Samba config

1st Official Post

    I can't get SMB shares to work properly. I've tried following the tutorials specific to OMV but haven't had luck.
    My NFS share to another Linux host works fine.

    This OMV6 install is in Proxmox as a VM, not an LCX.

    I also had the shares working for a while without any restrictions, that was the only way I could get them to work. Then when trying to turn on access restrictions, they all failed. I've reverted the settings back to how they were, but no luck. Either way, having them wide open isn't a long term option here, but as a first step if I can get this working at all, I'll be happy.


    The only thing that seems to stand out to me is the line map to guest = Bad User


    sonofwatt If you used WinSCP to set perms, my advice is do not do that. Use OMV to configure the shared folder and associated SMB/CIFS share as intended. Do not try to edit /etc/samb/smb.conf directly it's owned by OMV system.


    You can use "testparm", "testparm -v" or "testparm -s" at the OMV CLI to get share config output rather than "cat /etc/samba/smb.conf".


    The smb.conf info posted looks OK for guest access. You might want to remove the extra option for now.

    But you'll ned to explain what "restrictions" you are trying to use, what account(s) and/or group(s) you may have added to OMV and what share type you wish to use.

    Quote from Krisbee

    If you used WinSCP to set perms, my advice is do not do that.

    Oh, ok thanks for the tip. I didn't know that there was an issue with WinSCP.


    Quote from Krisbee

    Do not try to edit /etc/samb/smb.conf directly it's owned by OMV system.

    I haven't made changes to it directly. Thanks for the testparm info, that's that info I was looking for by viewing smb.conf.


    Quote from Krisbee

    explain what "restrictions" you are trying to use, what account(s) and/or group(s) you may have added to OMV and what share type you wish to use.

    I have simplified things while trying to sort out the issues. I have only 1 account called docker. It's in use with a NFS share for a LCX running some containers that need access to config files and data on the SnapRAID array under OMV.

    From Windows, I'm trying to access a single SMB share. Ideally access would be restricted to user credentials. However right now I have it set to Guests Allowed and Browseable.

    Using OMV's Reset perms, I have the following output.
    Clearing ACLs ...

    Changing owner to root:users ...

    Change directory permissions to 2777 ...

    Change file permissions to 666 ...

    END OF LINE

    When I try to access the SMB share, I get the error "You do not have permission to access \\OMV6\testshare..."


    Ideally I would have multiple shares, some that are guest accessible, and others that are restricted to certain users or groups. But for a first step, I just want to get this one guest share working.

    Quote from sonofwatt

    Looking at the Diagnostics > Services > SMB/CIFS I can see that my PC is trying to connect, but I'm not able to get through.

    Is it normal for the Username and Group to be nobody/nogroup?


    User should be a user set up in OMV and the group should be users. The user needs to be assigned access in the shared folders. and then the shared folder is used as the source for the SMB share.

    Do you know how to change the user/group that windows is trying to connect with? This behaviour is from trying to connect, but not being given the option to enter a user and pass to connect. It just says Windows cannot access ...


    Is there a way to reset all file/folder permissions back to default en masse?

    At this point if I could just get SMB working with guest access, that would be ok.

    • Official Post

    I am not using windows anymore and I don't miss it. LOL. In the past I would map a drive to the shares. That should ask for user name. Put the ip of the OMV server then a \ then the user name on OMV. That tells it to authenticate to OMV.

    omv-ip\your-user

    Use the user password set on OMV.


    Good luck

    Quote from donh

    In the past I would map a drive to the shares. That should ask for user name. Put the ip of the OMV server then a \ then the user name on OMV. That tells it to authenticate to OMV.

    That is what I'm trying to do. Something seems to be wrong with SMB, my file permissions or OMV. Right now even if I set a given share to guest, and use reset perms, I can't access it via windows.

    What version of windows are you running? If it's older, you may need yo specify a min and max samba version. You may also have an encrypted credential issue or ntlm issue.


    In the samba server extra options, you can try adding some additional configuration flags based on the info at this page:

    smb.conf


    the following sets the min/max versions if required with NT1 being the oldest Windows NT based version and SMB3 being the Win10/11 version, even though samba itself is at 4.7 now if I'm not mistaken. (adjust accordingly based on the above page):

    client min protocol = NT1

    server min protocol = NT1

    client max protocol = SMB3

    server max protocol = SMB3


    These options change the credential encryption settings to allow plain text transmission and ntlm which is used by windows

    client plaintext auth = yes

    ntlm auth=yes



    These settings may help with performance a bit:

    dead time = 15

    getwd cache = yes

    local master = yes

    max xmit = 65535

    min receivefile size = 16384

    null passwords = yes

    preferred master = yes

    read raw = yes

    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536

    write cache size = 524288

    write raw = yes


    Hey, under my Samba, these are the only "extra options" I have;


    Code
    client min protocol = NT1

client plaintext auth = yes


    Being that I am using Windows 11, I could do some other stuff to make it better?

    Quote from fbeye

    Hey, under my Samba, these are the only "extra options" I have;


    Code
    client min protocol = NT1

client plaintext auth = yes


    Being that I am using Windows 11, I could do some other stuff to make it better?

    Win10/11 does not require the reduced security or protocol level, but the older the connecting samba client is the more things need to be dumbed down.


    All of the stuff i have listed when used together are designed to dumb down samba as much as possible to make it the most universally compatible, without enabling lanman (Win95/98) as the min protocol and try to improve the performance.


    You can pick and choose a bit as you don't have to specify both min and max protocols as the max will default to the highest version supported by the debian samba server package that is installed, but I just put them there to illustrate that you can set them. The default minimum is SMB2, which is Vista, so anything older required specifying SMB1, NT1, or lanman (in reverse chronological order)


    all of the "performance" settings are potential improvements. You may have to do some testing and adjustment if you are really trying to tune things for absolute best performance.


    The page I linked to is the official samba options page, but a little web searching may also give some insight into what some of those options do for performance under the hood. That is how I collected them, but aside from the obvious ones for buffers and caches, I can't recall what some of the more crypticaly named ones are actually doing.

    Alright cool. I can’t say I have any issues witb my Samba and my speed tests, though I feel are low, were explained to me by you as to why I get what I get, being all the variables, and is within the realm of “acceptance”. I was just curious. Thanks

    Quote from BernH

    What version of windows are you running? If it's older, you may need yo specify a min and max samba version. You may also have an encrypted credential issue or ntlm issue.

    I'm on Windows 11, but previously had the same issues on Win 10. I've also tested this on a fresh Windows VM.


    Under SMB/CIFS > Settings > Advanced Settings I entered in

    client min protocol = NT1

    server min protocol = NT1

    client max protocol = SMB3

    server max protocol = SMB3

    client plaintext auth = yes

    ntlm auth = yes


    I'm still seeing the same Network Error message.

    That was the original goal. When I tried to restrict SMB access to user permissions I lost all access. NFS still works.

    Right now I'm just trying to get guest access working again.

    For my "testshare" I've used Reset Permissions to set the folder to Everyone.

    Okay, total newbie here, and SMB from Windows 11 Home (fully up to date) to OMV 6.3 is driving me up the wall.


    All I get is access denied, contact your network administrator messages.


    Here is my OMV User


    My SMB config


    And my share:


    I intend to use my user creds douglas dougs-pasword (not the real password there <<<) to login

    If I just click on the network share on my PC it doesn't even offer me the chance to add credentials, and if I try to map, it does not succeed.


    I have tried user 'douglas' 'omv6-01\douglas' and '192.168.1.200\douglas' along with the password. Nothing.


    I tied using my work laptop, which is Windows 11 Pro, with no better luck.

    OMV 6.x AMD64, HP Microserver N40L, 16GB ECC DDR, 8TB Ironwolf HDD, 480 GB Kingston SSD.

    OMVExtras.org: Resetperms, Sharerootfs

    SMB, SSH, WeTTY, Logitech Media Server Version: 8.3.1.

    If I am doing something obviously wrong, I would love to hear it. I really need this desktop to access or it doesn't have much value as a server.

    OMV 6.x AMD64, HP Microserver N40L, 16GB ECC DDR, 8TB Ironwolf HDD, 480 GB Kingston SSD.

    OMVExtras.org: Resetperms, Sharerootfs

    SMB, SSH, WeTTY, Logitech Media Server Version: 8.3.1.

    Also note: Windows 11 SMB blocks 'guest' access without doing magic in gpedit.msc, but even with that magic invoked, I could not get guest logins to work, even with 'guest allowed' selected on the share.

    OMV 6.x AMD64, HP Microserver N40L, 16GB ECC DDR, 8TB Ironwolf HDD, 480 GB Kingston SSD.

    OMVExtras.org: Resetperms, Sharerootfs

    SMB, SSH, WeTTY, Logitech Media Server Version: 8.3.1.

    One other note. I created an entry for my OMV host in the credential manager, and it detected the address match, and still failed.

    OMV 6.x AMD64, HP Microserver N40L, 16GB ECC DDR, 8TB Ironwolf HDD, 480 GB Kingston SSD.

    OMVExtras.org: Resetperms, Sharerootfs

    SMB, SSH, WeTTY, Logitech Media Server Version: 8.3.1.

    Okay, my machine behind a router, not exposed to the public web. I installed OMV extras, and setpermissions, and opened up my shares to mode 777 across the board. And now I can access them.


    Clearly something in my setup is messed up that I am not able to use the user account that I set up, but right now, I am sweeping 2TB of data off my desktop that I needed to move. I'll have to figure out user controlled access later.

    OMV 6.x AMD64, HP Microserver N40L, 16GB ECC DDR, 8TB Ironwolf HDD, 480 GB Kingston SSD.

    OMVExtras.org: Resetperms, Sharerootfs

    SMB, SSH, WeTTY, Logitech Media Server Version: 8.3.1.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login