Cannot access NAS through Samba although FTP working

Zibi1981 · 2021-05-28 10:04:18

Recently I cannot access my HDD attached to my router configured as a NAS-like service. I think it has something to do with recent Samba version.

Samba is up and running.

$ systemctl status smb.service
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-05-28 09:24:08 CEST; 2h 34min ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 1909 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 4 (limit: 38352)
     Memory: 11.4M
        CPU: 160ms
     CGroup: /system.slice/smb.service
             ├─1909 /usr/bin/smbd --foreground --no-process-group
             ├─1918 /usr/bin/smbd --foreground --no-process-group
             ├─1919 /usr/bin/smbd --foreground --no-process-group
             └─1920 /usr/bin/smbd --foreground --no-process-group

maj 28 09:24:08 titanlinux systemd[1]: Starting Samba SMB Daemon...
maj 28 09:24:08 titanlinux smbd[1909]: ERROR: ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
maj 28 09:24:08 titanlinux systemd[1]: Started Samba SMB Daemon.
maj 28 09:24:08 titanlinux smbd[1909]: [2021/05/28 09:24:08.292537,  0] ../../lib/util/become_daemon.c:135(daemon_ready)
maj 28 09:24:08 titanlinux smbd[1909]:   daemon_ready: daemon 'smbd' finished starting up and ready to serve connections

$ systemctl status nmb.service
● nmb.service - Samba NMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-05-28 09:24:08 CEST; 2h 34min ago
       Docs: man:nmbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 1008 (nmbd)
     Status: "nmbd: ready to serve connections..."
      Tasks: 1 (limit: 38352)
     Memory: 13.3M
        CPU: 135ms
     CGroup: /system.slice/nmb.service
             └─1008 /usr/bin/nmbd --foreground --no-process-group

maj 28 09:23:48 titanlinux nmbd[1008]:   NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).
maj 28 09:24:08 titanlinux nmbd[1008]: [2021/05/28 09:24:08.224450,  0] ../../lib/util/become_daemon.c:135(daemon_ready)
maj 28 09:24:08 titanlinux systemd[1]: Started Samba NMB Daemon.
maj 28 09:24:08 titanlinux nmbd[1008]:   daemon_ready: daemon 'nmbd' finished starting up and ready to serve connections
maj 28 09:24:31 titanlinux nmbd[1008]: [2021/05/28 09:24:31.324059,  0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
maj 28 09:24:31 titanlinux nmbd[1008]:   *****
maj 28 09:24:31 titanlinux nmbd[1008]: 
maj 28 09:24:31 titanlinux nmbd[1008]:   Samba name server TITANLINUX is now a local master browser for workgroup MYGROUP on subnet 10.31.1.110
maj 28 09:24:31 titanlinux nmbd[1008]: 
maj 28 09:24:31 titanlinux nmbd[1008]:   *****

When I try to login to my NAS with FTP protocol using Dolphin, everything seems to be working fine, and I'm able to do that using my name and password. However when I navigate to the same share locally using samba and give the same name and password, the login window is just popping-in and nothing happens, as it is some kind of problem with communication.

Any hints?

Zibi1981 · 2021-07-21 20:41:32

Recently I was able to find out, that when I disable secure login with name and password on my router, then I'm able to access my Samba shared HDD without any problems. But when enabled - I cannot access it locally, although it could be acceded via FTP, so there is a problem with secure login only via Samba but not FTP. Any hints what's wrong?

seth · 2021-07-21 21:00:25

For clarification: what is your "router"? Some consumer router (eg. issued by your ISP) or an archlinux system configured to act as a network router?
Is arch the (smb) client (only)?
What exactly does "secure login" refer to?
Can you access the router "smbclient -L <router_ip_here>"?

If it's a consumer router and smbclient says sth. like "protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED", see https://wiki.archlinux.org/title/Samba# … tion_abort

Zibi1981 · 2021-07-22 21:04:11

Hi seth! Thank You for your interest in my little problem

Regarding to your questions:

1. My home router is Linksys EA8500 Max-Stream™ AC2600 MU-MIMO Gigabit WiFi Router

2. I'm accessing my HDD/NAS via Samba not only using Arch, but also by Windows 10, although it's the same machine with dual boot. I never had any issues accessing my HDD/NAS using Windows 10.

3. By "secure login" I mean login using username and password, as described on the manual of my router.

So when "Secure Folder Access" is enabled, I cannot login with my credentials via Samba protocol on my LAN (the login window when clicked is popping-up every single time but nothing happens), but I can do it via FTP. When this option is disabled in my router settings, then I can access my HDD/NAS by both protocols.

4. Here's the output

$ smbclient -L 10.31.1.1
Enter MYGROUP\zbyszek's password: 

        Sharename       Type      Comment
        ---------       ----      -------
        NAS             Disk      
        IPC$            IPC       IPC Service (Samba 3.0.37-(Optimized by Tuxera Inc, 3015.10.21_1))
Reconnecting with SMB1 for workgroup listing.

        Server               Comment
        ---------            -------
        KASIAZET5            Samba 3.0.28a

        Workgroup            Master
        ---------            -------
        MYGROUP              TITANLINUX
        WORKGROUP            KASIAZET5

Last edited by Zibi1981 (2021-07-22 21:05:44)

seth · 2021-07-22 21:13:28

You're required to issue your credentials, does that imply the smbclient output is with the "secure login" feature enabled? (In which case we need to focus on "the login window"/dolphin)

Otherwise, does

smbclient -U 'Guest%guest' -L 10.31.1.1

work w/ the secure login feature being enabled? (And assuming the preset account is still intact)

Edit: can you open smb://zbyszek:mysupersecretpassword@10.31.1.1 in dolphin?

Last edited by seth (2021-07-22 21:25:27)

Zibi1981 · 2021-07-22 21:26:04

No, the output was with Secure Folder Access disabled. Here's what is says when enabled.

smbclient -L 10.31.1.1
Enter MYGROUP\zbyszek's password: 
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        NAS             Disk      
        IPC$            IPC       IPC Service (Samba 3.0.37-(Optimized by Tuxera Inc, 3015.10.21_1))
Reconnecting with SMB1 for workgroup listing.
Anonymous login successful

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        MYGROUP              TITANLINUX
        WORKGROUP            KASIAZET5

The output of the second command when Secure Folder Acces anabled

smbclient -U 'Guest%guest' -L 10.31.1.1

        Sharename       Type      Comment
        ---------       ----      -------
        NAS             Disk      
        IPC$            IPC       IPC Service (Samba 3.0.37-(Optimized by Tuxera Inc, 3015.10.21_1))
Reconnecting with SMB1 for workgroup listing.

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        WORKGROUP

I guess that's because the guest account is also enabled.

seth · 2021-07-22 21:36:19

Can you open smb://Guest:guest@10.31.1.1 in dolphin?

Zibi1981 · 2021-07-22 22:12:37

No I can't - the same issue as when I try to access my NAS on the other account - login window popping-up but can't go through.

seth · 2021-07-23 06:35:03

What if you cut out kio and try https://wiki.archlinux.org/title/Samba#Manual_mounting (we could just be facing a dolphin GUI bug…)

Zibi1981 · 2021-07-23 21:10:25

seth wrote:

What if you cut out kio and try https://wiki.archlinux.org/title/Samba#Manual_mounting (we could just be facing a dolphin GUI bug…)

I'm not sure what you expect me to do. What do you mean precisely?

seth · 2021-07-23 21:16:47

Try to mount the nas using cifs to eg. /media/NAS
smb://whatever is the dolphin/KDE specific kio implementation of the protocol and I wonder whether it's simply stumbling over the auth dialog or whether there's an actual protocol issue w/ the "secure login" enabled.
You can mount it using the creds of the Admin or Guest user or any user you added.

Zibi1981 · 2021-07-25 09:24:28

Here's what I got

# LC_ALL=C mount -t cifs //10.31.1.1 /mnt/NAS -o username=(xxx),password=(yyy),workgroup=workgroup,iocharset=utf8
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Last edited by Zibi1981 (2021-07-25 09:25:36)

seth · 2021-07-25 09:30:19

//10.31.1.1/NAS - you can only mount shares, not servers.

Zibi1981 · 2021-07-25 14:47:30

# LC_ALL=C mount -t cifs //10.31.1.1/NAS /mnt/NAS -o username=(xxx),password=(yyy),workgroup=workgroup,iocharset=utf8
mount error: Server abruptly closed the connection.
This can happen if the server does not support the SMB version you are trying to use.
The default SMB version recently changed from SMB1 to SMB2.1 and above. Try mounting with vers=1.0.
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

Last lines of dmesg

[ 1266.103911] FS-Cache: Loaded
[ 1266.105280] Key type dns_resolver registered
[ 1266.132971] FS-Cache: Netfs 'cifs' registered for caching
[ 1266.137849] Key type cifs.spnego registered
[ 1266.137859] Key type cifs.idmap registered
[ 1266.138475] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1266.138477] CIFS: Attempting to mount \\10.31.1.1\NAS
[ 1266.144048] CIFS: VFS: cifs_mount failed w/return code = -112

seth · 2021-07-25 14:51:52

mount.cifs wrote:

Try mounting with vers=1.0

Zibi1981 · 2021-07-25 17:06:01

seth wrote:

mount.cifs wrote:
Try mounting with vers=1.0

Yeah, I noticed that, but I think I already tried accessing my HDD/NAS with this version of SMB protocol before (via Dolphin), and the result was the same. You think that I should edit /etc/samba/smb.conf file or only add some kind of option to the command line above?

And there's this

Server               Comment
        ---------            -------
        KASIAZET5            Samba 3.0.28a

Last edited by Zibi1981 (2021-07-25 17:07:01)

seth · 2021-07-25 19:40:40

That's not the samba version, but the used protocol version.
See the previously linked https://wiki.archlinux.org/title/Samba# … tion_abort - you'll have to allow the older protocol in smb.conf and perhaps still have to select it explicitly in the mount command.

Zibi1981 · 2021-07-25 20:16:16

I cannot mount it with SMB1. I'not sure if Samba and Linux kernel still supports it.

When I changed my /etc/samba/smb.conf to

[global]

client min protocol = SMB1
server min protocol = SMB1

I got this

systemctl --failed
  UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
[root@titanlinux zbyszek]# systemctl restart smb.service
Job for smb.service failed because the control process exited with error code.
See "systemctl status smb.service" and "journalctl -xeu smb.service" for details.

[root@titanlinux zbyszek]# systemctl status smb.service
× smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sun 2021-07-25 22:10:46 CEST; 11s ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
    Process: 550274 ExecStart=/usr/bin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=1/FAILURE)
   Main PID: 550274 (code=exited, status=1/FAILURE)
        CPU: 37ms

lip 25 22:10:46 titanlinux systemd[1]: Starting Samba SMB Daemon...
lip 25 22:10:46 titanlinux smbd[550274]: ERROR: ld.so: object 'libesets_pac.so' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
lip 25 22:10:46 titanlinux systemd[1]: smb.service: Main process exited, code=exited, status=1/FAILURE
lip 25 22:10:46 titanlinux systemd[1]: smb.service: Failed with result 'exit-code'.
lip 25 22:10:46 titanlinux systemd[1]: Failed to start Samba SMB Daemon.

[root@titanlinux zbyszek]# testparm
Load smb config files from /etc/samba/smb.conf
WARNING: Ignoring invalid value 'SMB1' for parameter 'client min protocol'
Error loading services.

Last edited by Zibi1981 (2021-07-25 20:17:48)

seth · 2021-07-26 07:04:04

client min protocol = CORE

karabaja4 · 2021-07-26 08:44:14

I'm confused, why are you running a local samba server if you are trying to access a drive connected to your router that is most likely running it's own samba server?

Anyway, try the following:

# mount -v -t cifs -o uid="$(id -u)",gid="$(id -g)",username="<username>",password="<password>" //10.31.1.1/<share_name> /mnt/NAS

Some smbclients require you to specify version explicitly when mounting with "vers", e.g.:

# mount -v -t cifs -o uid="$(id -u)",gid="$(id -g)",username="<username>",password="<password>",vers=3.02 //10.31.1.1/<share_name> /mnt/NAS

If that is the case, you need to figure out the version of your server.

Check out the valid values for "server max protocol" that your router might be running and set the "vers" option accordingly (e.g. use 3.02 for SMB3_02):
https://www.samba.org/samba/docs/curren … AXPROTOCOL

Last edited by karabaja4 (2021-07-26 09:01:19)

Zibi1981 · 2021-08-01 19:58:38

Sorry for the late reply, but that's life. Too many professional and personal commitments.

seth wrote:

client min protocol = CORE

That was my starting setting and it didn't work, hence I started this thread.

karabaja4 wrote:

I'm confused, why are you running a local samba server if you are trying to access a drive connected to your router that is most likely running it's own samba server?

My primary goal is to connect to my NAS, and as far as I can tell without proper Samba configuration on my laptop I wasn't able to access this NAS before. But there was a time it worked flawlessly.

karabaja4 wrote:

Check out the valid values for "server max protocol" that your router might be running and set the "vers" option accordingly (e.g. use 3.02 for SMB3_02):
https://www.samba.org/samba/docs/curren … AXPROTOCOL

I tried to dig to that information but couldn't find it anywhere. Is there a command that could help me with this?
All I can tell is that when "Secure Folder Access" is enabled, then I can access my NAS when option "CORE" has been set in /etc/smb.conf, but I cannot do that when I set SMB2 or SMB3 there.

EDIT

Could it be SMB1?

smbclient -L 10.31.1.1
Enter MYGROUP\zbyszek's password: 
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        NAS             Disk      
        IPC$            IPC       IPC Service (Samba 3.0.37-(Optimized by Tuxera Inc, 3015.10.21_1))
Reconnecting with SMB1 for workgroup listing.
Anonymous login successful

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        MYGROUP              TITANLINUX
        WORKGROUP            KASIAZET5

Last edited by Zibi1981 (2021-08-01 20:01:22)

seth · 2021-08-01 21:04:31

That was my starting setting and it didn't work, hence I started this thread.

Did you mention that before?

Valid tokens are CORE, COREPLUS, LANMAN1, LANMAN2, NT1, SMB2, SMB3, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00, SMB3_02, SMB3_10, SMB3_11 or SMB2_FF
They're explained in "man 5 smb.conf" - if you can, you want the NAS to support SMB3. NT1 will open you to wannacry.

Zibi1981 · 2021-08-02 14:41:37

Hmm, so should I give all this options a try? Some of them are surely not working - I already tried SMB2 and SMB3.

seth · 2021-08-02 14:48:00

"NT1" is SMBv1 - but since the NAS seems to run some version of samba, I'd rather seek to fix its config to not require a dated SMB protocol (that has known massive security issues)
Alternatively, does it offer NFS (preferably v4)?

Zibi1981 · 2021-08-02 14:55:57

seth wrote:

"NT1" is SMBv1 - but since the NAS seems to run some version of samba, I'd rather seek to fix its config to not require a dated SMB protocol (that has known massive security issues)
Alternatively, does it offer NFS (preferably v4)?

Well, the software of my router is up-to-date, I don't think there's any other way to apply any changes to the network protocols it offers.

Also available information (both on print and on the web) doesn't seem to go that further into detail of web protocols, AFAIK.

Arch Linux

#1 2021-05-28 10:04:18

Cannot access NAS through Samba although FTP working

#2 2021-07-21 20:41:32

Re: Cannot access NAS through Samba although FTP working

#3 2021-07-21 21:00:25

Re: Cannot access NAS through Samba although FTP working

#4 2021-07-22 21:04:11

Re: Cannot access NAS through Samba although FTP working

#5 2021-07-22 21:13:28

Re: Cannot access NAS through Samba although FTP working

#6 2021-07-22 21:26:04

Re: Cannot access NAS through Samba although FTP working

#7 2021-07-22 21:36:19

Re: Cannot access NAS through Samba although FTP working

#8 2021-07-22 22:12:37

Re: Cannot access NAS through Samba although FTP working

#9 2021-07-23 06:35:03

Re: Cannot access NAS through Samba although FTP working

#10 2021-07-23 21:10:25

Re: Cannot access NAS through Samba although FTP working

#11 2021-07-23 21:16:47

Re: Cannot access NAS through Samba although FTP working

#12 2021-07-25 09:24:28

Re: Cannot access NAS through Samba although FTP working

#13 2021-07-25 09:30:19

Re: Cannot access NAS through Samba although FTP working

#14 2021-07-25 14:47:30

Re: Cannot access NAS through Samba although FTP working

#15 2021-07-25 14:51:52

Re: Cannot access NAS through Samba although FTP working

#16 2021-07-25 17:06:01

Re: Cannot access NAS through Samba although FTP working

#17 2021-07-25 19:40:40

Re: Cannot access NAS through Samba although FTP working

#18 2021-07-25 20:16:16

Re: Cannot access NAS through Samba although FTP working

#19 2021-07-26 07:04:04

Re: Cannot access NAS through Samba although FTP working

#20 2021-07-26 08:44:14

Re: Cannot access NAS through Samba although FTP working

#21 2021-08-01 19:58:38

Re: Cannot access NAS through Samba although FTP working

#22 2021-08-01 21:04:31

Re: Cannot access NAS through Samba although FTP working

#23 2021-08-02 14:41:37

Re: Cannot access NAS through Samba although FTP working

#24 2021-08-02 14:48:00

Re: Cannot access NAS through Samba although FTP working

#25 2021-08-02 14:55:57

Re: Cannot access NAS through Samba although FTP working

Board footer