowledge base article, Client connections return a "STATUS_INVALID_PARAM" error code when you use a "Send NTLMv2 response only" authentication level in Windows Server 2008 or in Windows Vista”:

CIFS VFS: Unexpected SMB signature
Status code returned 0xc000000d NT_STATUS_INVALID_PARAMETER
CIFS VFS: Send error in SessSetup = -22
CIFS VFS: cifs_mount failed w/return code = -22

Note: Depending on the Security Mode used, you might need to use different “sec” options, which includes:

none - attempt to connection as a null user (no name)
krb5 - Use Kerberos version 5 authentication
krb5i - Use Kerberos authentication and packet signing
ntlm - Use NTLM password hashing
ntlmi Use NTLM password hashing with signing
ntlmv2 Use NTLMv2 password hashing
ntlmv2i Use NTLMv2 password hashing with packet signing
ntlmssp - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message
ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing

Issue/Introduction

This article describes how to create an ISO Storage Repository by using a CIFS share with NTLMv2 authentication enabled.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"