]>
Commit | Line | Data |
---|---|---|
1 | config CIFS | |
2 | tristate "CIFS support (advanced network filesystem, SMBFS successor)" | |
3 | depends on INET | |
4 | select NLS | |
5 | select CRYPTO | |
6 | select CRYPTO_MD4 | |
7 | select CRYPTO_MD5 | |
8 | select CRYPTO_HMAC | |
9 | select CRYPTO_ARC4 | |
10 | select CRYPTO_ECB | |
11 | select CRYPTO_DES | |
12 | help | |
13 | This is the client VFS module for the Common Internet File System | |
14 | (CIFS) protocol which is the successor to the Server Message Block | |
15 | (SMB) protocol, the native file sharing mechanism for most early | |
16 | PC operating systems. The CIFS protocol is fully supported by | |
17 | file servers such as Windows 2000 (including Windows 2003, Windows 2008, | |
18 | NT 4 and Windows XP) as well by Samba (which provides excellent CIFS | |
19 | server support for Linux and many other operating systems). Limited | |
20 | support for OS/2 and Windows ME and similar servers is provided as | |
21 | well. | |
22 | ||
23 | The module also provides optional support for the followon | |
24 | protocols for CIFS including SMB3, which enables | |
25 | useful performance and security features (see the description | |
26 | of CONFIG_CIFS_SMB2). | |
27 | ||
28 | The cifs module provides an advanced network file system | |
29 | client for mounting to CIFS compliant servers. It includes | |
30 | support for DFS (hierarchical name space), secure per-user | |
31 | session establishment via Kerberos or NTLM or NTLMv2, | |
32 | safe distributed caching (oplock), optional packet | |
33 | signing, Unicode and other internationalization improvements. | |
34 | If you need to mount to Samba or Windows from this machine, say Y. | |
35 | ||
36 | config CIFS_STATS | |
37 | bool "CIFS statistics" | |
38 | depends on CIFS | |
39 | help | |
40 | Enabling this option will cause statistics for each server share | |
41 | mounted by the cifs client to be displayed in /proc/fs/cifs/Stats | |
42 | ||
43 | config CIFS_STATS2 | |
44 | bool "Extended statistics" | |
45 | depends on CIFS_STATS | |
46 | help | |
47 | Enabling this option will allow more detailed statistics on SMB | |
48 | request timing to be displayed in /proc/fs/cifs/DebugData and also | |
49 | allow optional logging of slow responses to dmesg (depending on the | |
50 | value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). | |
51 | These additional statistics may have a minor effect on performance | |
52 | and memory utilization. | |
53 | ||
54 | Unless you are a developer or are doing network performance analysis | |
55 | or tuning, say N. | |
56 | ||
57 | config CIFS_WEAK_PW_HASH | |
58 | bool "Support legacy servers which use weaker LANMAN security" | |
59 | depends on CIFS | |
60 | help | |
61 | Modern CIFS servers including Samba and most Windows versions | |
62 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | |
63 | security mechanisms. These hash the password more securely | |
64 | than the mechanisms used in the older LANMAN version of the | |
65 | SMB protocol but LANMAN based authentication is needed to | |
66 | establish sessions with some old SMB servers. | |
67 | ||
68 | Enabling this option allows the cifs module to mount to older | |
69 | LANMAN based servers such as OS/2 and Windows 95, but such | |
70 | mounts may be less secure than mounts using NTLM or more recent | |
71 | security mechanisms if you are on a public network. Unless you | |
72 | have a need to access old SMB servers (and are on a private | |
73 | network) you probably want to say N. Even if this support | |
74 | is enabled in the kernel build, LANMAN authentication will not be | |
75 | used automatically. At runtime LANMAN mounts are disabled but | |
76 | can be set to required (or optional) either in | |
77 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | |
78 | option on the mount command. This support is disabled by | |
79 | default in order to reduce the possibility of a downgrade | |
80 | attack. | |
81 | ||
82 | If unsure, say N. | |
83 | ||
84 | config CIFS_UPCALL | |
85 | bool "Kerberos/SPNEGO advanced session setup" | |
86 | depends on CIFS && KEYS | |
87 | select DNS_RESOLVER | |
88 | help | |
89 | Enables an upcall mechanism for CIFS which accesses userspace helper | |
90 | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets | |
91 | which are needed to mount to certain secure servers (for which more | |
92 | secure Kerberos authentication is required). If unsure, say N. | |
93 | ||
94 | config CIFS_XATTR | |
95 | bool "CIFS extended attributes" | |
96 | depends on CIFS | |
97 | help | |
98 | Extended attributes are name:value pairs associated with inodes by | |
99 | the kernel or by users (see the attr(5) manual page, or visit | |
100 | <http://acl.bestbits.at/> for details). CIFS maps the name of | |
101 | extended attributes beginning with the user namespace prefix | |
102 | to SMB/CIFS EAs. EAs are stored on Windows servers without the | |
103 | user namespace prefix, but their names are seen by Linux cifs clients | |
104 | prefaced by the user namespace prefix. The system namespace | |
105 | (used by some filesystems to store ACLs) is not supported at | |
106 | this time. | |
107 | ||
108 | If unsure, say N. | |
109 | ||
110 | config CIFS_POSIX | |
111 | bool "CIFS POSIX Extensions" | |
112 | depends on CIFS_XATTR | |
113 | help | |
114 | Enabling this option will cause the cifs client to attempt to | |
115 | negotiate a newer dialect with servers, such as Samba 3.0.5 | |
116 | or later, that optionally can handle more POSIX like (rather | |
117 | than Windows like) file behavior. It also enables | |
118 | support for POSIX ACLs (getfacl and setfacl) to servers | |
119 | (such as Samba 3.10 and later) which can negotiate | |
120 | CIFS POSIX ACL support. If unsure, say N. | |
121 | ||
122 | config CIFS_ACL | |
123 | bool "Provide CIFS ACL support" | |
124 | depends on CIFS_XATTR && KEYS | |
125 | help | |
126 | Allows fetching CIFS/NTFS ACL from the server. The DACL blob | |
127 | is handed over to the application/caller. See the man | |
128 | page for getcifsacl for more information. | |
129 | ||
130 | config CIFS_DEBUG | |
131 | bool "Enable CIFS debugging routines" | |
132 | default y | |
133 | depends on CIFS | |
134 | help | |
135 | Enabling this option adds helpful debugging messages to | |
136 | the cifs code which increases the size of the cifs module. | |
137 | If unsure, say Y. | |
138 | config CIFS_DEBUG2 | |
139 | bool "Enable additional CIFS debugging routines" | |
140 | depends on CIFS_DEBUG | |
141 | help | |
142 | Enabling this option adds a few more debugging routines | |
143 | to the cifs code which slightly increases the size of | |
144 | the cifs module and can cause additional logging of debug | |
145 | messages in some error paths, slowing performance. This | |
146 | option can be turned off unless you are debugging | |
147 | cifs problems. If unsure, say N. | |
148 | ||
149 | config CIFS_DFS_UPCALL | |
150 | bool "DFS feature support" | |
151 | depends on CIFS && KEYS | |
152 | select DNS_RESOLVER | |
153 | help | |
154 | Distributed File System (DFS) support is used to access shares | |
155 | transparently in an enterprise name space, even if the share | |
156 | moves to a different server. This feature also enables | |
157 | an upcall mechanism for CIFS which contacts userspace helper | |
158 | utilities to provide server name resolution (host names to | |
159 | IP addresses) which is needed for implicit mounts of DFS junction | |
160 | points. If unsure, say N. | |
161 | ||
162 | config CIFS_NFSD_EXPORT | |
163 | bool "Allow nfsd to export CIFS file system" | |
164 | depends on CIFS && BROKEN | |
165 | help | |
166 | Allows NFS server to export a CIFS mounted share (nfsd over cifs) | |
167 | ||
168 | config CIFS_SMB2 | |
169 | bool "SMB2 and SMB3 network file system support" | |
170 | depends on CIFS | |
171 | select KEYS | |
172 | select FSCACHE | |
173 | select DNS_RESOLVER | |
174 | select CRYPTO_AES | |
175 | select CRYPTO_SHA256 | |
176 | select CRYPTO_CMAC | |
177 | ||
178 | help | |
179 | This enables support for the Server Message Block version 2 | |
180 | family of protocols, including SMB3. SMB3 support is | |
181 | enabled on mount by specifying "vers=3.0" in the mount | |
182 | options. These protocols are the successors to the popular | |
183 | CIFS and SMB network file sharing protocols. SMB3 is the | |
184 | native file sharing mechanism for the more recent | |
185 | versions of Windows (Windows 8 and Windows 2012 and | |
186 | later) and Samba server and many others support SMB3 well. | |
187 | In general SMB3 enables better performance, security | |
188 | and features, than would be possible with CIFS (Note that | |
189 | when mounting to Samba, due to the CIFS POSIX extensions, | |
190 | CIFS mounts can provide slightly better POSIX compatibility | |
191 | than SMB3 mounts do though). Note that SMB2/SMB3 mount | |
192 | options are also slightly simpler (compared to CIFS) due | |
193 | to protocol improvements. | |
194 | ||
195 | config CIFS_SMB311 | |
196 | bool "SMB3.1.1 network file system support (Experimental)" | |
197 | depends on CIFS_SMB2 | |
198 | ||
199 | help | |
200 | This enables experimental support for the newest, SMB3.1.1, dialect. | |
201 | This dialect includes improved security negotiation features. | |
202 | If unsure, say N | |
203 | ||
204 | config CIFS_FSCACHE | |
205 | bool "Provide CIFS client caching support" | |
206 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y | |
207 | help | |
208 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data | |
209 | to be cached locally on disk through the general filesystem cache | |
210 | manager. If unsure, say N. | |
211 |