Authentification problems with samba

thanks for your help

I am not sure what to do any longer
I am wondering if all this could be a problem with the firewall of the router,

I have asked in the company forum

regards

i can access the usb hard drive with ssh but the router/samba does not even show up in windows file explorer.
The router does appear in ios with a file explorer app but then i can not access the shared directory

Change (/etc/samba/smb.conf.template)

  • null passwords = yes
    to
    null passwords = no

  • Restart Samba:
    /etc/init.d/samba restart

Please post the output of:

  • cat /etc/config/samba
  • cat /etc/samba/smb.conf
  • cat /etc/samba/smbpasswd
  • ls -lsa /path/to/share

What happens:

  • When you open Windows Explorer and in the address bar type: \\<router ip> ?
  • When you enter into the share directory?
  • When you try to open a file?

thanks for your answer

here are the outputs

  1. samba
config samba
        option workgroup 'WORKGROUP'
        option name 'GL-AR750S'
        option description 'GL-AR750S-6d0'
        option homes '1'

config sambashare
        option browseable 'yes'
        option name 'peliculas'
        option path '/mnt/sda1'
        option read_only 'no'
        option guest_ok 'yes'
        option create_mask '0777'
        option dir_mask '0777'
        option users 'kuku'

  1. for smb.conf
 netbios name = GL-AR750S
        display charset = UTF-8
        interfaces = lo br-lan
        server string = GL-AR750S-6d0
        unix charset = UTF-8
        workgroup = WORKGROUP
        browseable = yes
        deadtime = 30
        domain master = yes
        encrypt passwords = true
        enable core files = no
        guest account = nobody
        guest ok = yes
        invalid users = root
        local master = yes
        load printers = no
        map to guest = Bad User
        max protocol = SMB2
        min protocol = SMB2
        min receivefile size = 16384
        null passwords = no
        obey pam restrictions = yes
        os level = 20
        passdb backend = smbpasswd
        preferred master = yes
        printable = no
        security = user
        smb encrypt = disabled
        smb passwd file = /etc/samba/smbpasswd
        socket optid ons = TCP_NODELAY IPTOS_LOWDELAY
        syslog = 2
        use sendfile = yes
        writeable = yes
[homes]
        comment     = Home Directories
        browsable   = no
        read only   = no
        create mode = 0750

[peliculas]
        path = /mnt/sda1
        valid users = kuku
        read only = no
        guest ok = yes
        create mask = 0777
        directory mask = 0777
        browseable = yes

3 for * cat /etc/samba/smbpasswd

root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U          ]:LCT-00000001:
kuku:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U          ]:LCT-00000001:

4 for ls -lsa /path/to/share

ls: /path/to/share: No such file or directory
  1. When i enter the ip adress in the web browser i am redirected to the router administration page
    2 and 3. I can not even see the router in windows explorer/network, so i cant access anything

/etc/samba/smbpasswd

  • Remove line 1, as root should not be a Samba user: smbpasswd -x root

/etc/config/samba: config samba

  • Change option workgroup 'WORKGROUP'
    to
    option workgroup 'lan'
    • where lan is the local domain name set by the router in /etc/config/dhcp
      (value set for option domain)

  • The local domain should also be mirrored on Windows as the Wokgroup name the PC belongs to
    • Open an admin PowerShell terminal
      1. [WinKey] + [R]
      2. Type: powershell
      3. [CTRL] + [SHIFT] + [ENTER]
        cmd /c 'wmic computersystem where name="%computername%" call joindomainorworkgroup name="Workgroup-Name"'
        
        • Where Workgroup-Name is the local domain set by the router
      4. Reboot: shutdown /r

/etc/config/samba: config sambashare

  • Change both mask values to 0755
    • Change create_mask to 0660
    • Change dir_mask to 0775

  • Change path = /mnt/sda1
    to
    an actual directory within the sda1 partition: path = /mnt/sda1/kuku
    • root owns the root of all mounts, as OpenWrt is a single user OS, so the share must be a directory under /mnt/sda1, and that share directory must be owned by the Samba user and/or the Samba user's group.

Once the above steps are done, issue the following commands:

mkdir -p /mnt/sda1/kuku
  chown -R kuku:kuku /mnt/sda1/kuku
  chmod -R 765 /mnt/sda1/kuku

service samba restart
  • I may have missed it in a prior post, but kuku must also be added:
    • As a user to /etc/passwd
      kuku:*:1001:1001:Samba User:/mnt/sda1/kuku:/bin/false
    • As a group under /etc/group
      kuku:x:1001:

Not the web browser, Windows Explorer [file manager].

  • In the address bar box, preface your router's IP with two backslashes, i.e. \\192.168.1.1
    • I've corrected my prior post, as I incorrectly typed forward slashes.

@cbx200 I read your Private Message...looking over my previous notes, I only changed the following line from default:

#Change security = user to security = share

I also have this note:

Ports 137-139 are for NetBios/Name resolution. Without it you will have to access machines by IP address opposed to NetBIOS name. Example \\192.168.1.100\share_name opposed to \\my_file_server\share_name

So port 445 is sufficient if you can work with IP addresses only.
  • I also noticed that you renamed a section peliculas and specified a user named kuku.

Yes indeed

I am trying to access a USB HD attached to my open wrt router/SMB via windows or a file explorer in iOS.

Windows does not “see” the router

Within iOS I get a request for user password all the time. But the user pass I set don’t work. Same authentication request appears even if I set security = share

I think this has to do with permissions authorizations for the router to access the usb HD.

I saw you had written about it, but I am very new to all this and I don’t understand what needs to be done

Thanks a lot
Very clear
I had reinstalled fresh the routers firmware and formatted the usb drive with fat 32
I have not set up any user.
I can now access the usb drive from iOS and windows but I can’t write it from windows

I am now in the middle on implementing your suggestions above but the ones related to user.
I will report
Not sure what the mask values are. Where can I read about it. I have googled but not really understood.
Is it the same as the permission given for a drive/ directory?
Rgds

Hi JW0914

I have executed what you suggested, and I can access the usb and the new directory from iOS but the router does not appear in windows explorer as it did before
I have mapped the IP address of the router to windows explorer and I receive the message device detected but not answering

What can I do now?
Thanks

If your firewall is closed, have you opened the required ports for Samba?

I was wondering whether i need to open the ports of the router if I am in the same network and because before doing the changes I could see the router and access it in windows

So perhaps is not a ports issue?

Hi all again

Now I can access to the usb drive attached to the router from windows, although I had to map the drive and from iOS, but I can only read , not write or delete
How can I change the permissions.?
I am posting the config files again
Thanks

here the output of the config updated. I can delete now but not write i set the mask and permissions to 0777 in order to have full access , as this is only for home use. however i still can not write from windows to the usb drive connected to the router

 cat /etc/config/samba

config samba
        option homes '1'
        option name 'GL-AR750S'
        option description 'GL-AR750S-6d0'
        option workgroup 'lan'

config sambashare
        option name 'sda1'
        option path '/mnt/sda1/pelis'
        option read_only 'no'
        option guest_ok 'yes'
        option create_mask '0777'
        option dir_mask '0777'

 cat etc/samba/smb.conf
[global]
        netbios name = GL-AR750S
        display charset = UTF-8
        interfaces = lo br-lan
        server string = GL-AR750S-6d0
        unix charset = UTF-8
        workgroup = lan
        browseable = yes
        deadtime = 30
        domain master = yes
        encrypt passwords = true
        enable core files = no
        guest account = nobody
        guest ok = yes
        invalid users = root
        local master = yes
        load printers = no
        map to guest = Bad User
        max protocol = SMB2
        min receivefile size = 16384
        null passwords = yes
        obey pam restrictions = yes
        os level = 20
        passdb backend = smbpasswd
        preferred master = yes
        printable = no
        security = share
        smb encrypt = disabled
        smb passwd file = /etc/samba/smbpasswd
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        syslog = 2
        use sendfile = yes
        writeable = yes

[homes]
        comment     = Home Directories
        browsable   = no
        read only   = no
        create mode = 0750

[sda1]
        path = /mnt/sda1/pelis
        read only = no
        guest ok = yes
        create mask = 0777
        directory mask = 0777

lsa -lsa /path/to/share
-ash: lsa: not found

i am not posting the password bit because i have not set up any user/password after i reinstalled the firmware

What I would need now is full read/write/execute permissions to the usb drive.

Plus to manage that the usb drive is visible in windows file explorer without mapping the unit (it has been suggested this can be a port issue with the router?)

thanks again

This is the mount information

Mounted file systems
Filesystem
Mount Point
Available
Used
Unmount
/dev/root
/rom
0.00 B / 9.00 MB
100% (9.00 MB)
tmpfs
/tmp
60.06 MB / 60.84 MB
1% (804.00 KB)
/dev/ubi0_1
/overlay
95.52 MB / 101.69 MB
1% (1.45 MB)
overlayfs:/overlay
/
95.52 MB / 101.69 MB
1% (1.45 MB)
tmpfs
/dev
512.00 KB / 512.00 KB
0% (0.00 B)
/dev/sda1
/mnt/sda1/pelis
26.81 GB / 28.88 GB
7% (2.07 GB)
Mount Points
Mount Points define at which point a memory device will be attached to the filesystem
Enabled
Device
Mount Point
Filesystem
Options
Root
Check
UUID: 1F82-8506 (not present)
/mnt/sda1/pelis
?
defaults
no
no

hi
still can not write to the usb drive, i gave 0777 permissions again to no avail

regards

the same if i want to delete a file, i get this message:

File access denied

You require permission from S -1-22-1-0 to make changes to this file

i have added

min protocol= smb2 

which was missing

hi

i still didnt manage i can only read, neither write nor delete, despite i set out the authorisation at 777
what do you think?

thanks

I think I vaguely remember someone else having this problem, but I can't find the thread unfortunately, from what I remember they had to change permission for the drive itself, rather than the files. So you might try hooking the drive directly to your comp and make sure you have full permissions on the drive itself.

1 Like