2 tristate "SMB3 and CIFS support (advanced network filesystem)"
18 This is the client VFS module for the SMB3 family of NAS protocols,
19 as well as for earlier dialects such as SMB2.1, SMB2 and the
20 Common Internet File System (CIFS) protocol. CIFS was the successor
21 to the original dialect, the Server Message Block (SMB) protocol, the
22 native file sharing mechanism for most early PC operating systems.
24 The SMB3 protocol is supported by most modern operating systems and
25 NAS appliances (e.g. Samba, Windows 8, Windows 2012, MacOS).
26 The older CIFS protocol was included in Windows NT4, 2000 and XP (and
27 later) as well by Samba (which provides excellent CIFS and SMB3
28 server support for Linux and many other operating systems). Limited
29 support for OS/2 and Windows ME and similar very old servers is
32 The cifs module provides an advanced network file system client
33 for mounting to SMB3 (and CIFS) compliant servers. It includes
34 support for DFS (hierarchical name space), secure per-user
35 session establishment via Kerberos or NTLM or NTLMv2,
36 safe distributed caching (oplock), optional packet
37 signing, Unicode and other internationalization improvements.
39 In general, the default dialects, SMB3 and later, enable better
40 performance, security and features, than would be possible with CIFS.
41 Note that when mounting to Samba, due to the CIFS POSIX extensions,
42 CIFS mounts can provide slightly better POSIX compatibility
43 than SMB3 mounts. SMB2/SMB3 mount options are also
44 slightly simpler (compared to CIFS) due to protocol improvements.
46 If you need to mount to Samba, Macs or Windows from this machine, say Y.
49 bool "CIFS statistics"
52 Enabling this option will cause statistics for each server share
53 mounted by the cifs client to be displayed in /proc/fs/cifs/Stats
56 bool "Extended statistics"
59 Enabling this option will allow more detailed statistics on SMB
60 request timing to be displayed in /proc/fs/cifs/DebugData and also
61 allow optional logging of slow responses to dmesg (depending on the
62 value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details).
63 These additional statistics may have a minor effect on performance
64 and memory utilization.
66 Unless you are a developer or are doing network performance analysis
69 config CIFS_ALLOW_INSECURE_LEGACY
70 bool "Support legacy servers which use less secure dialects"
74 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
75 additional security features, including protection against
76 man-in-the-middle attacks and stronger crypto hashes, so the use
77 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
79 Disabling this option prevents users from using vers=1.0 or vers=2.0
80 on mounts with cifs.ko
84 config CIFS_WEAK_PW_HASH
85 bool "Support legacy servers which use weaker LANMAN security"
86 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY
88 Modern CIFS servers including Samba and most Windows versions
89 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
90 security mechanisms. These hash the password more securely
91 than the mechanisms used in the older LANMAN version of the
92 SMB protocol but LANMAN based authentication is needed to
93 establish sessions with some old SMB servers.
95 Enabling this option allows the cifs module to mount to older
96 LANMAN based servers such as OS/2 and Windows 95, but such
97 mounts may be less secure than mounts using NTLM or more recent
98 security mechanisms if you are on a public network. Unless you
99 have a need to access old SMB servers (and are on a private
100 network) you probably want to say N. Even if this support
101 is enabled in the kernel build, LANMAN authentication will not be
102 used automatically. At runtime LANMAN mounts are disabled but
103 can be set to required (or optional) either in
104 /proc/fs/cifs (see fs/cifs/README for more detail) or via an
105 option on the mount command. This support is disabled by
106 default in order to reduce the possibility of a downgrade
112 bool "Kerberos/SPNEGO advanced session setup"
113 depends on CIFS && KEYS
116 Enables an upcall mechanism for CIFS which accesses userspace helper
117 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
118 which are needed to mount to certain secure servers (for which more
119 secure Kerberos authentication is required). If unsure, say Y.
122 bool "CIFS extended attributes"
125 Extended attributes are name:value pairs associated with inodes by
126 the kernel or by users (see the attr(5) manual page, or visit
127 <http://acl.bestbits.at/> for details). CIFS maps the name of
128 extended attributes beginning with the user namespace prefix
129 to SMB/CIFS EAs. EAs are stored on Windows servers without the
130 user namespace prefix, but their names are seen by Linux cifs clients
131 prefaced by the user namespace prefix. The system namespace
132 (used by some filesystems to store ACLs) is not supported at
138 bool "CIFS POSIX Extensions"
139 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
141 Enabling this option will cause the cifs client to attempt to
142 negotiate a newer dialect with servers, such as Samba 3.0.5
143 or later, that optionally can handle more POSIX like (rather
144 than Windows like) file behavior. It also enables
145 support for POSIX ACLs (getfacl and setfacl) to servers
146 (such as Samba 3.10 and later) which can negotiate
147 CIFS POSIX ACL support. If unsure, say N.
150 bool "Provide CIFS ACL support"
151 depends on CIFS_XATTR && KEYS
153 Allows fetching CIFS/NTFS ACL from the server. The DACL blob
154 is handed over to the application/caller. See the man
155 page for getcifsacl for more information. If unsure, say Y.
158 bool "Enable CIFS debugging routines"
162 Enabling this option adds helpful debugging messages to
163 the cifs code which increases the size of the cifs module.
166 bool "Enable additional CIFS debugging routines"
167 depends on CIFS_DEBUG
169 Enabling this option adds a few more debugging routines
170 to the cifs code which slightly increases the size of
171 the cifs module and can cause additional logging of debug
172 messages in some error paths, slowing performance. This
173 option can be turned off unless you are debugging
174 cifs problems. If unsure, say N.
176 config CIFS_DEBUG_DUMP_KEYS
177 bool "Dump encryption keys for offline decryption (Unsafe)"
178 depends on CIFS_DEBUG
180 Enabling this will dump the encryption and decryption keys
181 used to communicate on an encrypted share connection on the
182 console. This allows Wireshark to decrypt and dissect
183 encrypted network captures. Enable this carefully.
186 config CIFS_DFS_UPCALL
187 bool "DFS feature support"
188 depends on CIFS && KEYS
191 Distributed File System (DFS) support is used to access shares
192 transparently in an enterprise name space, even if the share
193 moves to a different server. This feature also enables
194 an upcall mechanism for CIFS which contacts userspace helper
195 utilities to provide server name resolution (host names to
196 IP addresses) which is needed for implicit mounts of DFS junction
197 points. If unsure, say Y.
199 config CIFS_NFSD_EXPORT
200 bool "Allow nfsd to export CIFS file system"
201 depends on CIFS && BROKEN
203 Allows NFS server to export a CIFS mounted share (nfsd over cifs)
206 bool "SMB3.1.1 network file system support (Experimental)"
211 This enables experimental support for the newest, SMB3.1.1, dialect.
212 This dialect includes improved security negotiation features.
216 bool "Provide CIFS client caching support"
217 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
219 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
220 to be cached locally on disk through the general filesystem cache
221 manager. If unsure, say N.