| config CIFS |
| tristate "CIFS support (advanced network filesystem, SMBFS successor)" |
| depends on INET |
| select NLS |
| select CRYPTO |
| select CRYPTO_MD4 |
| select CRYPTO_MD5 |
| select CRYPTO_HMAC |
| select CRYPTO_ARC4 |
| select CRYPTO_ECB |
| select CRYPTO_DES |
| help |
| This is the client VFS module for the Common Internet File System |
| (CIFS) protocol which is the successor to the Server Message Block |
| (SMB) protocol, the native file sharing mechanism for most early |
| PC operating systems. The CIFS protocol is fully supported by |
| file servers such as Windows 2000 (including Windows 2003, Windows 2008, |
| NT 4 and Windows XP) as well by Samba (which provides excellent CIFS |
| server support for Linux and many other operating systems). Limited |
| support for OS/2 and Windows ME and similar servers is provided as |
| well. |
| |
| The module also provides optional support for the followon |
| protocols for CIFS including SMB3, which enables |
| useful performance and security features (see the description |
| of CONFIG_CIFS_SMB2). |
| |
| The cifs module provides an advanced network file system |
| client for mounting to CIFS compliant servers. It includes |
| support for DFS (hierarchical name space), secure per-user |
| session establishment via Kerberos or NTLM or NTLMv2, |
| safe distributed caching (oplock), optional packet |
| signing, Unicode and other internationalization improvements. |
| If you need to mount to Samba or Windows from this machine, say Y. |
| |
| config CIFS_STATS |
| bool "CIFS statistics" |
| depends on CIFS |
| help |
| Enabling this option will cause statistics for each server share |
| mounted by the cifs client to be displayed in /proc/fs/cifs/Stats |
| |
| config CIFS_STATS2 |
| bool "Extended statistics" |
| depends on CIFS_STATS |
| help |
| Enabling this option will allow more detailed statistics on SMB |
| request timing to be displayed in /proc/fs/cifs/DebugData and also |
| allow optional logging of slow responses to dmesg (depending on the |
| value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). |
| These additional statistics may have a minor effect on performance |
| and memory utilization. |
| |
| Unless you are a developer or are doing network performance analysis |
| or tuning, say N. |
| |
| config CIFS_WEAK_PW_HASH |
| bool "Support legacy servers which use weaker LANMAN security" |
| depends on CIFS |
| help |
| Modern CIFS servers including Samba and most Windows versions |
| (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) |
| security mechanisms. These hash the password more securely |
| than the mechanisms used in the older LANMAN version of the |
| SMB protocol but LANMAN based authentication is needed to |
| establish sessions with some old SMB servers. |
| |
| Enabling this option allows the cifs module to mount to older |
| LANMAN based servers such as OS/2 and Windows 95, but such |
| mounts may be less secure than mounts using NTLM or more recent |
| security mechanisms if you are on a public network. Unless you |
| have a need to access old SMB servers (and are on a private |
| network) you probably want to say N. Even if this support |
| is enabled in the kernel build, LANMAN authentication will not be |
| used automatically. At runtime LANMAN mounts are disabled but |
| can be set to required (or optional) either in |
| /proc/fs/cifs (see fs/cifs/README for more detail) or via an |
| option on the mount command. This support is disabled by |
| default in order to reduce the possibility of a downgrade |
| attack. |
| |
| If unsure, say N. |
| |
| config CIFS_UPCALL |
| bool "Kerberos/SPNEGO advanced session setup" |
| depends on CIFS && KEYS |
| select DNS_RESOLVER |
| help |
| Enables an upcall mechanism for CIFS which accesses userspace helper |
| utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets |
| which are needed to mount to certain secure servers (for which more |
| secure Kerberos authentication is required). If unsure, say N. |
| |
| config CIFS_XATTR |
| bool "CIFS extended attributes" |
| depends on CIFS |
| help |
| Extended attributes are name:value pairs associated with inodes by |
| the kernel or by users (see the attr(5) manual page, or visit |
| <http://acl.bestbits.at/> for details). CIFS maps the name of |
| extended attributes beginning with the user namespace prefix |
| to SMB/CIFS EAs. EAs are stored on Windows servers without the |
| user namespace prefix, but their names are seen by Linux cifs clients |
| prefaced by the user namespace prefix. The system namespace |
| (used by some filesystems to store ACLs) is not supported at |
| this time. |
| |
| If unsure, say N. |
| |
| config CIFS_POSIX |
| bool "CIFS POSIX Extensions" |
| depends on CIFS_XATTR |
| help |
| Enabling this option will cause the cifs client to attempt to |
| negotiate a newer dialect with servers, such as Samba 3.0.5 |
| or later, that optionally can handle more POSIX like (rather |
| than Windows like) file behavior. It also enables |
| support for POSIX ACLs (getfacl and setfacl) to servers |
| (such as Samba 3.10 and later) which can negotiate |
| CIFS POSIX ACL support. If unsure, say N. |
| |
| config CIFS_ACL |
| bool "Provide CIFS ACL support" |
| depends on CIFS_XATTR && KEYS |
| help |
| Allows fetching CIFS/NTFS ACL from the server. The DACL blob |
| is handed over to the application/caller. See the man |
| page for getcifsacl for more information. |
| |
| config CIFS_DEBUG |
| bool "Enable CIFS debugging routines" |
| default y |
| depends on CIFS |
| help |
| Enabling this option adds helpful debugging messages to |
| the cifs code which increases the size of the cifs module. |
| If unsure, say Y. |
| config CIFS_DEBUG2 |
| bool "Enable additional CIFS debugging routines" |
| depends on CIFS_DEBUG |
| help |
| Enabling this option adds a few more debugging routines |
| to the cifs code which slightly increases the size of |
| the cifs module and can cause additional logging of debug |
| messages in some error paths, slowing performance. This |
| option can be turned off unless you are debugging |
| cifs problems. If unsure, say N. |
| |
| config CIFS_DEBUG_DUMP_KEYS |
| bool "Dump encryption keys for offline decryption (Unsafe)" |
| depends on CIFS_DEBUG && CIFS_SMB2 |
| help |
| Enabling this will dump the encryption and decryption keys |
| used to communicate on an encrypted share connection on the |
| console. This allows Wireshark to decrypt and dissect |
| encrypted network captures. Enable this carefully. |
| |
| config CIFS_DFS_UPCALL |
| bool "DFS feature support" |
| depends on CIFS && KEYS |
| select DNS_RESOLVER |
| help |
| Distributed File System (DFS) support is used to access shares |
| transparently in an enterprise name space, even if the share |
| moves to a different server. This feature also enables |
| an upcall mechanism for CIFS which contacts userspace helper |
| utilities to provide server name resolution (host names to |
| IP addresses) which is needed for implicit mounts of DFS junction |
| points. If unsure, say N. |
| |
| config CIFS_NFSD_EXPORT |
| bool "Allow nfsd to export CIFS file system" |
| depends on CIFS && BROKEN |
| help |
| Allows NFS server to export a CIFS mounted share (nfsd over cifs) |
| |
| config CIFS_SMB2 |
| bool "SMB2 and SMB3 network file system support" |
| depends on CIFS |
| select KEYS |
| select FSCACHE |
| select DNS_RESOLVER |
| select CRYPTO_AES |
| select CRYPTO_SHA256 |
| select CRYPTO_CMAC |
| select CRYPTO_AEAD2 |
| select CRYPTO_CCM |
| |
| help |
| This enables support for the Server Message Block version 2 |
| family of protocols, including SMB3. SMB3 support is |
| enabled on mount by specifying "vers=3.0" in the mount |
| options. These protocols are the successors to the popular |
| CIFS and SMB network file sharing protocols. SMB3 is the |
| native file sharing mechanism for the more recent |
| versions of Windows (Windows 8 and Windows 2012 and |
| later) and Samba server and many others support SMB3 well. |
| In general SMB3 enables better performance, security |
| and features, than would be possible with CIFS (Note that |
| when mounting to Samba, due to the CIFS POSIX extensions, |
| CIFS mounts can provide slightly better POSIX compatibility |
| than SMB3 mounts do though). Note that SMB2/SMB3 mount |
| options are also slightly simpler (compared to CIFS) due |
| to protocol improvements. |
| |
| config CIFS_SMB311 |
| bool "SMB3.1.1 network file system support (Experimental)" |
| depends on CIFS_SMB2 |
| |
| help |
| This enables experimental support for the newest, SMB3.1.1, dialect. |
| This dialect includes improved security negotiation features. |
| If unsure, say N |
| |
| config CIFS_FSCACHE |
| bool "Provide CIFS client caching support" |
| depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y |
| help |
| Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data |
| to be cached locally on disk through the general filesystem cache |
| manager. If unsure, say N. |
| |