Ksmbd (Samba3/4 alternative, ex cifsd/smbd) package support thread

Yes its a default template option, so guest access can work. Should be a safe default for us, but its bugged atm and should not prevent authenticated user to fail. Should be fixed in the next release.

1 Like

Oh, no worries. That was more for the benefit of others who want to confirm.

thanks Andy2244
I removed map to guest = Bad User
this allows me to use the user/password but breaks my guest shares that other computer's use
also it asks for username&password when selecting the device/computer where as samba asked while selecting the share itself
also a cosmetic note it seems to force lower case on all the share names

root@router.lan3:~# grep path /var/etc/smbd/smb.conf
        path = /mnt/usb-dados
        path = /mnt/usb-dados/tftpboot
root@router.lan3:~# /etc/init.d/smbd restart
root@router.lan3:~# grep path /var/etc/smbd/smb.conf
        path = /mnt/usb-dados
        path = /mnt/usb-dados/tftpboot
        path = /mnt/usb-dados
        path = /mnt/usb-dados/tftpboot
root@router.lan3:~# /etc/init.d/smbd restart
root@router.lan3:~# grep path /var/etc/smbd/smb.conf
        path = /mnt/usb-dados
        path = /mnt/usb-dados/tftpboot
        path = /mnt/usb-dados
        path = /mnt/usb-dados/tftpboot
        path = /mnt/usb-dados
        path = /mnt/usb-dados/tftpboot

It happens when there is no "globals/samba" section. It should create a config file from template (sed) independently from what config file has. "globals/samba" section should only change the default value of workgroup/description/etc.

It's strange how /etc/init.d/smbd creates the config file. If there is both samba and smbd, it will ignore smbd globals as it regenerate it from template when it reads "samba". It is different for shares, which are both added. I think it would be better to choose one config (smbd, samba) file and ignore the other one. I would give preference to smbd when it exists.

smbd is also not closing connections on stop. It keep existing connection in a "TIME_WAIT" state, which prevents for a time smbd to listen again port 445.

1 Like

ok probably a bug in the compatibility code that allows for samba sections in the config, will try to fix this.

mhh we send the "kill" signal which should stop/close everything, will send this bug upstream, thx.

@luizluca can you check the upstream issue regarding the TIME_WAIT state, i'm not fully sure what the problem is here? I can start/stop without any issues, so what does it "prevent"?

changes: cifsd -> smbd -> ksmbd

  • new version

Ok did just update the package in snapshots to 3.1.1/3.1.0 and related packages (wsdd2/luci).

Except for the name-change the new package uses glib2 static, this means glib2 is not needed anymore on the target and the new tools-bin sizes are around: usmbd = ~90kb, smbuseradd = ~40kb and the kernel module = ~190kb. So the whole ksmbd + deps is either 400kb installed or 200kb if compressed and build into the FW.

IMPORTANT:
So yes hopefully the last name-change from smbd to ksmbd and ksmbd-tools, the upstream reason was that samba also has a smbd user process running, so they wanted to avoid confusion.

This also means there are new etc locations:
config is: /etc/ksmbd/smb.conf
user database is: /etc/ksmbd/ksmbdpwd.db

I did also remove the old samba UCI compatibility code, since its had to test/maintain. The ksmbd section names are [globals] and [share]:

Example /etc/config/ksmbd

config globals
	option workgroup 'WORKGROUP'
	option description 'Ksmbd on OpenWrt'

config share
	option path '/tmp'
	option name 'test'
	option create_mask '0666'
	option dir_mask '0777'
	option read_only 'no'
	option guest_ok 'yes'

Any news about the avahi service integration ?

nope see: https://github.com/cifsd-team/ksmbd-tools/issues/99

PS: If i have time i may just try add a custom smb avahi file, until we have something similar to the samba4 integration.

1 Like

Note that 19.07.1 is planned to be tagged on Wednesday.

http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021433.html

We plan to tag and build OpenWrt 19.07.1 and 18.06.7 on Wednesday evening.

If you want the rename included in the official release (or if somebody later builds from the tag), please do the PRs earlier.

@hnyman ok thanks for the heads up, guess i have to skip Itai no wa Iya nano de Bougyoryoku ni Kyokufuri Shitai to Omoimasu tonight in favor of some 19.07 testing.

Btw would you merge a backport of https://github.com/openwrt/packages/pull/10780 so i can bring 19.07 and master in line?

1 Like

You should maybe talk to @neheb or tripolar about it, as neheb was involved in the master PR.

ok, all merged, so enjoy it from master and 19.07.

2 Likes

Ok just added a "ksmbd-avahi-service" package so avahi works with ksmbd, see: https://github.com/openwrt/packages/pull/11173

If someone has a Mac, leave feedback if this also works, can't find my MacOS VM.

PS: If you don't want to wait, all you need is the smb.service file in /etc/avahi/services/.

Just for notice, I'm having a really hard time to make android apps work with smbd. I tried multiple clients and all of them failed with anonymous connection. We could have it compiled but disable by default or a variant kmod build. smb1 vulns really does not matter that much when the user is using anonymous access.

mhh @neheb @hnyman any input on this request?

I guess its possible, by having min protocol = smb2.1 in the default template and than adjust this via a UCI config option.

PS: Its really a shame and a mystery why google removed there official smbv3 client. I was using this a couple of years back on ChromeOS + Android. Than one day it vanished from the playstore....

I use FX on Android. Works fine. Then again I don't do annonimous.access.

@Andy2244 could work. Strange that it is needed...

The apps I tested so far:

AndSMB: fails with NT Status: STATUS_DATA_ERROR (0xc000003e)
Filemanager (flashlight + Clock): uses SMB1.0
GMT Subtitles: uses SMB1.0
VLC: no issues :slight_smile:
X-plore: fails with NT Status: STATUS_DATA_ERROR (0xc000003e)

And some other clients that also failed.