Comment 10 for bug 1729337

I've found another interesting fact by searching the mount.cifs man page, quote:

       sec=
           Security mode. Allowed values are:

           · none - attempt to connection as a null user (no name)

           · krb5 - Use Kerberos version 5 authentication

           · krb5i - Use Kerberos authentication and forcibly enable packet signing

           · ntlm - Use NTLM password hashing

           · ntlmi - Use NTLM password hashing and force packet signing

           · ntlmv2 - Use NTLMv2 password hashing

           · ntlmv2i - Use NTLMv2 password hashing and force packet signing

           · ntlmssp - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message

           · ntlmsspi - Use NTLMv2 password hashing encapsulated in Raw NTLMSSP message, and force packet signing

           The default in mainline kernel versions prior to v3.8 was sec=ntlm. In v3.8, the default was changed to sec=ntlmssp.

           If the server requires signing during protocol negotiation, then it may be enabled automatically. Packet signing may also be enabled automatically if it's enabled in /proc/fs/cifs/SecurityFlags.

With this in mind, if I go ahead and change the mount to use vers=3.0 again and add option sec=ntlmsspi it works like a charm, see below example:

//x.y.z.w/share /mnt/share cifs vers=3.0,iocharset=utf8,noperm,rw,uid=root,file_mode=0660,dir_mode=0770,credentials=/credentials.file,sec=ntlmsspi 0 0

Above fix works on both Xenial (using 4.4.0-98-generic) and Trusty (using 3.13.0-135-generic)