Trouble with Samba4, Openwrt 24.10.1 and Windows 11

topsbr · June 1, 2025, 3:09pm

Hello friends..

I be updating my router to 24.10.1 version... I make backup of my cfgs files...

I have an external hd with a lot of files, etc...

Well, I config the router to see a device, and its visible in /mnt/sdb1 (I already have one usb stick in /dev/sda1)...

In the route, seeing the folder /mnt, I see all folders, like:

In Windows stations (all of my house) I only see this folder and nothing more...

My configuration files are bellow:
/etc/config/samba4

config samba
	option workgroup 'WORKGROUP'
	option charset 'UTF-8'
	option description 'Samba on OpenWRT'
	option interface 'lan'
	option enable_extra_tuning '1'
	option macos '1'

config sambashare
	option name 'HD_Externo'
	option path '/mnt/sdb1/'
	option read_only 'no'
	option guest_ok 'no'
	option create_mask '0666'
	option dir_mask '0777'
	option timemachine '1'
	option users 'horus'

/etc/samba/smb.conf.template

[global]
	netbios name = |NAME| 
	interfaces = |INTERFACES|
	server string = |DESCRIPTION|
	unix charset = |CHARSET|
	workgroup = |WORKGROUP|

	## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
	bind interfaces only = yes

	## time for inactive connections to-be closed in minutes
	deadtime = 15

	## disable core dumps
	enable core files = no

	## set security (auto, user, domain, ads)
	security = user

	## This parameter controls whether a remote client is allowed or required to use SMB encryption.
	## It has different effects depending on whether the connection uses SMB1 or SMB2 and newer:
    ## If the connection uses SMB1, then this option controls the use of a Samba-specific extension to the SMB protocol introduced in Samba 3.2 that makes use of the Unix extensions.
	## If the connection uses SMB2 or newer, then this option controls the use of the SMB-level encryption that is supported in SMB version 3.0 and above and available in Windows 8 and newer. 
	## (default/auto,desired,required,off)
	#smb encrypt = default

	## set invalid users
	invalid users = root

	## map unknow users to guest
	map to guest = Bad User

	## allow client access to accounts that have null passwords. 
	null passwords = yes

	## The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. (NOTE: enabled for size reasons)
	## (tdbsam,smbpasswd,ldapsam)
	passdb backend = smbpasswd

	## Set location of smbpasswd ('smbd -b' will show default compiled location)
	#smb passwd file = /etc/samba/smbpasswd 

	## LAN (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT) WiFi (SO_KEEPALIVE) try&error for buffer sizes (SO_RCVBUF=65536 SO_SNDBUF=65536)
	socket options = IPTOS_LOWDELAY TCP_NODELAY

	## If this integer parameter is set to a non-zero value, Samba will read from files asynchronously when the request size is bigger than this value.
	## Note that it happens only for non-chained and non-chaining reads and when not using write cache.
	## The only reasonable values for this parameter are 0 (no async I/O) and 1 (always do async I/O).
	## (1/0)
	#aio read size = 0
	#aio write size = 0

	## If Samba has been built with asynchronous I/O support, Samba will not wait until write requests are finished before returning the result to the client for files listed in this parameter.
	## Instead, Samba will immediately return that the write request has been finished successfully, no matter if the operation will succeed or not.
	## This might speed up clients without aio support, but is really dangerous, because data could be lost and files could be damaged. 
	#aio write behind = /*.tmp/

	## lower CPU useage if supported and aio is disabled (aio read size = 0 ; aio write size = 0)
	## is this still broken? issue is from 2019 (NOTE: see https://bugzilla.samba.org/show_bug.cgi?id=14095 )
	## (no, yes)
	#use sendfile = yes

	## samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained.
	#blocking locks = No

	## disable loading of all printcap printers by default (iprint, cups, lpstat)
	load printers = No
	printcap name = /dev/null

	## Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's.
	disable spoolss = yes

	## This parameters controls how printer status information is interpreted on your system.
	## (BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, SOFTQ)
	printing = bsd

	## Disable that nmbd is acting as a WINS server for unknow netbios names
	#dns proxy = No

	## win/unix user mapping backend
	#idmap config * : backend = tdb

	## Allows the server name that is advertised through MDNS to be set to the hostname rather than the Samba NETBIOS name.
	## This allows an administrator to make Samba registered MDNS records match the case of the hostname rather than being in all capitals.
	## (netbios, mdns)
	mdns name = mdns

	## Clients that only support netbios won't be able to see your samba server when netbios support is disabled.
	#disable netbios = Yes

	## Setting this value to no will cause nmbd never to become a local master browser.
	local master = yes

	## (auto, yes) If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master. 
	preferred master = yes

	## (445 139) Specifies which ports the server should listen on for SMB traffic.
	## 139 is netbios/nmbd
	#smb ports = 445 139

	## This is a list of files and directories that are neither visible nor accessible.
	## Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards.
	veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/

	## If a directory that is to be deleted contains nothing but veto files this deletion will fail unless you also set the delete veto files parameter to yes.
	delete veto files = yes

################ Filesystem and creation rules ################
	## reported filesystem type (NTFS,Samba,FAT)
	#fstype = FAT

	## Allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it.
	#dos filemode = Yes

	## file/dir creating rules
	#create mask = 0666
	#directory mask = 0777
	#force group = root
	#force user = root
	#inherit owner = windows and unix
################################################################

I have cried the user "horus" with your password and add to /etc/passwf file, like:

horus:x:1001:1001:smb horus:/dev/null:/bin/false

Additonal info: I´ve been tested with my linux mint and Debian 12 too, the problem is the same, so I believe that I have any problem with forldes and files permissions, but in Openwrt 23.05, works well.

Any suggestions?

topsbr · June 1, 2025, 3:55pm

I'm encountering several errors and failures in this version 24.10.1 - I'm thinking about going back to 23.05.5, where due to my mistake, I ended up updating some system packages and it became unstable and I couldn't revert it.

topsbr · June 2, 2025, 5:04pm

Hello everyone, how are you?

I redid my entire configuration based on 23.05.5 and it still doesn't work like it used to.

What could be happening?

I did a test by sharing a pendrive formatted in ext4 as well...

I created several folders and files inside this pendrive and I was able to read all of them in the Windows 11 and Linux sharing without any problems.

I can't understand why old folders, even if they exist, are not being shown in the sharing.

AlanDias17 · June 2, 2025, 10:41pm

Just for a test using winscp change one those folders permission to 0755 and test again

topsbr · June 2, 2025, 11:21pm

The HD is formatted in ext4... using Linux, I can't change the permissions...

I'll try later with chmod and chown.

Thanks

topsbr · June 3, 2025, 12:44am

It´s very stranger...

To some folders, works....
For others, not working..

I believe the permissions are setting correctly, but, I will share here too...

I´ve test with 0755, but the results are the same...

Additional information:

If I create a folder with accented characters through Windows, when I look at it inside /mnt/sdb1, the characters are "crazy", but if I create this same folder inside /mnt/sdb1, some folders "disappear" from the sharing... trying to send a video here for you...

I have the impression that this doesn't work as it should...

topsbr · June 3, 2025, 1:29am

Apparently resolved... Still testing...

AlanDias17 · June 3, 2025, 8:19pm

Nice catch I wasn't aware of character encoding mismatch could mess up interacting with filesystem permissions. I suggest you use unix charset = UTF-8 and ditch display charset line. Windows & any modern OS can handle UTF-8 perfectly it's a current norm nowadays

topsbr · June 3, 2025, 8:41pm

I will try the "unix charset = UTF-8"

Thanks

topsbr · June 6, 2025, 11:11am

Sorry dor delay friend...

I change to "unix charset = UTF-8" and doesn´t work...
I return the config to "ISO-8859-1" and works perfectly!!

No problem for me...

Thanks for help.

phinn · June 6, 2025, 5:07pm

Might be related, for years I was able to connect to shares on a Win11 PC without adding a username/password using Ksmbd package. In the last few builds (not sure when it regressed) on the 24.10-SNAPSHOT branch (e.g. Ksmbd/Kmod Version 3.5.3/6.6.92) you cannot check the box at LuCI -> Services -> Network Shares -> Allow guests. When you hit apply it immediately unchecks so this functionality must have broke.

I used ksmbd.adduser as per the wiki and am able to connect normally as a workaround, this is a prefered approach anyway for obvious security reasons.