I have a collection of HikVision cameras but have been experiencing issues with the new firmware. At first I thought it was with v 5.2.5 but after trying various versions it looks like it is with a wide range. The problem is that mounting a Samba/CIFS share (windows share) does not work, you just get a generic error. Older versions worked fine.
I have Windows Server Essentials 2012R2 with shared folders (one per camera, with quotas per user to limit the usage per device – see https://technet.microsoft.com/en-us/library/cc875785(v=ws.10).aspx ) and have rolled back to firmware 5.2.0 (DS-2CD2132-I Firmware Version V5.2.0 build 140721)
First I enable debug on the camera: (See http://www.cctvforum.com/viewtopic.php?f=19&t=39417). I prefer elevel 7 for NAS. The open the output.
# setDebug -m NAS -l 7 -d 111
This provides me with the mount command:
mount -t cifs -o sec=ntlm,rsize=4096,wsize=4096,nolock,noac,soft,noserverino, username=’firstname.lastname@example.org’,password=’password’ //192.168.0.3/CameraDataTest’ /mnt/nfs02
Running this command gives me this error:
mount: mounting //192.168.0.3/CameraData2 on /tmp/test/ failed: Operation not supported
This is strange, since if i execute the same command without the sec=ntlm option then it works!! However I could not find any way to set the default mount options (any ideas anyone?)
Window server does not log NTLM errors by default and there was nothing in the events. However using Wireshark I could see that the camera was attempting to mount the share and that is was using NTLMv1 (aka. 0.12). Enabeling the CIFS debug on the camera really helped.
here is the command : # echo 7 > /proc/fs/cifs/cifsFYI
Seeing as I don’t know how to modify the cameras I figure I have to change/enable something on the server. The CIFS debug really helped, the error was 0xC000006D which is a login error, which is good news kind of.
I looked at the Group policy “Network security: ..” settings but none helped
Well kind of , the solution would be to change the mount options on the camera. Failing that I found the issue is around the requirement of security signatures. On Win Server it is on by default and is a good idea, so be careful turning it off. I just made it not a requirement but still enabled. Here is the registry key – change from ENABLE to DISABLE and all works!
Value Name: RequireSecuritySignature
Data Type: REG_DWORD
Data: 0 (disable), 1 (enable)