CIFS Use of the less secure dialect vers=1.0 is not recommended  [Solved]

Help for Current Versions of MX
When asking for help, use Quick System Info from MX Tools. It will be properly formatted using the following steps.
1. Click on Quick System Info in MX Tools
2. Right click in your post and paste.
Forum rules
Post Reply
Message
Author
bambuko
Posts: 329
Joined: Wed Feb 01, 2023 8:05 am

CIFS Use of the less secure dialect vers=1.0 is not recommended

#1 Post by bambuko »

Since I added a line in fstab

Code: Select all

//181.163.1.101/My_Files	/media/synologymount	cifs	username=****, password=****,iocharset=utf8,vers=1.0	0	0
to auto mount my NAS at boot, I get a warning every time I boot:

Code: Select all

CIFS: VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old server
Shutting down system...
Doesn't seem to be causing any problems, but I am curious - could/should I be doing something different/better?

I guess it is not really MX question?
but since it only appeared since I have moved to MX I hope someone can recommend the best way?

Code: Select all

System:    Kernel: 6.0.0-6mx-amd64 [6.0.12-1~mx21+1] x86_64 bits: 64 compiler: gcc v: 10.2.1 
           parameters: BOOT_IMAGE=/boot/vmlinuz-6.0.0-6mx-amd64 
           root=UUID=<filter> ro quiet splash 
           Desktop: KDE Plasma 5.20.5 wm: kwin_x11 vt: 7 dm: SDDM 
           Distro: MX-21.3_KDE_x64 Wildflower January 15  2023 
           base: Debian GNU/Linux 11 (bullseye) 
Machine:   Type: Desktop Mobo: Gigabyte model: Z97M-D3H v: x.x serial: <filter> 
           BIOS: American Megatrends v: F8 date: 09/18/2015 
CPU:       Info: Quad Core model: Intel Core i5-4690K bits: 64 type: MCP arch: Haswell family: 6 
           model-id: 3C (60) stepping: 3 microcode: 28 cache: L2: 6 MiB 
           flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx bogomips: 28001 
           Speed: 900 MHz min/max: 800/3900 MHz Core speeds (MHz): 1: 900 2: 900 3: 1282 4: 900 
           Vulnerabilities: Type: itlb_multihit status: KVM: VMX disabled 
           Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT disabled 
           Type: mds mitigation: Clear CPU buffers; SMT disabled 
           Type: meltdown mitigation: PTI 
           Type: mmio_stale_data status: Unknown: No mitigations 
           Type: retbleed status: Not affected 
           Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via prctl 
           Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer sanitization 
           Type: spectre_v2 mitigation: Retpolines, IBPB: conditional, IBRS_FW, STIBP: disabled, 
           RSB filling, PBRSB-eIBRS: Not affected 
           Type: srbds mitigation: Microcode 
           Type: tsx_async_abort status: Not affected 
Graphics:  Device-1: Intel Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics 
           vendor: Gigabyte driver: i915 v: kernel bus-ID: 00:02.0 chip-ID: 8086:0412 
           class-ID: 0300 
           Device-2: NVIDIA TU116 [GeForce GTX 1650 SUPER] driver: nouveau v: kernel 
           bus-ID: 01:00.0 chip-ID: 10de:2187 class-ID: 0300 
           Display: x11 server: X.Org 1.20.14 compositor: kwin_x11 driver: loaded: modesetting 
           unloaded: fbdev,vesa display-ID: :0 screens: 1 
           Screen-1: 0 s-res: 2560x1440 s-dpi: 96 s-size: 677x381mm (26.7x15.0") 
           s-diag: 777mm (30.6") 
           Monitor-1: DVI-D-1 res: 2560x1440 hz: 60 dpi: 109 size: 597x336mm (23.5x13.2") 
           diag: 685mm (27") 
           OpenGL: renderer: NV168 v: 4.3 Mesa 22.0.5 direct render: Yes 
Audio:     Device-1: Intel Xeon E3-1200 v3/4th Gen Core Processor HD Audio driver: snd_hda_intel 
           v: kernel bus-ID: 00:03.0 chip-ID: 8086:0c0c class-ID: 0403 
           Device-2: Intel 9 Series Family HD Audio vendor: Gigabyte driver: snd_hda_intel 
           v: kernel bus-ID: 00:1b.0 chip-ID: 8086:8ca0 class-ID: 0403 
           Device-3: NVIDIA TU116 High Definition Audio driver: snd_hda_intel v: kernel 
           bus-ID: 01:00.1 chip-ID: 10de:1aeb class-ID: 0403 
           Device-4: JMTek LLC. USB PnP Audio Device type: USB 
           driver: hid-generic,snd-usb-audio,usbhid bus-ID: 2-9:7 chip-ID: 0c76:161f 
           class-ID: 0300 
           Sound Server-1: ALSA v: k6.0.0-6mx-amd64 running: yes 
           Sound Server-2: PulseAudio v: 14.2 running: yes 
Network:   Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: Gigabyte 
           driver: r8169 v: kernel port: d000 bus-ID: 03:00.0 chip-ID: 10ec:8168 class-ID: 0200 
           IF: eth0 state: up speed: 1000 Mbps duplex: full mac: <filter> 
Drives:    Local Storage: total: 111.79 GiB used: 9.42 GiB (8.4%) 
           SMART Message: Unable to run smartctl. Root privileges required. 
           ID-1: /dev/sda maj-min: 8:0 vendor: Kingston model: SHFS37A120G size: 111.79 GiB 
           block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s type: SSD serial: <filter> 
           rev: BBF0 scheme: MBR 
Partition: ID-1: / raw-size: 106.16 GiB size: 103.93 GiB (97.90%) used: 9.42 GiB (9.1%) fs: ext4 
           dev: /dev/sda1 maj-min: 8:1 
Swap:      Kernel: swappiness: 15 (default 60) cache-pressure: 100 (default) 
           ID-1: swap-1 type: partition size: 5.62 GiB used: 0 KiB (0.0%) priority: -2 
           dev: /dev/sda2 maj-min: 8:2 
Sensors:   System Temperatures: cpu: 29.8 C mobo: 27.8 C gpu: nouveau temp: 28.0 C 
           Fan Speeds (RPM): N/A 
Repos:     Packages: note: see --pkg apt: 2306 lib: 1287 flatpak: 0 
           No active apt repos in: /etc/apt/sources.list 
           Active apt repos in: /etc/apt/sources.list.d/debian-stable-updates.list 
           1: deb http://deb.debian.org/debian bullseye-updates main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://deb.debian.org/debian bullseye main contrib non-free
           2: deb http://security.debian.org/debian-security bullseye-security main contrib non-free
           Active apt repos in: /etc/apt/sources.list.d/mx.list 
           1: deb https://ftp.nluug.nl/os/Linux/distr/mxlinux/mx/repo/ bullseye main non-free
           2: deb https://ftp.nluug.nl/os/Linux/distr/mxlinux/mx/repo/ bullseye ahs
Info:      Processes: 204 Uptime: 2h 19m wakeups: 1 Memory: 15.47 GiB used: 1.75 GiB (11.3%) 
           Init: SysVinit v: 2.96 runlevel: 5 default: 5 tool: systemctl Compilers: gcc: N/A 
           alt: 10 Client: shell wrapper v: 5.1.4-release inxi: 3.3.06 
Boot Mode: BIOS (legacy, CSM, MBR)
Last edited by bambuko on Sat Feb 04, 2023 11:08 am, edited 2 times in total.
Top
User avatar
timkb4cq
Developer
Posts: 3633
Joined: Wed Jul 12, 2006 4:05 pm

Re: CIFS Use of the less secure dialect vers=1.0 is not recommended  [Solved]

#2 Post by timkb4cq »

iocharset=utf8,vers=1.0
The current default in cifs mounting is for the cifs version to auto-negotiate with the server. I would remove the ,vers=1.0 from your fstab line. Unless your smb server is still running Windows XP it should support at least 2.0, and anything less than a decade old should support version 3.0
There are some severe vulnerabilities in cifs 1.0 that hackers have been exploiting for many years now so you don't really want to use it if you can help it.
HP Pavillion TP01, AMD Ryzen 3 5300G (quad core), Crucial 500GB SSD, Toshiba 6TB 7200rpm
Dell Inspiron 15, AMD Ryzen 7 2700u (quad core). Sabrent 500GB nvme, Seagate 1TB
Top
bambuko
Posts: 329
Joined: Wed Feb 01, 2023 8:05 am

Re: CIFS Use of the less secure dialect vers=1.0 is not recommended

#3 Post by bambuko »

@timkb4cq
Thank you for the explanation.
I have removed vers=1.0
and added:

Code: Select all

gid=1000,uid=1000,nounix,file_mode=0777,dir_mode=0777
(but that's another story - without it, all the linked files and folders were owned by the root rather than me)

All is working well :crossfingers:
Top
Post Reply

Return to “MX Help”