Can access smb/cifs share via windows, cannot via linux
-
- New here
- Posts: 4
- Joined: Wed Aug 24, 2011 4:35 pm
Can access smb/cifs share via windows, cannot via linux
TS559 here, latest firmware.
I can login via windows explorer and see correctly the password protected shares, this is impossible via linux. mount.cifs fails with "access denied" and a login failure is logged on the 559.
IPs are whitelisted, username and password have been double and triple checked.
Any help is greatly appreciated.
I can login via windows explorer and see correctly the password protected shares, this is impossible via linux. mount.cifs fails with "access denied" and a login failure is logged on the 559.
IPs are whitelisted, username and password have been double and triple checked.
Any help is greatly appreciated.
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Can access smb/cifs share via windows, cannot via linux
Impossible to provide any help as-is. Show real details - for some 3.1, for some 3.8.1, for some 4.x is the latest firmware.
Then, provide the details of the mount, the mount command, the content of the fstab, ...
Probably using "critical" characters in the authentication, or whatever.
Then, provide the details of the mount, the mount command, the content of the fstab, ...
Probably using "critical" characters in the authentication, or whatever.
-
- New here
- Posts: 4
- Joined: Wed Aug 24, 2011 4:35 pm
Re: Can access smb/cifs share via windows, cannot via linux
Right, so:
- It's firmware 3.8.1
- mount command and results
- password is made of lowercase characters, no digits, no special characters, no punctuation or whitespace
- what I get with smbclient with a proper user (smbtest) and with a fake user
I hope this is enough to better understand the problem.
Thanks for your help.
- It's firmware 3.8.1
- mount command and results
Code: Select all
# mount.cifs //nas1/test nfs --verbose -o user=smbtest
Password:
mount.cifs kernel mount options: unc=//nas1\test,ver=1,user=smbtest,ip=192.168.170.51,pass=********
mount error(13): Permission denied
- what I get with smbclient with a proper user (smbtest) and with a fake user
Code: Select all
# smbclient -L nas1 -U smbtest
Enter smbtest's password:
session setup failed: NT_STATUS_LOGON_FAILURE
# smbclient -L nas1 -U blah
Enter blah's password:
Domain=[SERVICES] OS=[Unix] Server=[Samba 3.5.2]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service ()
test Disk asdfasdf
Network Recycle Bin 1 Disk [RAID5 Disk Volume: Drive 1 2 3 4]
Public Disk System default share
Usb Disk System default share
Web Disk System default share
Recordings Disk System default share
Download Disk System default share
Multimedia Disk System default share
Domain=[SERVICES] OS=[Unix] Server=[Samba 3.5.2]
Server Comment
--------- -------
NAS1
NSIM
Workgroup Master
--------- -------
SERVICES NSIM
Thanks for your help.
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Can access smb/cifs share via windows, cannot via linux
Well, review your mount, review your mount point, ...:
root@kurt-ubuntu:~# mkdir /mnt/cofs
root@kurt-ubuntu:~# mount -v -t cifs //ts-459proII/Download /mnt/cifs -o user=myusername
Password:
mount.cifs kernel mount options: ip=10.10.1.138,unc=\\ts-459proII\Download,user=myusername,pass=********
root@kurt-ubuntu:~# mount
...
//ts-459proII/Download on /mnt/cifs type cifs (rw)
...
root@kurt-ubuntu:~# mkdir /mnt/cofs
root@kurt-ubuntu:~# mount -v -t cifs //ts-459proII/Download /mnt/cifs -o user=myusername
Password:
mount.cifs kernel mount options: ip=10.10.1.138,unc=\\ts-459proII\Download,user=myusername,pass=********
root@kurt-ubuntu:~# mount
...
//ts-459proII/Download on /mnt/cifs type cifs (rw)
...
-
- New here
- Posts: 4
- Joined: Wed Aug 24, 2011 4:35 pm
Re: Can access smb/cifs share via windows, cannot via linux
I found out, this works:
The mount command is ntlmv2 capable... I don't understand why it doesn't even try without the explicit option, doesn't make sense to me.
Code: Select all
mount.cifs //nas1/test nfs --verbose -o user=smbtest,sec=ntlmv2
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Can access smb/cifs share via windows, cannot via linux
Well, in general you should use mount - instead of calling the mount.helper direct
Configured "Allow only NTLMv2 authentication" on the NAS Network Services >> Microsoft Networking >> Advanced Options ?
Configured "Allow only NTLMv2 authentication" on the NAS Network Services >> Microsoft Networking >> Advanced Options ?
-
- New here
- Posts: 4
- Joined: Wed Aug 24, 2011 4:35 pm
Re: Can access smb/cifs share via windows, cannot via linux
Exactly. I set NTLMv2 only and the samba client didn't negotiate its use even if it worked ok when forced. As I said, it doesn't make sense to me at all to fail miserably where it could succeed: a silent security downgrade is bad but an upgrade is not.
Of course in fstab I'll be using the default mount option but I wanted to use the lowest level command possible to avoid any possible confusion about the nature of the problem.
Thanks anyway for your help.
Of course in fstab I'll be using the default mount option but I wanted to use the lowest level command possible to avoid any possible confusion about the nature of the problem.
Thanks anyway for your help.
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Can access smb/cifs share via windows, cannot via linux
There are multiple possible ways to connect a Linux machine to the NAS, but using SAMBA shares is by far the most reliable. Gigabit all around on this network. To keep it easy to manage, I simply create empty folders in the "/share" directory on my Ubuntu box, that I can mount to.Darknight7 wrote:TS559 here, latest firmware.
I can login via windows explorer and see correctly the password protected shares, this is impossible via linux. mount.cifs fails with "access denied" and a login failure is logged on the 559.
IPs are whitelisted, username and password have been double and triple checked.
Any help is greatly appreciated.
I create subfolders within "/share" called "Public", "Download", "Multimedia", etc. (on my Ubuntu boxes)
Code: Select all
sudo mkdir -p /share/Multimedia
sudo mkdir -p /share/Public
sudo mkdir -p /share/Download
sudo mkdir -p /share/Web
sudo mkdir -p /share/Public
I then simply mount my NAS shares onto these directories by modifying my "/etc/fstab" on my Ubuntu box to include the following lines:
My /etc/fstab file on my Ubuntu includes the following lines:
Code: Select all
//nas/Multimedia /share/Multimedia cifs defaults,rw,credentials=/etc/nas-credentials
//nas/Public /share/Public cifs defaults,rw,credentials=/etc/nas-credentials
//nas/Download /share/Download cifs defaults,rw,credentials=/etc/nas-credentials
//nas/Web /share/Web cifs defaults,rw,credentials=/etc/nas-credentials
//nas/Public /share/Public cifs defaults,rw,credentials=/etc/nas-credentials
Code: Select all
username=pwilson
password=DjD05$@Fwpfd
Code: Select all
sudo chmod 600 /etc/nas-credentials
Code: Select all
sudo mount -a
Remember to create the "mount points" on your Ubuntu box so that they is somewhere to mount to:
I still use QNAP tools like Web File Manager, etc when I'm away from my network, but when I'm at home, I can literally use "cp" and "mv" commands to copy/move files between my NAS and my local machine. No fancy tools required. I don't use NFS at all on my Linux machines, everything is connected by SAMBA. (Even my XBMC-HTPC's, XBMC-xboxes, and Boxee Boxes access the NAS via SAMBA). I can even "drag & drop" like a Windows user, using "nautilus" or "dolphin" if I feel so inclined.
I do use NFS on my NAS, but only as part of my PXE server, so that I can load Linux Live-CD's via PXE (with nfsboot/nfsroot options) on new machines when I introduce them to my network. I am able to access all my internal Websites on my NAS from Firefox on my Ubuntu boxes. Only challenge is Surveillance Station, as it requires "IE" which Ubuntu doesn't have. Everything else works properly. In fact I am so happy with this setup, that I no longer own a Windows machine. All my Linux boxes are running under either Ubuntu or BackTrack5. (I use the same "/etc/fstab" entries (and "/etc/nas-credentials" file) on all of my Linux boxes).
Very easy to use, and very easy to manage. My girlfriend, and my children are still using Windows machines, but I personally do not. All our PC's and Smartphones can access the NAS, even remotely. It is a beautiful thing....
Patrick
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
-
- New here
- Posts: 6
- Joined: Sat Aug 16, 2014 6:47 pm
Re: Can access smb/cifs share via windows, cannot via linux
I had the same problem here with my TS469pro, and I found the solution. It might work for the original poster, too.
If only Linux clients are affected, it's sufficient to set the following in /etc/samba/smb.conf on the clients:
If there are ther clients that can't login either, it may be necessary to change the configuration of the NAS server, as follows: Log in via ssh as admin to your NAS box, and edit /etc/config/smb.conf (using vi /etc/config/smb.conf), adding the following line in the global section at the top:
After saving the file, restart the smb service with /etc/init.d/samba4.sh restart.
Background: QNAP NAS servers don't allow the weaker NTLMv1 protocol by
default (only NTLMv2). But smbclient uses this protocol unless "client
ntlmv2 auth = yes" is set. Older or dumb clients (in my case, a SAT
receiver) can only do NTLMv1 anyway and thus they need the setting in the NAS server.
If only Linux clients are affected, it's sufficient to set the following in /etc/samba/smb.conf on the clients:
Code: Select all
client ntlmv2 auth = yes
Code: Select all
ntlm auth = yes
Background: QNAP NAS servers don't allow the weaker NTLMv1 protocol by
default (only NTLMv2). But smbclient uses this protocol unless "client
ntlmv2 auth = yes" is set. Older or dumb clients (in my case, a SAT
receiver) can only do NTLMv1 anyway and thus they need the setting in the NAS server.
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Can access smb/cifs share via windows, cannot via linux
Hello, and welcome to the QNAP NAS Community Forum!
By default, the QNAP NAS does permit (certainly up to QTS 4.1.1) both NTLM(v1) and NTLMv2 authentication from the client. There is no need to edit anything - use the Control Panel -> Network Services -> Win/Mac/NFS -> Microsoft Networking -> [Advanced] controls:
Here the (non-default) "Allow NTMLv2 auth only" is ticked.
Further on, the /etc/init.d/samba4.sh is obsolete (and should no longer exist on any QNAP NAS, it's only a remaining fractal on the TS-509/809/x39/x59 - all these NAS models currently not supporting SAMBA4). Use /etc/Init.d/smb.sh instead.
Regards,
-Kurt.
By default, the QNAP NAS does permit (certainly up to QTS 4.1.1) both NTLM(v1) and NTLMv2 authentication from the client. There is no need to edit anything - use the Control Panel -> Network Services -> Win/Mac/NFS -> Microsoft Networking -> [Advanced] controls:
Here the (non-default) "Allow NTMLv2 auth only" is ticked.
Further on, the /etc/init.d/samba4.sh is obsolete (and should no longer exist on any QNAP NAS, it's only a remaining fractal on the TS-509/809/x39/x59 - all these NAS models currently not supporting SAMBA4). Use /etc/Init.d/smb.sh instead.
Regards,
-Kurt.
You do not have the required permissions to view the files attached to this post.
-
- New here
- Posts: 6
- Joined: Sat Aug 16, 2014 6:47 pm
Re: Can access smb/cifs share via windows, cannot via linux
Thanks for pointing this out. I will try the advanced settings. It is strange though that NTLMv2 was disabled on my NAS (it definitely was, and I hadn't changed the setting, this box was essentially brand new). I just thought that this setting might be a good explanation for someone being able to log in from Windows but not with smbclient. In a modern Windows environment, disabling NTLMv1 makes a lot of sense.
-
- New here
- Posts: 6
- Joined: Sat Aug 16, 2014 6:47 pm
Re: Can access smb/cifs share via windows, cannot via linux
Oops, just discovered that you had discussed this already 2 years ago. I had scanned over this thread but concentrated on the beginning and end, missing the important information in the middle. Sorry for the noise.
- pwilson
- Guru
- Posts: 22533
- Joined: Fri Mar 06, 2009 11:20 am
- Location: Victoria, BC, Canada (UTC-08:00)
Re: Can access smb/cifs share via windows, cannot via linux
Probably earlier than that too. Advanced search is your friend. (Top right corner of every page on this Forum).mwilck wrote:Oops, just discovered that you had discussed this already 2 years ago. I had scanned over this thread but concentrated on the beginning and end, missing the important information in the middle. Sorry for the noise.
I've been mounting Linux shares via SMB/CIFS for over 20 years here, including doing so on my Linux boxes.
I also use SMB to mount my NAS on my Android devices. I've heard rumors that Windows users use it too. Even Apple has finally started to migrate from their painfully broken AFP protocol to SMB/CIFS. Hopefully one day AFP and NFS will be nothing more than bad memories. (I stopped using NFS in 1991, even though most of my computers run Linux).
Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs
Please review: When you're asking a question, please include the following.
-
- First post
- Posts: 1
- Joined: Sun Mar 10, 2024 3:28 am
Re: Can access smb/cifs share via windows, cannot via linux
Guys correct me if I am wrong but I just build a xenology box on a pc and everything works perfect with my Linux Mint accessing Samba shares via the network browser.
I have 2 ts-451 and one ts-230 none will work browsing the network share via the browser.
I called Qnap support which was useless. They say other than connecting via the smb\\ ip or name they don't support network browsing the shares. I know this had worked before and it has been proven that my Linux pc works since I can connect to the xenology via the Linux pc browser.
QNap like many times have broken something via a hot fix or something with Samba.
and we all need to complain for a fix
I have 2 ts-451 and one ts-230 none will work browsing the network share via the browser.
I called Qnap support which was useless. They say other than connecting via the smb\\ ip or name they don't support network browsing the shares. I know this had worked before and it has been proven that my Linux pc works since I can connect to the xenology via the Linux pc browser.
QNap like many times have broken something via a hot fix or something with Samba.
and we all need to complain for a fix
- OneCD
- Guru
- Posts: 12039
- Joined: Sun Aug 21, 2016 10:48 am
- Location: "... there, behind that sofa!"
Re: Can access smb/cifs share via windows, cannot via linux
* topic locked to prevent further necroposting *