I have restarted samba and rebooted the router
Didn’t help

I realize that I get the password error not when I enter in SMB but when I try to get to the next step ie. I see the samba server I click and I am asked for user password
I go through it and then I get a folder view with the name of the shared directory of the usb drive, which does not have any password.
When I get to get in there is when I get the password error

What am I missing?

Thanks

Run -

cat /etc/samba/smbpasswd

And make sure your user and password are present, it should look something like -

cbx200:1000:xxxxxxxxxxxxxxx:B233GYHH78JHH

If it's not present try making it again with -

smbpasswd -a

Default masks should be 0777, but it wouldn't hurt to set them manually just to make sure, you can always change them when you have samba working

Also, remove this line from you samba template as it's not needed -

valid users = kuku, luisa

Here's my working template so you can check yours against it -

[global]
	netbios name = |NAME| 
	display charset = |CHARSET|
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|
	bind interfaces only = yes
	deadtime = 30
	enable core files = no
	invalid users = root
	local master = no
	map to guest = Bad User
	max protocol = SMB2
	min receivefile size = 16384
	null passwords = yes
	passdb backend = smbpasswd
	security = user
	smb passwd file = /etc/samba/smbpasswd
	use sendfile = yes

Please post all code, config, and log output within code boxes, as all three need to be monospaced.

The samba user, or the group the user is apart of, must own the directory and files within in order to access. You also should add the following to /etc/samba/smb.conf.template:

min protocol = SMB2

Issue:

echo "    min protocol = SMB2" >> /etc/samba/smb.conf.template && /etc/init.d/samba restart

• SMBv1 is not secure, has been actively exploited for years, and should never be utilized; this ensures there's no chance of it being used by Samba.

I personally utilize the following:

[global]
    browseable              = yes
    deadtime                = 30
    display charset         = |CHARSET|
    domain master           = yes
    encrypt passwords       = true
    enable core files       = no
    guest account           = nobody
    guest ok                = no
    interfaces              = |INTERFACES|
    invalid users           = root
    local master            = yes
    log file                = /var/log/samba/%m-%I.log
    load printers           = no
    map to guest            = Bad User
    max log size            = 50
    max protocol            = SMB2
    min protocol            = SMB2
    min receivefile size    = 16384
    netbios name            = |NAME|
    null passwords          = no
    obey pam restrictions   = yes
    os level                = 20
    passdb backend          = smbpasswd
    preferred master        = yes
    printable               = no
    security                = user
    server string           = |DESCRIPTION|
    smb encrypt             = disabled
    smb passwd file         = /etc/samba/smbpasswd
    socket options          = TCP_NODELAY IPTOS_LOWDELAY
    syslog                  = 2
    unix charset            = |CHARSET|
    use sendfile            = yes
    workgroup               = |WORKGROUP|
    writeable               = yes

Thanks for that reminder, I always forget to set it on a new build.

@cbx200 Please put code, config, and log output within CODE BOXES... three ways to do so

• Please edit your posts above and add code boxes to your config content and command line output.

Code boxes exist for monospaced text for a reason, please utilize them.

For example, this is how the below, from your post above, should look:

root@GL-AR750S:~# cat /etc/samba/smbpasswd
root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U ]:LCT-00000001:
kuku:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U ]:LCT-00000001:

This my template now. I still get password/authentication problems

Do you see what the problem could be?
Thanks

[global]
netbios name = |NAME|
display charset = |CHARSET|
interfaces = |INTERFACES|
server string = |DESCRIPTION|
unix charset = |CHARSET|
workgroup = |WORKGROUP|
browseable = yes
deadtime = 30
domain master = yes
encrypt passwords = true
enable core files = no
guest account = nobody
guest ok = yes
invalid users = root
local master = yes
load printers = no
map to guest = Bad User
max protocol = SMB2
min protocol = SMB2
min receivefile size = 16384
null passwords = yes
obey pam restrictions = yes
os level = 20
passdb backend = smbpasswd
preferred master = yes
printable = no
security = user
smb encrypt = disabled
smb passwd file = /etc/samba/smbpasswd
socket optid ons = TCP_NODELAY IPTOS_LOWDELAY
syslog = 2
use sendfile = yes
writeable = yes

And yet, even though asked twice, and shown how to add code boxes, you again post config output outside of a code box...

As I mentioned earlier, code boxes are there for monospaced text for a reason, and one of the reasons is so that replies and threads are not cluttered by code outside of a code box since

1. non-monospaced fonts do not display monospaced output correctly and are not programmed to.

2. non-monospaced fonts make the output of monospaced content more difficult to read and follow

3. it leads to users who are trying to help to have to try and accurately parse inaccurate formatting & word wraps, of which will lead to inaccuracies in the posted content and the help received.
   
   

   Since you appear determined to ignore the request, and clicking a link showing you how to add code boxes appears to be asking too much:
   
   
   

The Three Ways to Add a Code Box

• Automatically:

  1. Highlight output, then click the pre-formatted text button [ </> ] on the toolbar
     
     

• Manually: (I prefer this way as it's faster)

  2. Syntax Highlighed:
     • Three back ticks [ ``` ] on new line, output on next lines, three back ticks on new line
       OR
     • Three back ticks, whitespace, syntax [ ``` bash ] on new line, output on next lines, three back ticks on new line
       
       
  3. No Syntax Highlighting:
     • Three back ticks, whitespace, "text" [ ``` text ] on new line, output on next lines, three back ticks on new line

I'm fairly certain I mentioned code, config, and log output... perhaps some attention to detail could be suggested?

Your smbpasswd file and template look ok to me, If you have an old user/password saved in Windows for that server you might try deleting them, but other than that I'm out of ideas unfortunately.

thanks for your help

I am not sure what to do any longer
I am wondering if all this could be a problem with the firewall of the router,

I have asked in the company forum

regards

i can access the usb hard drive with ssh but the router/samba does not even show up in windows file explorer.
The router does appear in ios with a file explorer app but then i can not access the shared directory

Change (/etc/samba/smb.conf.template)

• null passwords = yes
  to
  null passwords = no
  
  
• Restart Samba:
  /etc/init.d/samba restart

Please post the output of:

• cat /etc/config/samba
• cat /etc/samba/smb.conf
• cat /etc/samba/smbpasswd
• ls -lsa /path/to/share

What happens:

• When you open Windows Explorer and in the address bar type: \\<router ip> ?
• When you enter into the share directory?
• When you try to open a file?

thanks for your answer

here are the outputs

1. samba

config samba
        option workgroup 'WORKGROUP'
        option name 'GL-AR750S'
        option description 'GL-AR750S-6d0'
        option homes '1'

config sambashare
        option browseable 'yes'
        option name 'peliculas'
        option path '/mnt/sda1'
        option read_only 'no'
        option guest_ok 'yes'
        option create_mask '0777'
        option dir_mask '0777'
        option users 'kuku'

2. for smb.conf

 netbios name = GL-AR750S
        display charset = UTF-8
        interfaces = lo br-lan
        server string = GL-AR750S-6d0
        unix charset = UTF-8
        workgroup = WORKGROUP
        browseable = yes
        deadtime = 30
        domain master = yes
        encrypt passwords = true
        enable core files = no
        guest account = nobody
        guest ok = yes
        invalid users = root
        local master = yes
        load printers = no
        map to guest = Bad User
        max protocol = SMB2
        min protocol = SMB2
        min receivefile size = 16384
        null passwords = no
        obey pam restrictions = yes
        os level = 20
        passdb backend = smbpasswd
        preferred master = yes
        printable = no
        security = user
        smb encrypt = disabled
        smb passwd file = /etc/samba/smbpasswd
        socket optid ons = TCP_NODELAY IPTOS_LOWDELAY
        syslog = 2
        use sendfile = yes
        writeable = yes
[homes]
        comment     = Home Directories
        browsable   = no
        read only   = no
        create mode = 0750

[peliculas]
        path = /mnt/sda1
        valid users = kuku
        read only = no
        guest ok = yes
        create mask = 0777
        directory mask = 0777
        browseable = yes

3 for * cat /etc/samba/smbpasswd

root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U          ]:LCT-00000001:
kuku:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:336687DC3155971CB1EC73E3C733BBC1:[U          ]:LCT-00000001:

4 for ls -lsa /path/to/share

ls: /path/to/share: No such file or directory

1. When i enter the ip adress in the web browser i am redirected to the router administration page
   2 and 3. I can not even see the router in windows explorer/network, so i cant access anything

/etc/samba/smbpasswd

• Remove line 1, as root should not be a Samba user: smbpasswd -x root
  
  

/etc/config/samba: config samba

• Change option workgroup 'WORKGROUP'
  to
  option workgroup 'lan'
  • where lan is the local domain name set by the router in /etc/config/dhcp
    (value set for option domain)
    
    
• The local domain should also be mirrored on Windows as the Wokgroup name the PC belongs to
  • Open an admin PowerShell terminal
    1. [WinKey] + [R]
    2. Type: powershell
    3. [CTRL] + [SHIFT] + [ENTER]

       cmd /c 'wmic computersystem where name="%computername%" call joindomainorworkgroup name="Workgroup-Name"'
       

       • Where Workgroup-Name is the local domain set by the router
    4. Reboot: shutdown /r
       
       

/etc/config/samba: config sambashare

• Change both mask values to 0755
  • Change create_mask to 0660
  • Change dir_mask to 0775
    
    
• Change path = /mnt/sda1
  to
  an actual directory within the sda1 partition: path = /mnt/sda1/kuku
  • root owns the root of all mounts, as OpenWrt is a single user OS, so the share must be a directory under /mnt/sda1, and that share directory must be owned by the Samba user and/or the Samba user's group.
    
    

Once the above steps are done, issue the following commands:

mkdir -p /mnt/sda1/kuku
  chown -R kuku:kuku /mnt/sda1/kuku
  chmod -R 765 /mnt/sda1/kuku

service samba restart

• I may have missed it in a prior post, but kuku must also be added:
  • As a user to /etc/passwd
kuku:*:1001:1001:Samba User:/mnt/sda1/kuku:/bin/false
  • As a group under /etc/group
kuku:x:1001:
    
    

Not the web browser, Windows Explorer [file manager].

• In the address bar box, preface your router's IP with two backslashes, i.e. \\192.168.1.1
  • I've corrected my prior post, as I incorrectly typed forward slashes.

@cbx200 I read your Private Message...looking over my previous notes, I only changed the following line from default:

#Change security = user to security = share

I also have this note:

Ports 137-139 are for NetBios/Name resolution. Without it you will have to access machines by IP address opposed to NetBIOS name. Example \\192.168.1.100\share_name opposed to \\my_file_server\share_name

So port 445 is sufficient if you can work with IP addresses only.

• I also noticed that you renamed a section peliculas and specified a user named kuku.

Yes indeed

I am trying to access a USB HD attached to my open wrt router/SMB via windows or a file explorer in iOS.

Windows does not “see” the router

Within iOS I get a request for user password all the time. But the user pass I set don’t work. Same authentication request appears even if I set security = share

I think this has to do with permissions authorizations for the router to access the usb HD.

I saw you had written about it, but I am very new to all this and I don’t understand what needs to be done

Thanks a lot
Very clear
I had reinstalled fresh the routers firmware and formatted the usb drive with fat 32
I have not set up any user.
I can now access the usb drive from iOS and windows but I can’t write it from windows

I am now in the middle on implementing your suggestions above but the ones related to user.
I will report
Not sure what the mask values are. Where can I read about it. I have googled but not really understood.
Is it the same as the permission given for a drive/ directory?
Rgds

Hi JW0914

I have executed what you suggested, and I can access the usb and the new directory from iOS but the router does not appear in windows explorer as it did before
I have mapped the IP address of the router to windows explorer and I receive the message device detected but not answering

What can I do now?
Thanks