Can access smb/cifs share via windows, cannot via linux

Windows Access Rights Management
Locked
Darknight7
New here
Posts: 4
Joined: Wed Aug 24, 2011 4:35 pm

Can access smb/cifs share via windows, cannot via linux

Post by Darknight7 »

TS559 here, latest firmware.
I can login via windows explorer and see correctly the password protected shares, this is impossible via linux. mount.cifs fails with "access denied" and a login failure is logged on the 559.
IPs are whitelisted, username and password have been double and triple checked.
Any help is greatly appreciated.
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Can access smb/cifs share via windows, cannot via linux

Post by schumaku »

Impossible to provide any help as-is. Show real details - for some 3.1, for some 3.8.1, for some 4.x is the latest firmware.

Then, provide the details of the mount, the mount command, the content of the fstab, ...

Probably using "critical" characters in the authentication, or whatever.
Darknight7
New here
Posts: 4
Joined: Wed Aug 24, 2011 4:35 pm

Re: Can access smb/cifs share via windows, cannot via linux

Post by Darknight7 »

Right, so:
- It's firmware 3.8.1
- mount command and results

Code: Select all

 # mount.cifs //nas1/test nfs --verbose -o user=smbtest
Password:
mount.cifs kernel mount options: unc=//nas1\test,ver=1,user=smbtest,ip=192.168.170.51,pass=********
mount error(13): Permission denied
- password is made of lowercase characters, no digits, no special characters, no punctuation or whitespace
- what I get with smbclient with a proper user (smbtest) and with a fake user

Code: Select all

# smbclient -L nas1 -U smbtest
Enter smbtest's password:
session setup failed: NT_STATUS_LOGON_FAILURE
# smbclient -L nas1 -U blah
Enter blah's password:
Domain=[SERVICES] OS=[Unix] Server=[Samba 3.5.2]

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service ()
        test            Disk      asdfasdf
        Network Recycle Bin 1 Disk      [RAID5 Disk Volume: Drive 1 2 3 4]
        Public          Disk      System default share
        Usb             Disk      System default share
        Web             Disk      System default share
        Recordings      Disk      System default share
        Download        Disk      System default share
        Multimedia      Disk      System default share
Domain=[SERVICES] OS=[Unix] Server=[Samba 3.5.2]

        Server               Comment
        ---------            -------
        NAS1
        NSIM

        Workgroup            Master
        ---------            -------
        SERVICES             NSIM
I hope this is enough to better understand the problem.
Thanks for your help.
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Can access smb/cifs share via windows, cannot via linux

Post by schumaku »

Well, review your mount, review your mount point, ...:

root@kurt-ubuntu:~# mkdir /mnt/cofs
root@kurt-ubuntu:~# mount -v -t cifs //ts-459proII/Download /mnt/cifs -o user=myusername
Password:
mount.cifs kernel mount options: ip=10.10.1.138,unc=\\ts-459proII\Download,user=myusername,pass=********
root@kurt-ubuntu:~# mount
...
//ts-459proII/Download on /mnt/cifs type cifs (rw)
...
Darknight7
New here
Posts: 4
Joined: Wed Aug 24, 2011 4:35 pm

Re: Can access smb/cifs share via windows, cannot via linux

Post by Darknight7 »

I found out, this works:

Code: Select all

mount.cifs //nas1/test nfs --verbose -o user=smbtest,sec=ntlmv2
The mount command is ntlmv2 capable... I don't understand why it doesn't even try without the explicit option, doesn't make sense to me. :|
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Can access smb/cifs share via windows, cannot via linux

Post by schumaku »

Well, in general you should use mount - instead of calling the mount.helper direct :shock:

Configured "Allow only NTLMv2 authentication" on the NAS Network Services >> Microsoft Networking >> Advanced Options ?
Darknight7
New here
Posts: 4
Joined: Wed Aug 24, 2011 4:35 pm

Re: Can access smb/cifs share via windows, cannot via linux

Post by Darknight7 »

Exactly. I set NTLMv2 only and the samba client didn't negotiate its use even if it worked ok when forced. As I said, it doesn't make sense to me at all to fail miserably where it could succeed: a silent security downgrade is bad but an upgrade is not.

Of course in fstab I'll be using the default mount option but I wanted to use the lowest level command possible to avoid any possible confusion about the nature of the problem.
Thanks anyway for your help. :)
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Can access smb/cifs share via windows, cannot via linux

Post by pwilson »

Darknight7 wrote:TS559 here, latest firmware.
I can login via windows explorer and see correctly the password protected shares, this is impossible via linux. mount.cifs fails with "access denied" and a login failure is logged on the 559.
IPs are whitelisted, username and password have been double and triple checked.
Any help is greatly appreciated.
There are multiple possible ways to connect a Linux machine to the NAS, but using SAMBA shares is by far the most reliable. Gigabit all around on this network. To keep it easy to manage, I simply create empty folders in the "/share" directory on my Ubuntu box, that I can mount to.

I create subfolders within "/share" called "Public", "Download", "Multimedia", etc. (on my Ubuntu boxes)

Code: Select all

sudo mkdir -p /share/Multimedia
sudo mkdir -p /share/Public
sudo mkdir -p /share/Download
sudo mkdir -p /share/Web
sudo mkdir -p /share/Public


I then simply mount my NAS shares onto these directories by modifying my "/etc/fstab" on my Ubuntu box to include the following lines:

My /etc/fstab file on my Ubuntu includes the following lines:

Code: Select all

//nas/Multimedia     /share/Multimedia   cifs  defaults,rw,credentials=/etc/nas-credentials
//nas/Public         /share/Public       cifs  defaults,rw,credentials=/etc/nas-credentials
//nas/Download       /share/Download     cifs  defaults,rw,credentials=/etc/nas-credentials
//nas/Web            /share/Web          cifs  defaults,rw,credentials=/etc/nas-credentials
//nas/Public         /share/Public       cifs  defaults,rw,credentials=/etc/nas-credentials
I then create my /etc/nas-credentials (on my Ubuntu boxes) with the following contents:

Code: Select all

username=pwilson
password=DjD05$@Fwpfd
I leave my /etc/nas-credentials file on my Ubuntu box with 600 (rw-------) for file permissions, so that other Ubuntu users can't see my username/password used to mount the NAS shares.

Code: Select all

sudo chmod 600 /etc/nas-credentials
You can activate this immediately with:

Code: Select all

sudo mount -a
My Ubuntu "automounts" all my NAS shares automatically at every boot. This method is easy to setup, and it means I can access my "Multimedia" on all my machines by simply doing a "cd /share/Multimedia". It doesn't matter whether I'm on my NAS or my Ubuntu boxes, my "Multimedia" always lives in "/share/Multimedia" on all of my machines, including my NAS. (This makes it very easy to manage everything).

Remember to create the "mount points" on your Ubuntu box so that they is somewhere to mount to:

I still use QNAP tools like Web File Manager, etc when I'm away from my network, but when I'm at home, I can literally use "cp" and "mv" commands to copy/move files between my NAS and my local machine. No fancy tools required. I don't use NFS at all on my Linux machines, everything is connected by SAMBA. (Even my XBMC-HTPC's, XBMC-xboxes, and Boxee Boxes access the NAS via SAMBA). I can even "drag & drop" like a Windows user, using "nautilus" or "dolphin" if I feel so inclined.

I do use NFS on my NAS, but only as part of my PXE server, so that I can load Linux Live-CD's via PXE (with nfsboot/nfsroot options) on new machines when I introduce them to my network. I am able to access all my internal Websites on my NAS from Firefox on my Ubuntu boxes. Only challenge is Surveillance Station, as it requires "IE" which Ubuntu doesn't have. Everything else works properly. In fact I am so happy with this setup, that I no longer own a Windows machine. All my Linux boxes are running under either Ubuntu or BackTrack5. (I use the same "/etc/fstab" entries (and "/etc/nas-credentials" file) on all of my Linux boxes).

Very easy to use, and very easy to manage. My girlfriend, and my children are still using Windows machines, but I personally do not. All our PC's and Smartphones can access the NAS, even remotely. It is a beautiful thing....

Patrick

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
mwilck
New here
Posts: 6
Joined: Sat Aug 16, 2014 6:47 pm

Re: Can access smb/cifs share via windows, cannot via linux

Post by mwilck »

I had the same problem here with my TS469pro, and I found the solution. It might work for the original poster, too.

If only Linux clients are affected, it's sufficient to set the following in /etc/samba/smb.conf on the clients:

Code: Select all

client ntlmv2 auth = yes
If there are ther clients that can't login either, it may be necessary to change the configuration of the NAS server, as follows: Log in via ssh as admin to your NAS box, and edit /etc/config/smb.conf (using vi /etc/config/smb.conf), adding the following line in the global section at the top:

Code: Select all

ntlm auth = yes
After saving the file, restart the smb service with /etc/init.d/samba4.sh restart.

Background: QNAP NAS servers don't allow the weaker NTLMv1 protocol by
default (only NTLMv2). But smbclient uses this protocol unless "client
ntlmv2 auth = yes" is set. Older or dumb clients (in my case, a SAT
receiver) can only do NTLMv1 anyway and thus they need the setting in the NAS server.
User avatar
schumaku
Guru
Posts: 43579
Joined: Mon Jan 21, 2008 4:41 pm
Location: Kloten (Zurich), Switzerland -- Skype: schumaku
Contact:

Re: Can access smb/cifs share via windows, cannot via linux

Post by schumaku »

Hello, and welcome to the QNAP NAS Community Forum!

By default, the QNAP NAS does permit (certainly up to QTS 4.1.1) both NTLM(v1) and NTLMv2 authentication from the client. There is no need to edit anything - use the Control Panel -> Network Services -> Win/Mac/NFS -> Microsoft Networking -> [Advanced] controls:
Screen Shot 2014-08-16 at 14.02.38.png
Here the (non-default) "Allow NTMLv2 auth only" is ticked.

Further on, the /etc/init.d/samba4.sh is obsolete (and should no longer exist on any QNAP NAS, it's only a remaining fractal on the TS-509/809/x39/x59 - all these NAS models currently not supporting SAMBA4). Use /etc/Init.d/smb.sh instead.

Regards,
-Kurt.
You do not have the required permissions to view the files attached to this post.
mwilck
New here
Posts: 6
Joined: Sat Aug 16, 2014 6:47 pm

Re: Can access smb/cifs share via windows, cannot via linux

Post by mwilck »

Thanks for pointing this out. I will try the advanced settings. It is strange though that NTLMv2 was disabled on my NAS (it definitely was, and I hadn't changed the setting, this box was essentially brand new). I just thought that this setting might be a good explanation for someone being able to log in from Windows but not with smbclient. In a modern Windows environment, disabling NTLMv1 makes a lot of sense.
mwilck
New here
Posts: 6
Joined: Sat Aug 16, 2014 6:47 pm

Re: Can access smb/cifs share via windows, cannot via linux

Post by mwilck »

Oops, just discovered that you had discussed this already 2 years ago. I had scanned over this thread but concentrated on the beginning and end, missing the important information in the middle. Sorry for the noise.
User avatar
pwilson
Guru
Posts: 22533
Joined: Fri Mar 06, 2009 11:20 am
Location: Victoria, BC, Canada (UTC-08:00)

Re: Can access smb/cifs share via windows, cannot via linux

Post by pwilson »

mwilck wrote:Oops, just discovered that you had discussed this already 2 years ago. I had scanned over this thread but concentrated on the beginning and end, missing the important information in the middle. Sorry for the noise.
Probably earlier than that too. Advanced search is your friend. (Top right corner of every page on this Forum).
I've been mounting Linux shares via SMB/CIFS for over 20 years here, including doing so on my Linux boxes.

I also use SMB to mount my NAS on my Android devices. I've heard rumors that Windows users use it too. :lol: Even Apple has finally started to migrate from their painfully broken AFP protocol to SMB/CIFS. Hopefully one day AFP and NFS will be nothing more than bad memories. (I stopped using NFS in 1991, even though most of my computers run Linux).

Patrick M. Wilson
Victoria, BC Canada
QNAP TS-470 Pro w/ 4 * Western Digital WD30EFRX WD Reds (RAID5) - - Single 8.1TB Storage Pool FW: QTS 4.2.0 Build 20151023 - Kali Linux v1.06 (64bit)
Forums: View My Profile - Search My Posts - View My Photo - View My Location - Top Community Posters
QNAP: Turbo NAS User Manual - QNAP Wiki - QNAP Tutorials - QNAP FAQs

Please review: When you're asking a question, please include the following.
midiman007
First post
Posts: 1
Joined: Sun Mar 10, 2024 3:28 am

Re: Can access smb/cifs share via windows, cannot via linux

Post by midiman007 »

Guys correct me if I am wrong but I just build a xenology box on a pc and everything works perfect with my Linux Mint accessing Samba shares via the network browser.
I have 2 ts-451 and one ts-230 none will work browsing the network share via the browser.
I called Qnap support which was useless. They say other than connecting via the smb\\ ip or name they don't support network browsing the shares. I know this had worked before and it has been proven that my Linux pc works since I can connect to the xenology via the Linux pc browser.
QNap like many times have broken something via a hot fix or something with Samba.
and we all need to complain for a fix
User avatar
OneCD
Guru
Posts: 12039
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Can access smb/cifs share via windows, cannot via linux

Post by OneCD »

* topic locked to prevent further necroposting *

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
Locked

Return to “Windows”