SMB access rights drives me crazy

1st Official Post

    Hi,

    I'm running OMV6.4.6-1 (Shaitan) through Pi3B v1.2 board.

    I've actually set a user named kriss which is in following groups: adm, audio, cdrom, dialout, docker, games, gpio, i2c, input, kriss, netdev, plugdev, render, root, sambashare, spi, ssh, sudo, users, video.

    I've created a shared folder named Configurations with following permissions (using resertperms plugin) : Administrator - read/write, Users - read/write, Others - no access. owner move to root:users, directory permissions to 2770 & file permissions to 660.


    Then I created a SMB share of this Configurations folder with public attribute set to No and without inherit ACL & privilege.


    From a 1st windows 10 machine (desktop) , I've read/write access to this Configurations folder because I guess my windows machine local user is also named KRISS.

    I verified through windows control panel and I haven't any kriss's credential record.

    Is It normal that OMV kriss user's credentials are not requested?? 8|


    From my 2nd windows 10 machine (laptop) , I've haven't any access to this Configurations folder even if I enter kriss's user credentials (the user on this pc is not kriss).

    I haven't any error message but windows is always requesting for credentials.

    I can have access to the the folder by providing only the user login without password.

    I guess I access to the share as guest but I'm not sure.

    How this behavior occurs ? It's not expected. :cursing:


    Thanks in advance for your answer.

    OMV6 on Raspberry Pi3.

    Linux rookie 8o

    Edited 2 times, last by tof_massilia ().

    As I mentioned, I haven’t any credentials stored through credentials manager (web & windows).

    What do you mean by database?


    Anyway, It doesn’t explain my 2nd experimentation on my 2nd windows machine?

    I never used this machine to connect to shared folder

    • Official Post

    If you have already granted this user permissions in Windows to access this server before, those permissions are still in effect in Windows.

    Quote from tof_massilia

    What do you mean by database?

    I mean the place where Windows stores configuration information. I have no idea where it is or what Windows calls this.

    So, the place where Windows stores credentials information is empty as I mentioned.

    I verified also through windows registry, nothing unfortunately.

    I suspected a problem from OMV.

    The very strange behavior is my smb share is not public and connection is accepted only when I provide OMV user without password.

    OMV6 on Raspberry Pi3.

    Linux rookie 8o

  • tof_massilia

    Changed the title of the thread from “I become crazy with SMB access rights” to “SMB access rights drives me crazy”.
    • Official Post
    Quote from tof_massilia

    So, the place where Windows stores credentials information is empty as I mentioned.

    I verified also through windows registry, nothing unfortunately.

    I suspected a problem from OMV.

    The very strange behavior is my smb share is not public and connection is accepted only when I provide OMV user without password.

    This is not an OMV problem, the forum would be flooded with complaints ;) . You may have configured something incorrectly or the problem is in Windows.

    Ok thank you!!

    I know that something is incorrect somewhere but I need help to find where !!!

    I check OMV config several time (I provided my config) , but I don't find anything after verying it several times.

    More, I've install reset-perm pluggin due to this behavior but nothing change after reset permission.

    And my windows credentials store is empty!!!


    Whatever, If I set SMB to no public,, why windows (my 2nd pc) doesn't accept the right password and no password it mandory.


    Do you have an idea where I can catch SMB authentication log ?

    OMV6 on Raspberry Pi3.

    Linux rookie 8o

    • Official Post
    Quote from tof_massilia

    I know that something is incorrect somewhere but I need help to find where !!!

    I suspect that you may have been checking ACL boxes and / or checking boxes in the Privileges section. Without understanding the effects, an access mess can be created.


    Maybe this -> document will help to straighten it out. (It was written for OMV5 but the same principles apply to OMV6).

    I can remember that Windows PC's that are part of a domain expect that you are wanting to use an account that is part of the domain it is in. You have to explictly tell it to not use a domain before you user account.

    Try using "\user" to overcome that.


    This was at least the behaviour in Windows 7. Not sure if that applies to e.g. Windows 11 still

    There is another issue that crossed me some time which is security and authentication. Depending on your Windows version and the Samba settings you might have to use lower version protocols and security (try using different samba version and authentication methods. Cannot remember details)


    here some settings you might want to fumble around with in your smb.conf

    Code
            client ipc max protocol = default
        client ipc min protocol = default
        client max protocol = default
        client min protocol = SMB2_02
        server max protocol = SMB3
        server min protocol = NT1
    • New

    Ok I finally answer to myself.


    As mentionned kiwibum here, my problem was coming from samba passwords and system password files can sometime out of sync.

    I just re-did the password in the "user" menu in OMV. :)

    • New
    Quote from tof_massilia

    Another question for moderators:

    How move thread assignment to resolved state ?

    Edit first post and select resolved.

    OMV - Xeon CPU E5-2680 v2 @ 2.80GHz, 64gb Ram, UPS, 512GB SSD CCTV, "2TB nvme Data, 1TB nvme Leeching, 8TB Backup, 8TB Audio, 16TB Media, 5TB Storage, 16TB Media Backup, 8TB Audio Backup.

    Plugins - Backup, Compose, Downloader, FTP, Nut, OMVExtras, rSnapshot.

    Docker - Airsonic, Audiobookshelf, Dozzle, Flaresolverr, Lidarr, Netdata, Nextcloud, NPM, Pihole, Plex, Prowlarr, qBittorentVPN, Radarr, Readarr, Scrutiny, Sonarr, Watchtower, Wireguard.

  • chente

    Added the Label resolved
    • New
    • Official Post
    Quote from tof_massilia

    As mentionned kiwibum here, my problem was coming from samba passwords and system password files can sometime out of sync.

    Was this system updated from OMV5 to OMV6? Or was a new installation of OMV6 done?

    • New

    Before redo the pwd, I tested smbclient from another machine and It returns NT_STATUS_LOGON_FAILURE.

    I checked smb.conf, it was normal.

    I deduced from what I read from web, problem was somewhere with pwd. :/

    Then I tried to redo same pwd with sucess and problem was solved.


    For info, It was a fresh new OMV6 installation. ;)

    OMV6 on Raspberry Pi3.

    Linux rookie 8o

    Edited 2 times, last by tof_massilia ().

    • New
    • Official Post

    It's strange. Everything in OMV is automatically configured using Salt. So I suppose you could understand some configuration error coming from an update of the OMV version, but if it is a new installation it is strange for this to happen.

    It probably would have been resolved by running the command:

    omv-salt deploy run postfix rsync samba sharedfolders systemd ssh

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login