207 lines
8.1 KiB
Plaintext
207 lines
8.1 KiB
Plaintext
|
config CIFS
|
||
|
tristate "SMB3 and CIFS support (advanced network filesystem)"
|
||
|
depends on INET
|
||
|
select NLS
|
||
|
select CRYPTO
|
||
|
select CRYPTO_MD4
|
||
|
select CRYPTO_MD5
|
||
|
select CRYPTO_SHA256
|
||
|
select CRYPTO_CMAC
|
||
|
select CRYPTO_HMAC
|
||
|
select CRYPTO_ARC4
|
||
|
select CRYPTO_AEAD2
|
||
|
select CRYPTO_CCM
|
||
|
select CRYPTO_ECB
|
||
|
select CRYPTO_AES
|
||
|
select CRYPTO_DES
|
||
|
help
|
||
|
This is the client VFS module for the SMB3 family of NAS protocols,
|
||
|
as well as for earlier dialects such as SMB2.1, SMB2 and the
|
||
|
Common Internet File System (CIFS) protocol. CIFS was the successor
|
||
|
to the original dialect, the Server Message Block (SMB) protocol, the
|
||
|
native file sharing mechanism for most early PC operating systems.
|
||
|
|
||
|
The SMB3 protocol is supported by most modern operating systems and
|
||
|
NAS appliances (e.g. Samba, Windows 8, Windows 2012, MacOS).
|
||
|
The older CIFS protocol was included in Windows NT4, 2000 and XP (and
|
||
|
later) as well by Samba (which provides excellent CIFS and SMB3
|
||
|
server support for Linux and many other operating systems). Limited
|
||
|
support for OS/2 and Windows ME and similar very old servers is
|
||
|
provided as well.
|
||
|
|
||
|
The cifs module provides an advanced network file system client
|
||
|
for mounting to SMB3 (and CIFS) compliant servers. It includes
|
||
|
support for DFS (hierarchical name space), secure per-user
|
||
|
session establishment via Kerberos or NTLM or NTLMv2,
|
||
|
safe distributed caching (oplock), optional packet
|
||
|
signing, Unicode and other internationalization improvements.
|
||
|
|
||
|
In general, the default dialects, SMB3 and later, enable better
|
||
|
performance, security and features, than would be possible with CIFS.
|
||
|
Note that when mounting to Samba, due to the CIFS POSIX extensions,
|
||
|
CIFS mounts can provide slightly better POSIX compatibility
|
||
|
than SMB3 mounts. SMB2/SMB3 mount options are also
|
||
|
slightly simpler (compared to CIFS) due to protocol improvements.
|
||
|
|
||
|
If you need to mount to Samba, Macs or Windows from this machine, say Y.
|
||
|
|
||
|
config CIFS_STATS
|
||
|
bool "CIFS statistics"
|
||
|
depends on CIFS
|
||
|
help
|
||
|
Enabling this option will cause statistics for each server share
|
||
|
mounted by the cifs client to be displayed in /proc/fs/cifs/Stats
|
||
|
|
||
|
config CIFS_STATS2
|
||
|
bool "Extended statistics"
|
||
|
depends on CIFS_STATS
|
||
|
help
|
||
|
Enabling this option will allow more detailed statistics on SMB
|
||
|
request timing to be displayed in /proc/fs/cifs/DebugData and also
|
||
|
allow optional logging of slow responses to dmesg (depending on the
|
||
|
value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details).
|
||
|
These additional statistics may have a minor effect on performance
|
||
|
and memory utilization.
|
||
|
|
||
|
Unless you are a developer or are doing network performance analysis
|
||
|
or tuning, say N.
|
||
|
|
||
|
config CIFS_WEAK_PW_HASH
|
||
|
bool "Support legacy servers which use weaker LANMAN security"
|
||
|
depends on CIFS
|
||
|
help
|
||
|
Modern CIFS servers including Samba and most Windows versions
|
||
|
(since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
|
||
|
security mechanisms. These hash the password more securely
|
||
|
than the mechanisms used in the older LANMAN version of the
|
||
|
SMB protocol but LANMAN based authentication is needed to
|
||
|
establish sessions with some old SMB servers.
|
||
|
|
||
|
Enabling this option allows the cifs module to mount to older
|
||
|
LANMAN based servers such as OS/2 and Windows 95, but such
|
||
|
mounts may be less secure than mounts using NTLM or more recent
|
||
|
security mechanisms if you are on a public network. Unless you
|
||
|
have a need to access old SMB servers (and are on a private
|
||
|
network) you probably want to say N. Even if this support
|
||
|
is enabled in the kernel build, LANMAN authentication will not be
|
||
|
used automatically. At runtime LANMAN mounts are disabled but
|
||
|
can be set to required (or optional) either in
|
||
|
/proc/fs/cifs (see fs/cifs/README for more detail) or via an
|
||
|
option on the mount command. This support is disabled by
|
||
|
default in order to reduce the possibility of a downgrade
|
||
|
attack.
|
||
|
|
||
|
If unsure, say N.
|
||
|
|
||
|
config CIFS_UPCALL
|
||
|
bool "Kerberos/SPNEGO advanced session setup"
|
||
|
depends on CIFS && KEYS
|
||
|
select DNS_RESOLVER
|
||
|
help
|
||
|
Enables an upcall mechanism for CIFS which accesses userspace helper
|
||
|
utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
|
||
|
which are needed to mount to certain secure servers (for which more
|
||
|
secure Kerberos authentication is required). If unsure, say Y.
|
||
|
|
||
|
config CIFS_XATTR
|
||
|
bool "CIFS extended attributes"
|
||
|
depends on CIFS
|
||
|
help
|
||
|
Extended attributes are name:value pairs associated with inodes by
|
||
|
the kernel or by users (see the attr(5) manual page, or visit
|
||
|
<http://acl.bestbits.at/> for details). CIFS maps the name of
|
||
|
extended attributes beginning with the user namespace prefix
|
||
|
to SMB/CIFS EAs. EAs are stored on Windows servers without the
|
||
|
user namespace prefix, but their names are seen by Linux cifs clients
|
||
|
prefaced by the user namespace prefix. The system namespace
|
||
|
(used by some filesystems to store ACLs) is not supported at
|
||
|
this time.
|
||
|
|
||
|
If unsure, say Y.
|
||
|
|
||
|
config CIFS_POSIX
|
||
|
bool "CIFS POSIX Extensions"
|
||
|
depends on CIFS_XATTR
|
||
|
help
|
||
|
Enabling this option will cause the cifs client to attempt to
|
||
|
negotiate a newer dialect with servers, such as Samba 3.0.5
|
||
|
or later, that optionally can handle more POSIX like (rather
|
||
|
than Windows like) file behavior. It also enables
|
||
|
support for POSIX ACLs (getfacl and setfacl) to servers
|
||
|
(such as Samba 3.10 and later) which can negotiate
|
||
|
CIFS POSIX ACL support. If unsure, say N.
|
||
|
|
||
|
config CIFS_ACL
|
||
|
bool "Provide CIFS ACL support"
|
||
|
depends on CIFS_XATTR && KEYS
|
||
|
help
|
||
|
Allows fetching CIFS/NTFS ACL from the server. The DACL blob
|
||
|
is handed over to the application/caller. See the man
|
||
|
page for getcifsacl for more information. If unsure, say Y.
|
||
|
|
||
|
config CIFS_DEBUG
|
||
|
bool "Enable CIFS debugging routines"
|
||
|
default y
|
||
|
depends on CIFS
|
||
|
help
|
||
|
Enabling this option adds helpful debugging messages to
|
||
|
the cifs code which increases the size of the cifs module.
|
||
|
If unsure, say Y.
|
||
|
config CIFS_DEBUG2
|
||
|
bool "Enable additional CIFS debugging routines"
|
||
|
depends on CIFS_DEBUG
|
||
|
help
|
||
|
Enabling this option adds a few more debugging routines
|
||
|
to the cifs code which slightly increases the size of
|
||
|
the cifs module and can cause additional logging of debug
|
||
|
messages in some error paths, slowing performance. This
|
||
|
option can be turned off unless you are debugging
|
||
|
cifs problems. If unsure, say N.
|
||
|
|
||
|
config CIFS_DEBUG_DUMP_KEYS
|
||
|
bool "Dump encryption keys for offline decryption (Unsafe)"
|
||
|
depends on CIFS_DEBUG
|
||
|
help
|
||
|
Enabling this will dump the encryption and decryption keys
|
||
|
used to communicate on an encrypted share connection on the
|
||
|
console. This allows Wireshark to decrypt and dissect
|
||
|
encrypted network captures. Enable this carefully.
|
||
|
If unsure, say N.
|
||
|
|
||
|
config CIFS_DFS_UPCALL
|
||
|
bool "DFS feature support"
|
||
|
depends on CIFS && KEYS
|
||
|
select DNS_RESOLVER
|
||
|
help
|
||
|
Distributed File System (DFS) support is used to access shares
|
||
|
transparently in an enterprise name space, even if the share
|
||
|
moves to a different server. This feature also enables
|
||
|
an upcall mechanism for CIFS which contacts userspace helper
|
||
|
utilities to provide server name resolution (host names to
|
||
|
IP addresses) which is needed for implicit mounts of DFS junction
|
||
|
points. If unsure, say Y.
|
||
|
|
||
|
config CIFS_NFSD_EXPORT
|
||
|
bool "Allow nfsd to export CIFS file system"
|
||
|
depends on CIFS && BROKEN
|
||
|
help
|
||
|
Allows NFS server to export a CIFS mounted share (nfsd over cifs)
|
||
|
|
||
|
config CIFS_SMB311
|
||
|
bool "SMB3.1.1 network file system support (Experimental)"
|
||
|
depends on CIFS
|
||
|
|
||
|
help
|
||
|
This enables experimental support for the newest, SMB3.1.1, dialect.
|
||
|
This dialect includes improved security negotiation features.
|
||
|
If unsure, say N
|
||
|
|
||
|
config CIFS_FSCACHE
|
||
|
bool "Provide CIFS client caching support"
|
||
|
depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
|
||
|
help
|
||
|
Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
|
||
|
to be cached locally on disk through the general filesystem cache
|
||
|
manager. If unsure, say N.
|
||
|
|