Server 2008R2 unable access samba shares OMV

  • I have installed OMV several times without problems. I currently have a network composed of Server 2008R2 domain server + 15 Windows 10 computers. From any computer with Windows 10 it is possible to access OMV folders before logging in. But since Windows Server 2008R2 it is not possible to login, it always gives a user error or password on any folder, even though the credentials are correct. Previously I used a Lacie d2 network2 NAS (based on Linux) with no problems accessing both Windows 10 and Server 2008R2. Even at this moment, I can access this NAS, but not OMV. I have searched the Internet if the problem is Samba or Server 2008 without being able to find a solution that solves the problem. The OMV version is 4.1.22. I already appreciate.

  • Are you actually running a domain or is it peer to peer?


    Take a look at this How-To. Specifically take a look at the section titled Domain Connected Windows 10 Clients / Servers. Be sure to follow the link "guide to levels 1 through 5", to Microsoft's reference on the security levels and read the notes related to Server2008R2. Be aware of the risks - given the age of the server OS, I'm assuming it has no exposure to the internet. ( ? )
    _______________________


    Perhaps @geaves might chime in.

  • If you're open for a structured attempt to resolve issues then please do not start to fiddle around with adjusting settings here and there right now but follow basic troubleshooting principles allowing to improve situation with OMV.


    From any computer with Windows 10 it is possible to access OMV folders before logging in

    I don't get the meaning of ' before logging in' but anyway. Please try to access any of your OMV shares this way from a Win10 system and then on the OMV's server provide output of these two commands as root:

    Code
    smbstatus
    testparm

    The smbstatus output allows us to diagnose the status of authentication, user/group (important to diagnose potential permission issues), SMB version, Encryption and Signing and also which share is affected:


    Sample output:

    If you provide the output you can skip the 'Locked files' section and obfuscate IP addresses. But rest of information should remain intact. Then output from testparm will give an overview about your Samba settings. It should contain the [global] section as well as the share definition the client actually accesses.



    This is the first step to get an idea what's happening. Adjusting settings here or there is only the next step.

  • If you're open for a structured attempt to resolve issues then please do not start to fiddle around with adjusting settings here and there right now but follow basic troubleshooting principles allowing to improve situation with OMV.

    Well this is going to be interesting :) this will be my only post in here;


    The OP cannot access OMV shares from Sever2008, client access to OMV works! As yet we don't know if the OP is using OMV in a peer to peer environment or a domain, and FYI I have integrated OMV into an MS domain but for a specific use.


    @towerpc I hope you get this sorted, but it is doable.

  • The OP cannot access OMV shares from Sever2008, client access to OMV works!

    Yes, @towerpc wrote that in the first post here. That's why I asked for smbstatus and testparmoutput with such a client connected to get an idea whether this connection is established as guest or authenticated (and whether it's authentication against local user accounts on the OMV server or AD).


    All these questions can be answered in a single step by using the troubleshooting tools the Samba project provides for exactly this reason :)

  • Apologies if I express myself badly. I do not speak English and everything is translated with Google.
    The network structure is formed in the following way:


    1 Microsoft Server 2008R2 computer with domain server
    1 OMV 4.1.22
    1 NAS Lacie d2 network2
    10 Microsoft Windows 10 attached to the domain
    5 Microsoft Windows 10 not attached to the domain


    The 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22. No problem to access the contents of the folders and to log into them.
    The Microsoft Server 2008R2 computer can access the shared Lacie NAS folders without problem.
    The Microsoft Server 2008R2 computer CAN NOT access the shared folders of OMV 4.1.22. Always incorrect user error or password. Both accessing with the name of the team and with the IP thereof.



    I hope the translation is clearer.
    Thanks.

  • The 15 computers with Windows 10 can access the shared folders of Lacie NAS and OMV 4.1.22

    So it doesn't matter whether they've joined the domain or not and as such this looks like an authentication issue.


    Again: please connect with one of the Win10 machines to the OMV server and then provide output of smbstatus and testparm commands on the server. For this you need SSH access to the server or you install the shellinabox plugin and authenticate on the OMV server as root.


    To help further nailing the problem down please open cmd.exe on your Win2008 server and provide the output of net view \\$server for both the OMV box and your LaCie NAS. Therefore replace $server in the aforementioned command with the IP addresses of the OMV machine and the LaCie box.

  • Still a little confused but if the only one not working is the 2008 server try mapping a network drive. You can enter a different user and password that way.

    Right. Only Server 2008R2 can not connect to OMV shared folders. Error login always with any of the accounts created in OMV.

    So it doesn't matter whether they've joined the domain or not and as such this looks like an authentication issue.

    10 Microsoft Windows 10 ATTACHED TO THE DOMAIN
    5 Microsoft Windows 10 NOT ATTACHED TO THE DOMAIN


    summarizing. Only server 2008r2 can not access the shared OMV folders. all the rest works perfectly.

  • You wote this already multiple times. What about now providing output from the commands as you've been asked for?

    Here the results:


    net view (10.152.15.131 IP for OMV, 10.152.15.133 IP for Lacie d2


  • smbstatus

  • testparm

  • net view (10.152.15.131 IP for OMV, 10.152.15.133 IP for Lacie d2

    Thank you a lot. What happens if you use 'Credential Manager' on your 2008R2 server to add logon credentials of an OMV user? See starting at step 6) here: [HOW-TO] Connect to OMV SMB shares with Windows 10


    Really interesting that there's no issue accessing the LaCie NAS (most probably also using Samba).

  • To get an idea what's happening with regard to authentication problems in OMV the following might help:


    • In the OMV UI in the SMB/CIFS section change 'Log level' from None to Normal
    • Then in a terminal window on the OMV server start tail -f /var/log/syslog | grep -i authentication

    Then connecting from a client (again using net view for example) will reveal what really happens. More information can be gathered by switching Log level to Full and filtering for smbd instead of authentication. But then output is really verbose and it's recommended to switch to a lower Log level like Minimum or None when debugging is finished since log files get huge and even NAS performance can be affected negatively with the higher Log Levels.

  • Right, I did everything you told me. If I did not make mistakes, this is the result (log level = Normal):


  • Idem with log level = full



  • ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user Administrador

    This means that Samba is configured to refuse older and insecure NTLMv1 authentication attempts and that your 2008 R2 install tries only with this (while 'Send NTLMv2 response only' should be default starting with 2008 R2).


    Two options:

    • Weaken security by adding "ntlm auth = yes" to Samba's 'Extra Options' at the bottom of the SMB/CIFS settings page (that's not recommended but most probably what LaCie did)
    • Fix security by configuring Windows 2008R2 to use NTLMv2 authentication. See here or there.

    But most probably the best idea is to let OMV join the domain so that clients then authenticate using Kerberos tickets instead.

  • This means that Samba is configured to refuse older and insecure NTLMv1 authentication attempts and that your 2008 R2 install tries only with this (while 'Send NTLMv2 response only' should be default starting with 2008 R2).
    Two options:

    • Weaken security by adding "ntlm auth = yes" to Samba's 'Extra Options' at the bottom of the SMB/CIFS settings page (that's not recommended but most probably what LaCie did)
    • Fix security by configuring Windows 2008R2 to use NTLMv2 authentication. See here or there.

    But most probably the best idea is to let OMV join the domain so that clients then authenticate using Kerberos tickets instead.

    tkaiser YOU ARE THE BEST!!!!!!


    NTLM IS THE PROBLEM!!! YOU ARE SOLVED!!!


    THANK YOU VERY MUCH!!!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!