Re: SMB authentication…flakiness?

In reply to: paul beard : "Re:_SMB_authentication…flakiness?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Paul Mather <paul_at_gromit.dlib.vt.edu>
Date: Tue, 11 Jul 2023 15:03:54 UTC
On Tue, 2023-07-11 at 07:12 -0700, paul beard wrote:
> I'll take a look but am reluctant (read: lazy) to install a whole new
> thing to do something that worked as recently as yesterday. 


IIRC, you said you updated the firmware in your wireless base station
device hosting the SMB volume and the SMB mount stopped working.  Could
be the firmware update removed/disabled support for SMB1, which is not
surprising as most everyone has done it because SMB1 is widely
acknowledged to be insecure.  Even Microsoft no longer ships support
for SMB1 in
Windows: https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473

If your wireless base station appliance has quit supporting SMB1 with
the current firmware then you have some decisions to make.  Maybe you
can figure out how to re-enable it?   Perhaps you can regress to the
old (possibly vulnerable) firmware that worked and keep on that?
 Microsoft has a knowledge base of how to get old SMB1-only products
working: https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-product-clearinghouse/ba-p/426008
  (Interesting to note that their suggestion for FreeBSD is also to use
sysutils/fusefs-smbnetfs :-))  Whatever you decide will take some work
on your part.

I don't know which is the "laziest" or best long-term solution for you.
 I will say that SMB1 has gone the way of the dinosaurs.  Keeping it
alive doesn't sound like a lazy person's pursuit. :-)

Cheers,

Paul.


> 
> Seeing this on the client side: 
> Jul 10 18:15:18 <kern.crit> www kernel: smb_smb_negotiate: Don't know
> how to talk with server xxx (65535)
> I assume this was during the testing of smb v1, v1 + v2 and pure v2. 
> 
> I did install samba on the client so I could use smbclient, hoping
> for more debugging info. 
> 
> smbclient -U www -I omphalos -N /tmp/mnt/storage  //mnt/storage
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> and of course, now smbutil doesn't work as it used to. 
> 
> The client on busybox allows some custom config to added: is there
> any logging I can toggle on there? 
> 
> On Tue, Jul 11, 2023 at 5:47 AM Paul Mather <paul@gromit.dlib.vt.edu>
> wrote:
> > On Mon, 2023-07-10 at 18:30 -0700, paul beard wrote:
> > > having some trouble mounting an smb volume hosted by a wireless
> > > base station running linux/busybox. 
> > > 
> > > smbutil works, mount_smbfs doesn't. password is in .nsmbrc, seems
> > > to be readable by smbutil. 
> > > 
> > > smbutil view //www@omphalos
> > > Share        Type       Comment
> > > -------------------------------
> > > jffs         disk       JFFS
> > > storage      disk       STORAGE
> > > EFI          disk       EFI
> > > IPC$         pipe       IPC Service (FreshTomato Samba Server)
> > > 
> > > mount_smbfs -I omphalos -N //tmp/mnt/storage /mnt/storage
> > > mount_smbfs: unable to open connection: syserr = Authentication
> > > error
> > > 
> > > tail -1 /etc/fstab 
> > > //omphalos/STORAGE      /mnt/storage    smbfs   rw,noauto, -N,-
> > > I192.168.0.1 00
> > > 
> > > This all used to work, but a couple of firmware upgrades have
> > > taken place. This was working yesterday after the latest update
> > > but now is failing and I am not seeing what's wrong with it. 
> > > 
> > > The server offers Samba protocol version v1, v2 or mixed v1/v2.
> > > v1 doesn't work at all, returns 
> > > mount_smbfs: unable to open connection: syserr = RPC struct is
> > > bad
> > > 
> > > 
> > > The others will allow smbutil to work but not mount_smbfs.
> > > Logging isn't telling me much on the server side. I could mount
> > > the disk on macOS but that's not working now either. smbutil
> > > still works there but not mount_smbfs.
> > 
> > 
> > 
> > When my OpenELEC server stopped supporting SMB1 by default I
> > decided to bite the bullet and abandon mount_smbfs, which does not
> > support anything higher than SMB1.  (See the STANDARDS section of
> > the mount_smbfs(8) manual page.)
> > 
> > In my case, I switched to the sysutils/fusefs-smbnetfs port.  It
> > uses Samba4 under the hood, so supports both SMB2 and SMB3, making
> > it more compatible with other OSes (like macOS).  I found fusefs-
> > smbnetfs a little bit of a pain to set up, but very reliable.  Its
> > main advantage, for me, is supporting modern SMB standards.
> > 
> > Cheers,
> > 
> > Paul.
> 
> 
> -- 
> Paul Beard / www.paulbeard.org/