SMB shares not working on Armbian after update

  • I have tried adding ntlm auth = yes to the extra options settings, and local master browser is definitely disabled. Same bloody error.


    I'm wondering if I'm using the wrong authentication credentials. On my server, I have the root user, and a single non-root user called john. When I try to access my SMB shares, what username/password should I provide? Is it just the user john and the password for that account? Or does smbd want a different password?


    My only real clue is the SPNEGO login failed: NT_STATUS_NO_SUCH_USER error.


    I have attached my smb.conf, and my smbd and nmbd statuses.



    smb.conf.txt
    nmbd.txt
    smbd.txt

    • Offizieller Beitrag

    (I'll assume you checked your Win10 network settings.)
    _______________________________________


    First
    A comment from nmbd output.

    Aug 04 01:04:46 helios4 nmbd[2149]: send_election_dgram:
    Sending election packet for workgroup WORKGROUP on subnet 192.168.1.222


    If you turned off Local Master Browser, your NAS should not be sending election packets to the local WORKGROUP. There's a known issue with OMV's wsdd service and the Local Master Browser function which is the reason why @geaves had you turn it off, way back. (Then, notably, all appeared to be OK for awhile.)
    If the Local Master Browser indicates that it's off in OMV's GUI, something may be going on with your install.
    You might try turning the Local Master Browser on again, saving it, then turning it off to see if this is corrected. (Maybe with a reboot.) Then run systemctl status nmbd again to see if the Helios is still trying to be elected and check your shares.


    Second
    There's this error that seems to be a permissions issue.


    Aug 02 09:18:54 helios4 smbd[13799]: [2019/08/02 09:18:54.994728, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
    Aug 02 09:18:54 helios4 smbd[13799]: check_ntlm_password:
    Authentication for user [*****@gmail.com] -> [*****@gmail.com] FAILED
    with error NT_

    Aug 02 09:18:54 helios4 smbd[13799]: [2019/08/02 09:18:54.994917, 2]
    ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
    Aug 02 09:18:54 helios4 smbd[13799]: SPNEGO login failed: NT_STATUS_NO_SUCH_USER


    - I don't know what user is called out in the ***** but you might consider deleting and recreating this user. Also, you might consider leaving out the E-mail address. Also, do you have a defined user named SPNEGO ? If yes, delete it and recreate it.
    - Consider installing the ResetPerm's plugin which adds two tabs to Shared Folders; Reset Permissions and Shared Folder in use. Reset permissions could be used to reset permissions on one share as a test. (Maybe set it to "Everyone" , Clear ACL's, then set Samba to "Guests allowed" to see what happens.)


    Third
    One error gives the appearance of being a network problem - some sort of local DNS error.
    "The specified network name is no longer available"
    I'm going to speculate here. This error gives the appearance that DHCP is assigning the IP address to your NAS. I don't know what your DHCP server is, probably a consumer router, but this variable could be eliminated by using a static IP address.
    **Note, if you statically assign an address to the wired interface, IFUPDOWN takes over from Network Manager. (This is no big deal, In itself, if your NAS is not using a wireless interface.**
    __________________________________________________


    If none of the above corrects anything or the errors continue:


    What does all of the above boil down to, given that it all happened in a short period of time? This is speculation but, given that these errors came out of the blue, it appears that one of two things may have happened; something went south during the software update OR something is going on with your SD-card. I've had both happen before.
    In one instance, I couldn't change any network variables (IP address, subnet mask, DNS server, etc.), in the GUI or on the command line. (Accompanied with nonsense error messages.)


    In both cases, I either restored from OS backup or rebuilt.

  • How do I configure my SMB/CIFS users and passwords? The user/password that temporarily gives me access to my SMB shares is not the same as the linux account I use to connect over SSH.

    • Offizieller Beitrag

    How do I configure my SMB/CIFS users and passwords?

    There's no need to do this. Samba follows the same usernames and passwords, as they are configured when they're added to OMV.
    (If you're using a generic user and password and filling in the dialog box prompt, that works as well. Credential Manager will do the same for you, if you save it.)


    The user/password that temporarily gives me access to my SMB shares is not the same as the linux account I use to connect with SSH.

    That stands to reason. You're probably logging in (SSH) to the command line with the root account and accessing Samba with a regular user. This user/password that temporarily gives you access to your shares; this user can be found under Access Rights Management, Users, right?


    **Edit: You know, you can rebuild and your data will still be there. You can reconnect to it.

  • This user/password that temporarily gives you access to your shares; this user can be found under Access Rights Management, Users, right?

    No, that's what I'm trying to get at. The two users I can use to connect to SSH are root and john


    The user that temporarily gives me access to my SMB shares is John and the password is different to the john I can use to connect to SSH.


    John does not appear under Access Rights Manager, but john does.


    John does not have a home directory, but john does.

    • Offizieller Beitrag

    john and John are two different users.


    With that noted, even if John does not appear under Access Rights Management, since you know the password for the account, it appears you created this user at some point.


    In any case, the user missing from Access Rights Management (John) appears to be yet another irregularity in the install.


    John does not have a home directory, but john does.

    This is not unusual. John may have been created, after john. In OMV, I believe the first user account is assigned a sub-directory, in the home directory on the boot drive. Thereafter, additional users don't get home dir's on the boot drive. If home directories for all users are desired, the location is set in Access Rights Management, User, in the Settings Tab.
    ________________________________________


    In the guidance provided above, I'm noting that there's no mention of what you've tried, or not, and the results.
    Beyond what has been provided, sorry, I'm out of ideas.
    ________________________________________


    Here's what you might want consider:
    Is it possible to forensically diagnose what's going on with your install? By poring through the log's and replacing damaged packages or fixing misconfiguration of key config files, maybe. On the other hand, maybe not. All of the actual root cause(s), and there may be more than a few, may not be discovered.
    The most time effective way to a clean install, and to insure that all is corrected, is to rebuild. At that point, you might consider backing up your OS (boot drive) so you'll be able to gracefully recover from situations like this one.

  • The reason I'm reluctant to rebuild is because I have a working Nextcloud install on this server, which my friends use for storing files. I would prefer not to disrupt them.


    It looks like the problem is that the user John (which temporarily gives me access to my SMB shares) doesn't appear anywhere in my OMV configuration.


    I have tried adding the user john to the sambashare group, but this didn't seem to work.


    I've just had an idea: I think it's possible that I installed samba through the Softy tool in the command-line utility armbian-config, and not as a plugin for OMV. That would explain why OMV doesn't know about the users configured for it.


    Is there a way I can completely purge smbd from my system, and reinstall it through OMV?

    • Offizieller Beitrag

    The reason I'm reluctant to rebuild is because I have a working Nextcloud install on this server, which my friends use for storing files. I would prefer not to disrupt them.

    I get that but, without OS backup or a rebuild, nothing is likely to change. Your call.

    I've just had an idea: I think it's possible that I installed samba through the Softy tool in the command-line utility armbian-config, and not as a plugin for OMV. That would explain why OMV doesn't know about the users configured for it.

    This may be the root cause of these issues. Samba is already installed in OMV, out of the box. Samba is an integrated part of what OMV does, no plugin needed or required. If Samba was "re-installed" over top of OMV's existing install...


    If you're talking about adding users to Samba's database, OMV doesn't track that. As previously mentioned, this is not necessary. OMV's Samba install tracks with file and folder permissions.

    • Offizieller Beitrag

    I've just had an idea: I think it's possible that I installed samba through the Softy tool in the command-line utility armbian-config, and not as a plugin for OMV. That would explain why OMV doesn't know about the users configured for it.

    According to the Armbian config on github there is no install for Samba using softy! SMB on OMV is not a plugin! it's part of/built in.


    It looks like the problem is that the user John (which temporarily gives me access to my SMB shares) doesn't appear anywhere in my OMV configuration.

    A user either has access or they don't there is no temporary.


    The question here is how do your access your SMB shares from W10?


    Why do you have a user with SSH access, there is simply no need for this.


    EDIT: How have you installed Nextcloud? through softy?


    Best guess here is that you have installed samba directly on Armbian then set up a user using smbpasswd, hence the whole system doesn't know what it's doing.

  • On my Windows 10 Laptop, I press the Windows key + R to open the Run dialogue. I then type \\192.168.1.222 which is the IP address of the NAS. It prompts me for a username and password, and if I enter John plus the password I set with smbpasswd it lets me in. Then after a while, I get the "The specified network name is no longer available" error. Hence, temporary. To get the login prompt back, I have to toggle the SMB 1.0 feature.


    I have a user with SSH access because I want the command line. My device is a Helios4 NAS, which runs Armbian. I installed Armbian onto a micro SD card, and then used the command line to install OMV from the Softy tool in armbian-config.


    I installed Nextcloud manually, with the command line through Putty.


    Yes, I'm pretty confident that I installed samba or smbd through the command line, and this is causing problems with OMV. How do I purge my samba/smbd without harming OMV? The Softy tool doesn't seem able to do it.


    EDIT: I just tried sudo apt purge samba and this tried to remove a bunch on OMV packages as well. Fortunately I backed up my sd card before doing that. Restoring now. . .

    • Offizieller Beitrag

    I am going to agree with @crashtest to sort this out you will need to reinstall.


    I have a user with SSH access because I want the command line.

    Why? serves absolutely no purpose, using the root user is far more sensible than having a user with SSH access.


    I installed Nextcloud manually, with the command line through Putty.

    Again why? even softy gives an option to install Nextcloud, and it can be installed on OMV through Docker.


    On my Windows 10 Laptop, I press the Windows key + R to open the Run dialogue. I then type \\192.168.1.222

    Why? nothing wrong with using the IP but hostname would be more appropriate and 'user friendly'


    EDIT: I just tried sudo apt purge samba and this tried to remove a bunch on OMV packages as well.

    I think @crashtest warned you against this.


    TBH it's as if you have installed what you needed then decided to install OMV, and with hindsight this has put you in the situation you are in now.


    I hate saying this but you have created the hole and anything you try will just make it deeper, in this case there is only one alternative -> reinstall and just deploy OMV then set everything up that you need in OMV's GUI, if that fails at least someone can help.

  • I'm not ready to give up yet. I use this server for four things: Nextcloud, Minidlna, Transmission-daemon, and samba. Three of those four things are working great.


    I would like to examine the logs in more detail. I have changed the SMB/CIFS log level to debug in OMV, however all of the files in /var/log/samba are empty. I can see a file called log.192.168.1.228 which is the laptop I'm trying to connect with, but there is nothing in that file.

  • I've had a look at the logs, and I've attached a screenshot of the SMB/CIFS service logs when the connection is working normally. This happens when I first try to connect.


    Now, I've looked at the logs when the connection stops working, and this is what I consistently get:


    18 06:06:43 helios4 smbd[8996]: [2019/08/18 06:06:43.653648, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
    Aug 18 06:06:43 helios4 smbd[8996]: check_ntlm_password: Checking password for unmapped user [MicrosoftAccount]\[john.welsby@gmail.com]@[JOHN-ZENBOOK] with the new password interface
    Aug 18 06:06:43 helios4 smbd[8996]: [2019/08/18 06:06:43.653699, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
    Aug 18 06:06:43 helios4 smbd[8996]: check_ntlm_password: mapped user is: [HELIOS4]\[john.welsby@gmail.com]@[JOHN-ZENBOOK]
    Aug 18 06:06:43 helios4 smbd[8996]: [2019/08/18 06:06:43.653833, 3] ../source3/auth/check_samsec.c:400(check_sam_security)
    Aug 18 06:06:43 helios4 smbd[8996]: check_sam_security: Couldn't find user 'john.welsby@gmail.com' in passdb.
    Aug 18 06:06:43 helios4 smbd[8996]: [2019/08/18 06:06:43.653881, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
    Aug 18 06:06:43 helios4 smbd[8996]: check_ntlm_password: Authentication for user [john.welsby@gmail.com] -> [john.welsby@gmail.com] FAILED with error NT_STATUS_NO_SUCH_USER
    Aug 18 06:06:43 helios4 smbd[8996]: [2019/08/18 06:06:43.653968, 2] ../auth/gensec/spnego.c:720(gensec_spnego_server_negTokenTarg)
    Aug 18 06:06:43 helios4 smbd[8996]: SPNEGO login failed: NT_STATUS_NO_SUCH_USER
    Aug



    So for some reason, the user john.welsby@gmail.com is trying to authenticate, and OMV doesn't know about it.


    I have checked my windows laptop for mapped drives and automatic connections, but there are none.


    Why is my username going from John which works, to john.welsby@gmail.com which doesn't work?

    • Offizieller Beitrag

    Why is my username going from John which works, to john.welsby@gmail.com which doesn't work?

    root@helios4:~# getent passwd {1000..60000}
    john:x:1000:100:,,,:/home/john:/bin/bash
    root@helios4:~#

    As you stated in an earlier post there two users John and john;


    john is the user you have created using OMV that is confirmed by the output from above, and as stated previously the email option when creating a user account is not necessary.


    John is the user you must have created when you set up SMB prior to installing OMV.


    As far as Linux is concerned these are two distinctly separate users, and as @crashtest explained John has been stored in the SMB db which OMV does not see.


    You could try the following to see if John (or anyone else) is listed pdbedit -L -v

  • root@helios4:~# pdbedit -L -v
    ---------------
    Unix username: john
    NT username:
    Account Flags: [U ]
    User SID: S-1-5-21-3262889719-2455480664-3613967755-1000
    Forcing Primary Group to 'Domain Users' for john
    Primary Group SID: S-1-5-21-3262889719-2455480664-3613967755-513
    Full Name: john
    Home Directory: \\helios4\john
    HomeDir Drive:
    Logon Script:
    Profile Path: \\helios4\john\profile
    Domain: HELIOS4
    Account desc: ,,,
    Workstations:
    Munged dial:
    Logon time: 0
    Logoff time: never
    Kickoff time: never
    Password last set: Fri, 26 Jul 2019 12:01:55 UTC
    Password can change: Fri, 26 Jul 2019 12:01:55 UTC
    Password must change: never
    Last bad password : 0
    Bad password count : 0
    Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF




    I think you're absolutely right: the user John is who I set up before I installed OMV. My hunch is that I just need to purge the right package and the SMB server built into OMV will start working.


    I also notice that the user john cannot log into the OMV web GUI. Do I need to assign a particular group to this user to allow this?

    • Offizieller Beitrag

    I think you're absolutely right: the user John is who I set up before I installed OMV. My hunch is that I just need to purge the right package and the SMB server built into OMV will start working.

    You cannot purge anything!!


    There is only one solution here and that is to remove the user you created before installing OMV, if you want to do that then I'll have to go through my notes.

    • Offizieller Beitrag

    To remove the user there are two options


    pdbedit -x john


    smbpasswd -x john


    followed by


    userdel -r john this will remove the unix user john, if you have any files associated to that specific copy them elsewhere if you don't want to lose them.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!