Samba 4.9.x package support thread


#124

i still can't manage to make samba4 work...

any advice? windows 10 say that he can't find the network path...


#125

Please explain how to replicate

I'm using 4.8/4.9 and it works fine although I use a custom configuration file. Keep in mind that guest access is disabled in Windows 10 and even with registry hacks I couldn't get it work without auth.


#126

Actually on win10 i can access guest share (no password share)

Problem is that i can access them only with the ip address... If i use the name displayed in the network list i get "Can't find network path"

I also find that with samaba4 restart also wsdd2 should be restarted to actually display the new name of the share (if changed)

I find that with windows this option is crucial for guest autentication...
smb encrypt = default

This should be default or off

It look like windows have problem with samab4 encryption and windows report general error...

This is my conf template

[global]
	netbios name = |NAME| 
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|

	## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
	bind interfaces only = yes
	
	## time for inactive connections to-be closed in minutes
	deadtime = 15
	
	## disable core dumps
	enable core files = no
	
	## set security (auto, user, domain, ads)
	security = user
	
	client min protocol = SMB3
	
	## This parameter controls whether a remote client is allowed or required to use SMB encryption.
	## It has different effects depending on whether the connection uses SMB1 or SMB2 and newer:
    ## If the connection uses SMB1, then this option controls the use of a Samba-specific extension to the SMB protocol introduced in Samba 3.2 that makes use of the Unix extensions.
	## If the connection uses SMB2 or newer, then this option controls the use of the SMB-level encryption that is supported in SMB version 3.0 and above and available in Windows 8 and newer. 
	##(default/auto,desired,required,off)
	smb encrypt = default
	
	## map unknow users to guest
	guest account = nobody
	map to guest = bad user

	## allow client access to accounts that have null passwords. 
	null passwords = yes
	
	## The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. (NOTE: enabled for size reasons)
	## (tdbsam,smbpasswd,ldapsam)
	passdb backend = smbpasswd
	
	## Set location of smbpasswd ('smbd -b' will show default compiled location)
	#smb passwd file = /etc/samba/smbpasswd 
	
	## LAN/WAN options (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT)
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
	
	## lower CPU useage if supported
	use sendfile = yes
	
	## samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained.
	#blocking locks = No
	
	## disable loading of all printcap printers by default (iprint, cups, lpstat)
	load printers = No
	printcap name = /dev/null

	## Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's.
	disable spoolss = yes
	
	## This parameters controls how printer status information is interpreted on your system.
	## (BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ)
	printing = bsd
	
	## Disable that nmbd is acting as a WINS server for unknow netbios names
	#dns proxy = No
	
	## win/unix user mapping backend
	#idmap config * : backend = tdb
	
	## Allows the server name that is advertised through MDNS to be set to the hostname rather than the Samba NETBIOS name.
	## This allows an administrator to make Samba registered MDNS records match the case of the hostname rather than being in all capitals.
	## (netbios, mdns)
	#mdns name = mdns
	
	## Clients that only support netbios won't be able to see your samba server when netbios support is disabled.
	#disable netbios = Yes
	
	## Setting this value to no will cause nmbd never to become a local master browser.
	#local master = no

	## (auto, yes) If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master. 
	#preferred master = yes

	## (445 139) Specifies which ports the server should listen on for SMB traffic.
	## 139 is netbios/nmbd
	smb ports = 445 139
	
	## This is a list of files and directories that are neither visible nor accessible.
	## Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards.
	veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
	
	## If a directory that is to be deleted contains nothing but veto files this deletion will fail unless you also set the delete veto files parameter to yes.
	delete veto files = yes
	
	# log files split per-machine:
	log file = /var/log/samba/log.%m
	# maximum size of 50KB per log file, then rotate:
	max log size = 200
	
################ Filesystem and creation rules ################
	## reported filesystem type (NTFS,Samba,FAT)
	fstype = NTFS
	
	## Allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it.
	dos filemode = Yes
	
	## file/dir creating rules
	#create mask = 0666
	#directory mask = 0777
	#force group = root
	#force user = root
	#inherit owner = windows and unix
################################################################


This is my conf file


config samba
	option workgroup 'WORKGROUP'
	option charset 'UTF-8'
	option name 'Ansuel-Share'
	option description 'Ansuel Share'
	option homes '1'

config sambashare
	option browseable 'yes'
	option name 'Download'
	option path '/mnt/data/Download'
	option read_only 'no'
	option guest_ok 'yes'
	option guest_only 'no'
	option inherit_owner 'no'
	option create_mask '777'
	option dir_mask '777'

config sambashare
	option browseable 'yes'
	option name 'Firmware'
	option path '/mnt/data/firmware'
	option read_only 'yes'
	option guest_ok 'yes'
	option guest_only 'no'
	option inherit_owner 'no'
	option create_mask '644'
	option dir_mask '644'



Ok i found the problem....

the netbios name should be the same name of the router online...

For example...

My router name is Ansuel-Router
My share name is Ansuel-Share

Windows complain about not finding Ansuel-Share on the network
By setting the share name to Ansuel-Router Windows immediatly connects to the share dir...

THIS SHOULD BE WRITTEN IN THE LUCI CONFIG PAGE...


@Andy2244 so to sum up

  1. wsdd2 should be restarted when samba4 gets restarted...
  2. In the luci page you should add an option to set smb encrypt option (and write that setting it to something different than auto or off will brake guest access on windows)
  3. Also you should write that the Hostname must be the same of the router to actually work (could really be a bug in wsdd2 program that comunicate the right name with the wrong network path, that could be different like in my case)

#127

This should already happen via procd procd_set_param file /var/etc/smb.conf, will retest if this works correctly.

Not really, its a advanced setting like all the other in the template file, the default setting is "Default" which works fine. The other settings also work fine, i can see and access my guest share just fine with it set to "off".

No it must not be the same, my router is named "router" and my shares have all different names. Those two settings/names are not related in any way. I suspect that by setting your share name to the router name, you somehow trick Windows dns to not resolve the share path and somehow fix your problem.

Did you try set your router to some simple lowercase name "router" and a share to like "share"? Just want to check if maybe the "-" or uppercase is a problem, which again should not be a problem.

Its really hard to diagnose your problem, just to double check the Function Discovery Provider Host and Function Discovery Resource Publication services are started?

Its really odd that you cant see the shares via wsdd2, this should always work, even if you can't access the share.

PS: Also try set mdns name = mdns


Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds
#128

router name : router
share name: share

"Can't find network path"

I can see the share but i can't access it ( with \192.168.2.1, i can enter and it works right)
With the same name i can enter it.


#129

sorry i cant reproduce this error, if the same name works for you than at least you have a fix for this problem, but that's not normal behavior.


#130

I'm experiencing the same issue, if the router and share names differ, I have no share access.
Log errors show user.err wsdd2[5182]: Can't open '/etc/machine-id', trying '/proc/sys/kernel/random/boot_id'.
Setting a uuid doesn't change anything. I'm on a clean new install (config from scratch) of Davidc build r8018 on WRT1900ACS and using Windows 8.1.


#131

You can ignore the wsdd2 error, it was a false error message and has been already fixed.
If no one else has a idea or way to reproduce this, there is not much i can do. There is no requirement how you name the share/router and i'm not sure what actually happens on the Windows side and why it fixes this issue.
I'm not even sure if this is a problem on the Windows side or samba/wsdd2 side.

PS: @Ansuel do you by any chance also use the Davidc builds?


#132

nope compiled from source

so on windows 10 you can correctly reach your share with a name different than the one of the router?

also i use win 10 insider...

Can you find a way to use the win 10 protocol to make sure wsdd2 is not the problem ?

On my side it looks like wsdd report a wrong ip or just windows try to access ansuel-share instead of ansuel-router (or the ip)

A packet inspector should help us... i shoudl scan for the snb port right? (and check what actually windows try to contact)


#133

As noted you and blamaz are the first users reporting the problem and i never encountered this, while using samba4 on openwrt for 3 years.

Maybe lets start simple, disable and stop avahi and wsdd2, now windows 10 should give access only via ip. See if this works with different router/share names.

You can also check Get-SmbConnection via powershell, my output looks like this:

PS C:\WINDOWS\system32> Get-SmbConnection

ServerName ShareName UserName    Credential  Dialect NumOpens
---------- --------- --------    ----------  ------- --------
router     share     GAMEPC\andy GAMEPC\andy 3.1.1   1

#135

Hi Team,

help much appreciated.
using david custom build wrt3200acm
using samba 4.x my drive is ntfs is mounted
windows 10 smb1 disabled
putty & winscp

root:x:0:0:root:/root:/bin/ash
daemon:*:1:1:daemon:/var:/bin/false
ftp:*:55:55:ftp:/home/ftp:/bin/false
network:*:101:101:network:/var:/bin/false
nobody:*:65534:65534:nobody:/var:/bin/false
dnsmasq:x:453:453:dnsmasq:/var/run/dnsmasq:/bin/false
Share:*:1000:65534:Share:/var:/bin/false

config samba
	option name 'OpenWrt-SMB'
	option workgroup 'WORKGROUP'
	option description 'Samba on OpenWrt'
	option charset 'UTF-8'
	option homes '0'

config sambashare
	option browseable 'yes'
	option name 'server1'
	option path '/mnt/sda1'
	option read_only 'no'
	option inherit_owner 'no'
	option users 'Share'
	option guest_only 'no'
	option create_mask '0777'
	option dir_mask '0777'
	option guest_ok 'yes'

  [global]
	netbios name = |NAME| 
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|

	## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
	bind interfaces only = yes
	
	## time for inactive connections to-be closed in minutes
	deadtime = 15
	
	## disable core dumps
	enable core files = no
	
	## set security (auto, user, domain, ads)
	security = user
	
	## This parameter controls whether a remote client is allowed or required to use SMB encryption.
	## It has different effects depending on whether the connection uses SMB1 or SMB2 and newer:
    ## If the connection uses SMB1, then this option controls the use of a Samba-specific extension to the SMB protocol introduced in Samba 3.2 that makes use of the Unix extensions.
	## If the connection uses SMB2 or newer, then this option controls the use of the SMB-level encryption that is supported in SMB version 3.0 and above and available in Windows 8 and newer. 
	##(default/auto,desired,required,off)
	smb encrypt = default
	
	## set invalid users
	invalid users = root
	
	## map unknow users to guest
	map to guest = Bad User

	## allow client access to accounts that have null passwords. 
	null passwords = yes
	
	## The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. (NOTE: enabled for size reasons)
	## (tdbsam,smbpasswd,ldapsam)
	passdb backend = smbpasswd
	
	## Set location of smbpasswd ('smbd -b' will show default compiled location)
	smb passwd file = /etc/samba/smbpasswd 
	
	## LAN/WAN options (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT)
	socket options = IPTOS_LOWDELAY TCP_NODELAY
	
	## lower CPU useage if supported
	use sendfile = yes
	
	## samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained.
	#blocking locks = No
	
	## disable loading of all printcap printers by default (iprint, cups, lpstat)
	load printers = No
	printcap name = /dev/null

	## Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's.
	disable spoolss = yes
	
	## This parameters controls how printer status information is interpreted on your system.
	## (BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ)
	printing = bsd
	
	## Disable that nmbd is acting as a WINS server for unknow netbios names
	#dns proxy = No
	
	## win/unix user mapping backend
	#idmap config * : backend = tdb
	
	## Allows the server name that is advertised through MDNS to be set to the hostname rather than the Samba NETBIOS name.
	## This allows an administrator to make Samba registered MDNS records match the case of the hostname rather than being in all capitals.
	## (netbios, mdns)
	#mdns name = mdns
	
	## Clients that only support netbios won't be able to see your samba server when netbios support is disabled.
	#disable netbios = Yes
	
	## Setting this value to no will cause nmbd never to become a local master browser.
	#local master = no

	## (auto, yes) If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master. 
	preferred master = yes

	## (445 139) Specifies which ports the server should listen on for SMB traffic.
	## 139 is netbios/nmbd
	smb ports = 445 139
	
	## This is a list of files and directories that are neither visible nor accessible.
	## Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards.
	veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
	
	## If a directory that is to be deleted contains nothing but veto files this deletion will fail unless you also set the delete veto files parameter to yes.
	delete veto files = yes
	
################ Filesystem and creation rules ################
	## reported filesystem type (NTFS,Samba,FAT)
	fstype = NTFS
	
	## Allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it.
	dos filemode = Yes
	
	## file/dir creating rules
	create mask = 0666
	directory mask = 0777
	force group = root
	force user = root
	inherit owner = windows and unix  

i follow and tried setting then when i try to use this command below

chown -R Share /mnt/sda1 && chmod -R 660 /mnt/sda1
then i got this below...

chown: /mnt/sda1/System Volume Information/IndexerVolumeGuid: Read-only file system
chown: /mnt/sda1/System Volume Information/WPSettings.dat: Read-only file system
chown: /mnt/sda1/System Volume Information: Read-only file system
chown: /mnt/sda1/System Volume Information: Read-only file system
chown: /mnt/sda1: Read-only file system
chown: /mnt/sda1: Read-only file system

config 'rule'
option '_name' 'Don'''t track NETBIOS Service'
option 'src' 'lan'
option 'dest' 'lan'
option 'dest_port' '137-139'
option 'target' 'NOTRACK'

config 'rule'
option '_name' 'Don'''t track Windows Filesharing'
option 'src' 'lan'
option 'src_port' '445'
option 'dest' 'lan'
option 'target' 'NOTRACK'

config 'rule'
option '_name' 'Don'''t track Windows Filesharing'
option 'src' 'lan'
option 'dest' 'lan'
option 'dest_port' '445'
option 'target' 'NOTRACK'

please any one can advise what i am doing wrong...

regards,


#136

Not generally: (https://support.microsoft.com/en-us/help/4046019)

"Windows 10 Home and Professional editions are unchanged from their previous default behavior."


#137

Those template parameters can be commented, since you did not change them from there defaults.

# smb ports = 445 139
# smb encrypt = default

This setting only works if you compiled your own version and enabled netbios support.

# preferred master = yes

You are aware that those global settings override any per share settings, so your "Share" user is never used for accessing the share.

	create mask = 0666
	directory mask = 0777
	force group = root
	force user = root
	inherit owner = windows and unix 

I cant really comment on samba4 and openwrt ntfs mounted drives. Its not really recommended, i'm not sure what ntfs driver openwrt uses and what speed and compatibility problems may occur. I tested with btrfs, ext2/3/4, f2fs and never had a problem chmod/chown my root mount folder and all its content.

PS: If you need a windows compatible filesystem you can try exFat, it has a much cleaner kernel implementation. You can use partitionwizard portable to format a drive to ext2/3/4 on Windows.


#138

As far as i know, is the NTFS driver read only. This is regardless of Samba.


#139

thank you for the suggestion and the portable tool working on it

regards,


#140

Do I need to designate the smb version I want to use in the global settings template?

Edit - I think I need NetBios in order for this to work (until Nvidia updates their samba implementation). How do I get netbios back? Do I need to compile my own package?


#141

Do I need to designate the smb version I want to use in the global settings template?

No, Windows/Samba should auto negotiate the used protocol version.

You only need netbios if you want to access the shares by name, you can still use the routers ip address instead like: \\192.168.1.1\share .

If you really need netbios for some reason than yes, netbios is generally not needed anymore so omitted from defaults. You can quickly build your own version via the guide below via package-builder. Make sure you have Menuconfig=1 enabled in your [config].txt.


#142

@Andy2244
What would be the best place to integrate the hosted repository by openwrt-package-builder into the openwrt image builder ?

Does it suffice to just append to repositories.conf
src/gz local_extra http://:8043/18.06.1/packages//extra ?


#143

@Andy2244

Just experienced a very strange issue with a Sept 24 2018 build of OpenWRT; Smaba4 was working great for nearly a day and then I attempted to configure another pc to connect, then Samba4 died completely with no means to fix!? NFS on the other-hand continued to work fine.

Only fix to get Samba4 working again was to re-install router fw (which isn't too much drama because I embed my configs...)

Here is the system log, it did include mac addresses as well be I have omitted them here.

Wed Sep 26 23:09:56 2018 daemon.err smbd[11909]: [2018/09/26 23:09:56.406213,  0] ../lib/util/util.c:514(dump_data)
Wed Sep 26 23:09:56 2018 daemon.err smbd[11909]:   [0000]    ..'\5.c< _..i~..4
Wed Sep 26 23:09:56 2018 daemon.err smbd[11909]: [2018/09/26 23:09:56.406420,  0] ../lib/util/util.c:514(dump_data)
Wed Sep 26 23:09:56 2018 daemon.err smbd[11909]:   [0000]  56 36   uK...2.. !.....V6
Wed Sep 26 23:09:56 2018 daemon.err smbd[11909]: [2018/09/26 23:09:56.407082,  0] ../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)

I have been running a previous build of yours on a previous snapshot for months without issue.

Any ideas?


#144

I guess that should work yes.

Not really, a samba dev would need to analyze the crash dump, which we disable by default :stuck_out_tongue: