Windows can access a share, Ubunto can't

    • OMV 4.x
    • Windows can access a share, Ubunto can't

      Hi,
      I've just installed OMV.
      I've created a share and Windows can connect to it without any problem, but Ubuntu 16.04 can't:

      Source Code

      1. sudo mount -v -t cifs //192.168.20.121/Multimedia /mnt/varie/ -o username=WORKGROUP/desktop
      2. Password for WORKGROUP/desktop@//192.168.20.121/Multimedia: ******
      3. mount.cifs kernel mount options: ip=192.168.20.121,unc=\\192.168.20.121\Multimedia,user=WORKGROUP/desktop,pass=********
      4. mount error(13): Permission denied
      5. Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
      These are the line in the samba log that seems more relevant to me:

      Source Code

      1. Mar 18 16:54:16 omv smbd[4396]: check_sam_security: Couldn't find user 'WORKGROUP/desktop' in passdb.
      2. Mar 18 16:54:16 omv smbd[4396]: check_ntlm_password: Authentication for user [WORKGROUP/desktop] -> [WORKGROUP/desktop] FAILED with error NT_STATUS_NO_SUCH_USER
      3. Mar 18 16:54:16 omv smbd[4396]: No such user WORKGROUP/desktop [OMV] - using guest account
      I've used the user desktop with Windows and with Ubuntu and the workgroup is WORKGROUP.
      I've checked the privileges and ACL.
      Here is the full samba log:

      Source Code

      1. Mar 18 16:54:16 omv smbd[4396]: switch message SMBnegprot (pid 4396) conn 0x0
      2. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.564777, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      3. Mar 18 16:54:16 omv smbd[4396]: Requested protocol [LM1.2X002]
      4. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.564922, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      5. Mar 18 16:54:16 omv smbd[4396]: Requested protocol [LANMAN2.1]
      6. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.564992, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      7. Mar 18 16:54:16 omv smbd[4396]: Requested protocol [NT LM 0.12]
      8. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.565059, 3] ../source3/smbd/negprot.c:603(reply_negprot)
      9. Mar 18 16:54:16 omv smbd[4396]: Requested protocol [POSIX 2]
      10. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.572996, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      11. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'gssapi_spnego' registered
      12. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.573134, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      13. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'gssapi_krb5' registered
      14. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.573205, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      15. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'gssapi_krb5_sasl' registered
      16. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.573273, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      17. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.573559, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      18. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'ntlmssp' registered
      19. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.573923, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      20. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'ntlmssp_resume_ccache' registered
      21. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.573998, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      22. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'http_basic' registered
      23. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.574066, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      24. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'http_ntlm' registered
      25. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.574135, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      26. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'krb5' registered
      27. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.574255, 3] ../auth/gensec/gensec_start.c:908(gensec_register)
      28. Mar 18 16:54:16 omv smbd[4396]: GENSEC backend 'fake_gssapi_krb5' registered
      29. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.574491, 3] ../source3/smbd/negprot.c:394(reply_nt1)
      30. Mar 18 16:54:16 omv smbd[4396]: using SPNEGO
      31. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.574565, 3] ../source3/smbd/negprot.c:744(reply_negprot)
      32. Mar 18 16:54:16 omv smbd[4396]: Selected protocol NT LM 0.12
      33. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.575330, 3] ../source3/smbd/process.c:1958(process_smb)
      34. Mar 18 16:54:16 omv smbd[4396]: Transaction 1 of length 212 (0 toread)
      35. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.575482, 3] ../source3/smbd/process.c:1538(switch_message)
      36. Mar 18 16:54:16 omv smbd[4396]: switch message SMBsesssetupX (pid 4396) conn 0x0
      37. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.575693, 3] ../source3/smbd/sesssetup.c:140(reply_sesssetup_and_X_spnego)
      38. Mar 18 16:54:16 omv smbd[4396]: Doing spnego session setup
      39. Mar 18 16:54:16 omv smbd[4396]: Doing spnego session setup
      40. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.578328, 3] ../source3/smbd/sesssetup.c:181(reply_sesssetup_and_X_spnego)
      41. Mar 18 16:54:16 omv smbd[4396]: NativeOS=[Linux version 4.4.0-142-generic] NativeLanMan=[CIFS VFS Client for Linux] PrimaryDomain=[]
      42. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.578482, 3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
      43. Mar 18 16:54:16 omv smbd[4396]: Got user=[WORKGROUP/desktop] domain=[OMV] workstation=[] len1=0 len2=96
      44. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.578585, 3] ../source3/param/loadparm.c:3739(lp_load_ex)
      45. Mar 18 16:54:16 omv smbd[4396]: lp_load_ex: refreshing parameters
      46. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.578766, 3] ../source3/param/loadparm.c:542(init_globals)
      47. Mar 18 16:54:16 omv smbd[4396]: Initialising global parameters
      48. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.579322, 3] ../source3/param/loadparm.c:2668(lp_do_section)
      49. Mar 18 16:54:16 omv smbd[4396]: Processing section "[global]"
      50. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.579787, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      51. Mar 18 16:54:16 omv smbd[4396]: Processing section "[Temp]"
      52. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.580368, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      53. Mar 18 16:54:16 omv smbd[4396]: Processing section "[config]"
      54. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.580799, 2] ../source3/param/loadparm.c:2685(lp_do_section)
      55. Mar 18 16:54:16 omv smbd[4396]: Processing section "[Multimedia]"
      56. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.581216, 3] ../source3/param/loadparm.c:1585(lp_add_ipc)
      57. Mar 18 16:54:16 omv smbd[4396]: adding IPC service
      58. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.581633, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
      59. Mar 18 16:54:16 omv smbd[4396]: check_ntlm_password: Checking password for unmapped user [OMV]\[WORKGROUP/desktop]@[] with the new password interface
      60. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.581714, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
      61. Mar 18 16:54:16 omv smbd[4396]: check_ntlm_password: mapped user is: [OMV]\[WORKGROUP/desktop]@[]
      62. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.582082, 3] ../source3/auth/check_samsec.c:400(check_sam_security)
      63. Mar 18 16:54:16 omv smbd[4396]: check_sam_security: Couldn't find user 'WORKGROUP/desktop' in passdb.
      64. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.582162, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
      65. Mar 18 16:54:16 omv smbd[4396]: check_ntlm_password: Authentication for user [WORKGROUP/desktop] -> [WORKGROUP/desktop] FAILED with error NT_STATUS_NO_SUCH_USER
      66. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.582267, 3] ../source3/auth/auth_util.c:1611(do_map_to_guest_server_info)
      67. Mar 18 16:54:16 omv smbd[4396]: No such user WORKGROUP/desktop [OMV] - using guest account
      68. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.583332, 3] ../source3/smbd/process.c:1958(process_smb)
      69. Mar 18 16:54:16 omv smbd[4396]: Transaction 3 of length 110 (0 toread)
      70. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.583469, 3] ../source3/smbd/process.c:1538(switch_message)
      71. Mar 18 16:54:16 omv smbd[4396]: switch message SMBtconX (pid 4396) conn 0x0
      72. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.583938, 3] ../source3/lib/access.c:338(allow_access)
      73. Mar 18 16:54:16 omv smbd[4396]: Allowed connection from 192.168.20.60 (192.168.20.60)
      74. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.584035, 2] ../source3/smbd/service.c:319(create_connection_session_info)
      75. Mar 18 16:54:16 omv smbd[4396]: guest user (from session setup) not permitted to access this share (Multimedia)
      76. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.584366, 1] ../source3/smbd/service.c:502(make_connection_snum)
      77. Mar 18 16:54:16 omv smbd[4396]: create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      78. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.584510, 3] ../source3/smbd/error.c:82(error_packet_set)
      79. Mar 18 16:54:16 omv smbd[4396]: NT error packet at ../source3/smbd/reply.c(1072) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
      80. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.585215, 3] ../source3/smbd/process.c:1958(process_smb)
      81. Mar 18 16:54:16 omv smbd[4396]: Transaction 4 of length 43 (0 toread)
      82. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.585325, 3] ../source3/smbd/process.c:1538(switch_message)
      83. Mar 18 16:54:16 omv smbd[4396]: switch message SMBulogoffX (pid 4396) conn 0x0
      84. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.585944, 3] ../source3/smbd/reply.c:2511(reply_ulogoffX)
      85. Mar 18 16:54:16 omv smbd[4396]: ulogoffX vuid=55970
      86. Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.715564, 3] ../source3/smbd/server_exit.c:246(exit_server_common)
      87. Mar 18 16:54:16 omv smbd[4396]: Server exit (failed to receive smb request)
      88. Mar 18 16:54:16 omv smbd[2845]: [2019/03/18 16:54:16.722662, 3] ../source3/lib/util_procid.c:54(pid_to_procid)
      89. Mar 18 16:54:16 omv smbd[2845]: pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
      Display All

      I've search around but without any luck.
      Thanks!
    • Are you using a Desktop on 16.04, or is this a server?

      If you have a Desktop, just open a file browser (Nautilus, Thunar, caja.. whatever) and type the path smb://your_nas_IP

      You should see your smb shares there, and simply need to enter your nas username/password when prompted. Assuming you have a desktop, I've never had to do all that to use an SMB share.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • tkaiser wrote:

      KM0201 wrote:

      If you have a Desktop, just open a file browser (Nautilus, Thunar, caja.. whatever) and type the path smb://your_nas_IP
      This is usually a recipe to get inferior SMB performance caused by gvfs-smb, see bugzilla.gnome.org/show_bug.cgi?id=776339
      Hmm. I always figured it was my craptacular Laptop that was causing crappy SMB speeds (it's just as bad w/ NFS). I write to my shares so little from my SMB, and usually when I do, it's small files (backup configurations from home) so I don't pay it much attention.

      Gotta get ready to go deal w/ the yahoos, but I'll look into that more Wed.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • tkaiser wrote:

      Have you already tried -o username=desktop?
      Yes, no luck :(

      KM0201 wrote:

      Are you using a Desktop on 16.04, or is this a server?

      If you have a Desktop, just open a file browser (Nautilus, Thunar, caja.. whatever) and type the path smb://your_nas_IP

      You should see your smb shares there, and simply need to enter your nas username/password when prompted. Assuming you have a desktop, I've never had to do all that to use an SMB share.
      I've tried with Nautilus too, but with the same result: the password is never accepted
    • andre_x wrote:

      tkaiser wrote:

      Have you already tried -o username=desktop?
      Yes, no luck :(

      KM0201 wrote:

      Are you using a Desktop on 16.04, or is this a server?

      If you have a Desktop, just open a file browser (Nautilus, Thunar, caja.. whatever) and type the path smb://your_nas_IP

      You should see your smb shares there, and simply need to enter your nas username/password when prompted. Assuming you have a desktop, I've never had to do all that to use an SMB share.
      I've tried with Nautilus too, but with the same result: the password is never accepted
      Then the only logical explanation is you're entering the wrong credentials.
      Air Conditioners are a lot like PC's... They work great until you open Windows.

    • andre_x wrote:

      Mar 18 16:54:16 omv smbd[4396]: check_ntlm_password: Authentication for user [WORKGROUP/desktop] -> [WORKGROUP/desktop] FAILED with error NT_STATUS_NO_SUCH_USER
      Mar 18 16:54:16 omv smbd[4396]: [2019/03/18 16:54:16.582267, 3] ../source3/auth/auth_util.c:1611(do_map_to_guest_server_info)
      Mar 18 16:54:16 omv smbd[4396]: No such user WORKGROUP/desktop [OMV] - using guest account
      The above tells that you were authenticating as an unknown user 'WORKGROUP/desktop' and as such a fallback to the guest account happened. I would assume what you're trying to achieve is to use a user called 'desktop' being allowed to access the shares you created? I also assume you created this user 'desktop' (not 'WORKGROUP/desktop') in the OMV UI through a browser, right?

      Anyway: what happens if you create a new user called 'lalala' with password 'lala123' in the OMV UI and then connect with exactly these credentials from the outside?
    • KM0201 wrote:

      the only logical explanation is you're entering the wrong credentials
      Not necessarily. OMV when updating passwords calls smbpasswd to not only update the system's password database but also Samba's own (needed for older client authentication attempts). So there are corner cases where an existing user with a valid password can access with modern SMB clients but fails with old authentication methods. That's why I asked whether the user has been created with the OMV UI or not.

      The post was edited 1 time, last by tkaiser ().

    • tkaiser wrote:

      The above tells that you were authenticating as an unknown user 'WORKGROUP/desktop' and as such a fallback to the guest account happened. I would assume what you're trying to achieve is to use a user called 'desktop' being allowed to access the shares you created? I also assume you created this user 'desktop' (not 'WORKGROUP/desktop') in the OMV UI through a browser, right?
      Anyway: what happens if you create a new user called 'lalala' with password 'lala123' in the OMV UI and then connect with exactly these credentials from the outside?
      I've created the user as "desktop", not as "WORKGROUP/desktop", but in the samba configuration I see "Workgroup: WORKGROUP"

      By the way, I've created another user and it...can connect...what the heck!
      So I've executed smbpasswd desktop and..solved!
      Thanks a lot tkaiser!!!

      P.s. I've inserted an image but I kept getting the message The message is too long, must be under 10,000 characters. so I had to remove it, it was just a small screenshot of the workgroup setting in samba
    • andre_x wrote:

      I've created the user as "desktop", not as "WORKGROUP/desktop", but in the samba configuration I see "Workgroup: WORKGROUP"
      But still the user account is just 'desktop' and there's no need to specify 'WORKGROUP' (maybe within Windows when using the net commands -- it's such a long time I dealt the last time with Windows...)

      Anyway: glad you resolved it. And it's a bit scary that Ubuntu uses the rather weak NTLM authentication method. That's stuff from last Century :(