I have restarted samba and rebooted the router
Didn’t help
I realize that I get the password error not when I enter in SMB but when I try to get to the next step ie. I see the samba server I click and I am asked for user password
I go through it and then I get a folder view with the name of the shared directory of the usb drive, which does not have any password.
When I get to get in there is when I get the password error
What am I missing?
Thanks
Run -
cat /etc/samba/smbpasswd
And make sure your user and password are present, it should look something like -
cbx200:1000:xxxxxxxxxxxxxxx:B233GYHH78JHH
If it's not present try making it again with -
smbpasswd -a
Default masks should be 0777, but it wouldn't hurt to set them manually just to make sure, you can always change them when you have samba working
Also, remove this line from you samba template as it's not needed -
valid users = kuku, luisa
Here's my working template so you can check yours against it -
[global]
netbios name = |NAME|
display charset = |CHARSET|
interfaces = |INTERFACES|
server string = |DESCRIPTION|
unix charset = |CHARSET|
workgroup = |WORKGROUP|
bind interfaces only = yes
deadtime = 30
enable core files = no
invalid users = root
local master = no
map to guest = Bad User
max protocol = SMB2
min receivefile size = 16384
null passwords = yes
passdb backend = smbpasswd
security = user
smb passwd file = /etc/samba/smbpasswd
use sendfile = yes
Please post all code, config, and log output within code boxes, as all three need to be monospaced.
The samba user, or the group the user is apart of, must own the directory and files within in order to access. You also should add the following to /etc/samba/smb.conf.template
:
min protocol = SMB2
Issue:
echo " min protocol = SMB2" >> /etc/samba/smb.conf.template && /etc/init.d/samba restart
- SMBv1 is not secure, has been actively exploited for years, and should never be utilized; this ensures there's no chance of it being used by Samba.
I personally utilize the following:
[global]
browseable = yes
deadtime = 30
display charset = |CHARSET|
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = no
interfaces = |INTERFACES|
invalid users = root
local master = yes
log file = /var/log/samba/%m-%I.log
load printers = no
map to guest = Bad User
max log size = 50
max protocol = SMB2
min protocol = SMB2
min receivefile size = 16384
netbios name = |NAME|
null passwords = no
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
server string = |DESCRIPTION|
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
unix charset = |CHARSET|
use sendfile = yes
workgroup = |WORKGROUP|
writeable = yes
Thanks for that reminder, I always forget to set it on a new build.
@cbx200 Please put code
, config
, and log
output within CODE BOXES
... three ways to do so
- Please edit your posts above and add code boxes to your config content and command line output.
Code boxes exist for monospaced
text for a reason, please utilize them.
For example, this is how the below, from your post above, should look:
root@GL-AR750S:~# cat /etc/samba/smbpasswd
root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U ]:LCT-00000001:
kuku:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U ]:LCT-00000001:
This my template now. I still get password/authentication problems
Do you see what the problem could be?
Thanks
[global]
netbios name = |NAME|
display charset = |CHARSET|
interfaces = |INTERFACES|
server string = |DESCRIPTION|
unix charset = |CHARSET|
workgroup = |WORKGROUP|
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min protocol = SMB2
min receivefile size = 16384
null passwords = yes
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
socket optid ons = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
use sendfile = yes
writeable = yes
And yet, even though asked twice, and shown how to add code boxes, you again post config output outside of a code box...
As I mentioned earlier, code boxes are there for monospaced text for a reason, and one of the reasons is so that replies and threads are not cluttered by code outside of a code box since
-
non-monospaced fonts do not display monospaced output correctly and are not programmed to.
-
non-monospaced fonts make the output of monospaced content more difficult to read and follow
-
it leads to users who are trying to help to have to try and accurately parse inaccurate formatting & word wraps, of which will lead to inaccuracies in the posted content and the help received.
Since you appear determined to ignore the request, and clicking a link showing you how to add code boxes appears to be asking too much:
The Three Ways to Add a Code Box
-
Automatically:
- Highlight output, then click the pre-formatted text button [
</>
] on the toolbar
- Highlight output, then click the pre-formatted text button [
-
Manually: (I prefer this way as it's faster)
- Syntax Highlighed:
- Three back ticks [
```
] on new line, output on next lines, three back ticks on new line
OR - Three back ticks, whitespace, syntax [
``` bash
] on new line, output on next lines, three back ticks on new line
- Three back ticks [
- No Syntax Highlighting:
- Three back ticks, whitespace, "text" [
``` text
] on new line, output on next lines, three back ticks on new line
- Three back ticks, whitespace, "text" [
- Syntax Highlighed:
I'm fairly certain I mentioned code, config, and log output... perhaps some attention to detail could be suggested?
Your smbpasswd file and template look ok to me, If you have an old user/password saved in Windows for that server you might try deleting them, but other than that I'm out of ideas unfortunately.
thanks for your help
I am not sure what to do any longer
I am wondering if all this could be a problem with the firewall of the router,
I have asked in the company forum
regards
i can access the usb hard drive with ssh but the router/samba does not even show up in windows file explorer.
The router does appear in ios with a file explorer app but then i can not access the shared directory
Change (/etc/samba/smb.conf.template
)
-
null passwords = yes
to
null passwords = no
- Restart Samba:
/etc/init.d/samba restart
Please post the output of:
cat /etc/config/samba
cat /etc/samba/smb.conf
cat /etc/samba/smbpasswd
ls -lsa /path/to/share
What happens:
- When you open Windows Explorer and in the address bar type:
\\<router ip>
? - When you enter into the share directory?
- When you try to open a file?
thanks for your answer
here are the outputs
- samba
config samba
option workgroup 'WORKGROUP'
option name 'GL-AR750S'
option description 'GL-AR750S-6d0'
option homes '1'
config sambashare
option browseable 'yes'
option name 'peliculas'
option path '/mnt/sda1'
option read_only 'no'
option guest_ok 'yes'
option create_mask '0777'
option dir_mask '0777'
option users 'kuku'
- for smb.conf
netbios name = GL-AR750S
display charset = UTF-8
interfaces = lo br-lan
server string = GL-AR750S-6d0
unix charset = UTF-8
workgroup = WORKGROUP
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min protocol = SMB2
min receivefile size = 16384
null passwords = no
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
socket optid ons = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
use sendfile = yes
writeable = yes
[homes]
comment = Home Directories
browsable = no
read only = no
create mode = 0750
[peliculas]
path = /mnt/sda1
valid users = kuku
read only = no
guest ok = yes
create mask = 0777
directory mask = 0777
browseable = yes
3 for * cat /etc/samba/smbpasswd
root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U ]:LCT-00000001:
kuku:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U ]:LCT-00000001:
4 for ls -lsa /path/to/share
ls: /path/to/share: No such file or directory
- When i enter the ip adress in the web browser i am redirected to the router administration page
2 and 3. I can not even see the router in windows explorer/network, so i cant access anything
/etc/samba/smbpasswd
- Remove line 1, as root should not be a Samba user:
smbpasswd -x root
/etc/config/samba
: config samba
- Change
option workgroup 'WORKGROUP'
to
option workgroup 'lan'
- where
lan
is the local domain name set by the router in/etc/config/dhcp
(value set foroption domain
)
- where
- The local domain should also be mirrored on Windows as the Wokgroup name the PC belongs to
- Open an admin PowerShell terminal
- [
WinKey
] + [R
] - Type:
powershell
- [
CTRL
] + [SHIFT
] + [ENTER
]cmd /c 'wmic computersystem where name="%computername%" call joindomainorworkgroup name="Workgroup-Name"'
- Where
Workgroup-Name
is the local domain set by the router
- Where
- Reboot:
shutdown /r
- [
- Open an admin PowerShell terminal
/etc/config/samba
: config sambashare
Change bothmask
values to0755
- Change
create_mask
to0660
- Change
dir_mask
to0775
- Change
- Change
path = /mnt/sda1
to
an actual directory within the sda1 partition:path = /mnt/sda1/kuku
- root owns the root of all mounts, as OpenWrt is a single user OS, so the share must be a directory under
/mnt/sda1
, and that share directory must be owned by the Samba user and/or the Samba user's group.
- root owns the root of all mounts, as OpenWrt is a single user OS, so the share must be a directory under
Once the above steps are done, issue the following commands:
mkdir -p /mnt/sda1/kuku
chown -R kuku:kuku /mnt/sda1/kuku
chmod -R 765 /mnt/sda1/kuku
service samba restart
- I may have missed it in a prior post, but
kuku
must also be added:- As a user to
/etc/passwd
kuku:*:1001:1001:Samba User:/mnt/sda1/kuku:/bin/false
- As a group under
/etc/group
kuku:x:1001:
- As a user to
Not the web browser, Windows Explorer [file manager].
- In the address bar box, preface your router's IP with two backslashes, i.e.
\\192.168.1.1
- I've corrected my prior post, as I incorrectly typed forward slashes.
@cbx200 I read your Private Message...looking over my previous notes, I only changed the following line from default:
#Change security = user to security = share
I also have this note:
Ports 137-139 are for NetBios/Name resolution. Without it you will have to access machines by IP address opposed to NetBIOS name. Example \\192.168.1.100\share_name opposed to \\my_file_server\share_name
So port 445 is sufficient if you can work with IP addresses only.
- I also noticed that you renamed a section peliculas and specified a user named kuku.
Yes indeed
I am trying to access a USB HD attached to my open wrt router/SMB via windows or a file explorer in iOS.
Windows does not “see” the router
Within iOS I get a request for user password all the time. But the user pass I set don’t work. Same authentication request appears even if I set security = share
I think this has to do with permissions authorizations for the router to access the usb HD.
I saw you had written about it, but I am very new to all this and I don’t understand what needs to be done
Thanks a lot
Very clear
I had reinstalled fresh the routers firmware and formatted the usb drive with fat 32
I have not set up any user.
I can now access the usb drive from iOS and windows but I can’t write it from windows
I am now in the middle on implementing your suggestions above but the ones related to user.
I will report
Not sure what the mask values are. Where can I read about it. I have googled but not really understood.
Is it the same as the permission given for a drive/ directory?
Rgds
Hi JW0914
I have executed what you suggested, and I can access the usb and the new directory from iOS but the router does not appear in windows explorer as it did before
I have mapped the IP address of the router to windows explorer and I receive the message device detected but not answering
What can I do now?
Thanks