Date: Tue, 11 Jul 2023 11:03:54 -0400 From: Paul Mather <paul@gromit.dlib.vt.edu> To: paul beard <paulbeard@gmail.com> Cc: FreeBSD-questions <freebsd-questions@freebsd.org> Subject: Re: SMB =?UTF-8?Q?authentication=E2=80=A6flakiness=3F?= Message-ID: <09586bc04c827e161532db159348d8f1e904c45b.camel@gromit.dlib.vt.edu> In-Reply-To: <CAMtcK2qGrxxMFCvYLJs062vmf5z=57jf67q-dMuHi3teENoMMw@mail.gmail.com> References: <CAMtcK2q0kefQ8Koa%2BoCetqfLauZaRLTQn2r=VNgwBAdb0nrTNA@mail.gmail.com> <e50a029b5cbc9e8bf9e6d2e92e5872940d233dd5.camel@gromit.dlib.vt.edu> <CAMtcK2qGrxxMFCvYLJs062vmf5z=57jf67q-dMuHi3teENoMMw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-025siOm+dPWlYX946Ntc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2023-07-11 at 07:12 -0700, paul beard wrote: > I'll take a look but am reluctant (read: lazy) to install a whole new > thing to do something=C2=A0that worked as recently as yesterday.=C2=A0 IIRC, you said you updated the firmware in your wireless base station device hosting the SMB volume and the SMB mount stopped working. =C2=A0Coul= d be the firmware update removed/disabled support for SMB1, which is not surprising as most everyone has done it because SMB1 is widely acknowledged to be insecure. =C2=A0Even Microsoft no longer ships support for SMB1 in Windows:=C2=A0https://techcommunity.microsoft.com/t5/storage-at-microsoft/s= mb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/328947= 3 If your wireless base station appliance has quit supporting SMB1 with the current firmware then you have some decisions to make. =C2=A0Maybe you can figure out how to re-enable it? =C2=A0 Perhaps you can regress to the old (possibly vulnerable) firmware that worked and keep on that? =C2=A0Microsoft has a knowledge base of how to get old SMB1-only products working:=C2=A0https://techcommunity.microsoft.com/t5/storage-at-microsoft/s= mb1-product-clearinghouse/ba-p/426008 =C2=A0 (Interesting to note that their suggestion for FreeBSD is also to us= e sysutils/fusefs-smbnetfs :-)) =C2=A0Whatever you decide will take some work on your part. I don't know which is the "laziest" or best long-term solution for you. =C2=A0I will say that SMB1 has gone the way of the dinosaurs. =C2=A0Keeping= it alive doesn't sound like a lazy person's pursuit. :-) Cheers, Paul. >=20 > Seeing this on the client side:=C2=A0 > Jul 10 18:15:18 <kern.crit> www kernel: smb_smb_negotiate: Don't know > how to talk with server xxx (65535) > I assume this was during the testing of smb v1, v1=C2=A0+ v2 and pure v2.= =C2=A0 >=20 > I did install samba on the client so I could use smbclient, hoping > for more debugging info.=C2=A0 >=20 > smbclient -U www -I omphalos -N /tmp/mnt/storage =C2=A0//mnt/storage > session setup failed: NT_STATUS_LOGON_FAILURE >=20 > and of course, now smbutil doesn't work as it used to.=C2=A0 >=20 > The client on busybox allows some custom config to added: is there > any logging I can toggle on there?=C2=A0 >=20 > On Tue, Jul 11, 2023 at 5:47=E2=80=AFAM Paul Mather <paul@gromit.dlib.vt.= edu> > wrote: > > On Mon, 2023-07-10 at 18:30 -0700, paul beard wrote: > > > having some trouble mounting an smb volume hosted by a wireless > > > base station running linux/busybox.=20 > > >=20 > > > smbutil works, mount_smbfs doesn't. password is in .nsmbrc, seems > > > to be readable by smbutil.=C2=A0 > > >=20 > > > smbutil view //www@omphalos > > > Share =C2=A0 =C2=A0 =C2=A0 =C2=A0Type =C2=A0 =C2=A0 =C2=A0 Comment > > > ------------------------------- > > > jffs =C2=A0 =C2=A0 =C2=A0 =C2=A0 disk =C2=A0 =C2=A0 =C2=A0 JFFS > > > storage =C2=A0 =C2=A0 =C2=A0disk =C2=A0 =C2=A0 =C2=A0 STORAGE > > > EFI =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0disk =C2=A0 =C2=A0 =C2=A0 EFI > > > IPC$ =C2=A0 =C2=A0 =C2=A0 =C2=A0 pipe =C2=A0 =C2=A0 =C2=A0 IPC Servic= e (FreshTomato Samba Server) > > >=20 > > > mount_smbfs -I omphalos -N //tmp/mnt/storage /mnt/storage > > > mount_smbfs: unable to open connection: syserr =3D Authentication > > > error > > >=20 > > > tail -1 /etc/fstab=20 > > > //omphalos/STORAGE =C2=A0 =C2=A0 =C2=A0/mnt/storage =C2=A0 =C2=A0smbf= s =C2=A0 rw,noauto, -N,- > > > I192.168.0.1 00 > > >=20 > > > This all used to work, but a couple of firmware upgrades have > > > taken place. This was working yesterday after the latest update > > > but now is failing and I am not seeing what's wrong with it.=C2=A0 > > >=20 > > > The server offers Samba protocol version=C2=A0v1, v2 or mixed v1/v2. > > > v1 doesn't work at all, returns=C2=A0 > > > mount_smbfs: unable to open connection: syserr =3D RPC struct is > > > bad > > >=20 > > >=20 > > > The others will allow smbutil to work but not mount_smbfs. > > > Logging=C2=A0isn't telling me much on the server side. I could mount > > > the disk on macOS but that's not working now either. smbutil > > > still works there but not mount_smbfs. > >=20 > >=20 > >=20 > > When my OpenELEC server stopped supporting SMB1 by default I > > decided to bite the bullet and abandon mount_smbfs, which does not > > support anything higher than SMB1. =C2=A0(See the STANDARDS section of > > the mount_smbfs(8) manual page.) > >=20 > > In my case, I switched to the sysutils/fusefs-smbnetfs port.=C2=A0 It > > uses Samba4 under the hood, so supports both SMB2 and SMB3, making > > it more compatible with other OSes (like macOS).=C2=A0 I found fusefs- > > smbnetfs a little bit of a pain to set up, but very reliable.=C2=A0 Its > > main advantage, for me, is supporting modern SMB standards. > >=20 > > Cheers, > >=20 > > Paul. >=20 >=20 > --=20 > Paul Beard / www.paulbeard.org/ --=-025siOm+dPWlYX946Ntc Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable <html><head></head><body><div>On Tue, 2023-07-11 at 07:12 -0700, paul beard= wrote:</div><blockquote type=3D"cite" style=3D"margin:0 0 0 .8ex; border-l= eft:2px #729fcf solid;padding-left:1ex"><div dir=3D"ltr">I'll take a look b= ut am reluctant (read: lazy) to install a whole new thing to do something&n= bsp;that worked as recently as yesterday. </div></blockquote><div><br>= </div><div><br></div><div>IIRC, you said you updated the firmware in your w= ireless base station device hosting the SMB volume and the SMB mount stoppe= d working. Could be the firmware update removed/disabled support for = SMB1, which is not surprising as most everyone has done it because SMB1 is = widely acknowledged to be insecure. Even Microsoft no longer ships su= pport for SMB1 in Windows: <a href=3D"https://techcommunity.microsoft.= com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-hom= e-insiders-builds/ba-p/3289473">https://techcommunity.microsoft.com/t5/stor= age-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-= builds/ba-p/3289473</a></div><div><br></div><div>If your wireless base stat= ion appliance has quit supporting SMB1 with the current firmware then you h= ave some decisions to make. Maybe you can figure out how to re-enable= it? Perhaps you can regress to the old (possibly vulnerable) firmwa= re that worked and keep on that? Microsoft has a knowledge base of ho= w to get old SMB1-only products working: <a href=3D"https://techcommun= ity.microsoft.com/t5/storage-at-microsoft/smb1-product-clearinghouse/ba-p/4= 26008">https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-pro= duct-clearinghouse/ba-p/426008</a> (Interesting to note that their su= ggestion for FreeBSD is also to use sysutils/fusefs-smbnetfs :-)) Wha= tever you decide will take some work on your part.</div><div><br></div><div= >I don't know which is the "laziest" or best long-term solution for you. &n= bsp;I will say that SMB1 has gone the way of the dinosaurs. Keeping i= t alive doesn't sound like a lazy person's pursuit. :-)</div><div><br></div= ><div>Cheers,</div><div><br></div><div>Paul.</div><div><br></div><div><br><= /div><blockquote type=3D"cite" style=3D"margin:0 0 0 .8ex; border-left:2px = #729fcf solid;padding-left:1ex"><div dir=3D"ltr"><div><br></div><div>Seeing= this on the client side: </div><div>Jul 10 18:15:18 <kern.crit>= www kernel: smb_smb_negotiate: Don't know how to talk with server xxx (655= 35)<br></div><div>I assume this was during the testing of smb v1, v1 += v2 and pure v2. </div><div><br></div><div>I did install samba on the = client so I could use smbclient, hoping for more debugging info. </div= ><div><br></div><div>smbclient -U www -I omphalos -N /tmp/mnt/storage  = ;//mnt/storage<br></div><div>session setup failed: NT_STATUS_LOGON_FAILURE<= br></div><div><br></div><div>and of course, now smbutil doesn't work as it = used to. </div><div><br></div><div>The client on busybox allows some c= ustom config to added: is there any logging I can toggle on there? </d= iv></div><div><br></div><div class=3D"gmail_quote"><div dir=3D"ltr" class= =3D"gmail_attr">On Tue, Jul 11, 2023 at 5:47=E2=80=AFAM Paul Mather <<a = href=3D"mailto:paul@gromit.dlib.vt.edu">paul@gromit.dlib.vt.edu</a>> wro= te:<br></div><blockquote type=3D"cite" style=3D"margin:0 0 0 .8ex; border-l= eft:2px #729fcf solid;padding-left:1ex"><div><div>On Mon, 2023-07-10 at 18:= 30 -0700, paul beard wrote:</div><blockquote type=3D"cite" style=3D"margin:= 0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div dir=3D"ltr= ">having some trouble mounting an smb volume hosted by a wireless base stat= ion running linux/busybox. <br><br>smbutil works, mount_smbfs doesn't. pass= word is in .nsmbrc, seems to be readable by smbutil. <br><br><font fac= e=3D"monospace">smbutil view //www@omphalos<br>Share &= nbsp;Type Comment<br>-------------------------------<b= r>jffs disk JFFS<br>storag= e disk STORAGE<br>EFI  = ; disk EFI<br>IPC$ &= nbsp; pipe IPC Service (FreshTomato Samba Serve= r)</font><br><br><font face=3D"monospace">mount_smbfs -I omphalos -N //tmp/= mnt/storage /mnt/storage<br>mount_smbfs: unable to open connection: syserr = =3D Authentication error</font><div><br></div><div>tail -1 /etc/fstab <br>/= /omphalos/STORAGE /mnt/storage smbfs  = ; rw,noauto, -N,-I192.168.0.1 00<br><br></div>This all used to work, but a = couple of firmware upgrades have taken place. This was working yesterday af= ter the latest update but now is failing and I am not seeing what's wrong w= ith it. <div><br></div><div>The server offers Samba protocol version&n= bsp;v1, v2 or mixed v1/v2. v1 doesn't work at all, returns </div><font= face=3D"monospace">mount_smbfs: unable to open connection: syserr =3D RPC = struct is bad<br></font><div><br></div><div>The others will allow smbutil t= o work but not mount_smbfs. Logging isn't telling me much on the serve= r side. I could mount the disk on macOS but that's not working now either. = smbutil still works there but not mount_smbfs.</div></div></blockquote><div= ><br></div><div><br></div><div>When my OpenELEC server stopped supporting S= MB1 by default I decided to bite the bullet and abandon mount_smbfs, which = does not support anything higher than SMB1. (See the STANDARDS sectio= n of the mount_smbfs(8) manual page.)</div><div><br></div><div>In my case, = I switched to the sysutils/fusefs-smbnetfs port. It uses Samba4 under= the hood, so supports both SMB2 and SMB3, making it more compatible with o= ther OSes (like macOS). I found fusefs-smbnetfs a little bit of a pai= n to set up, but very reliable. Its main advantage, for me, is suppor= ting modern SMB standards.</div><div><br></div><div>Cheers,</div><div><br><= /div><div>Paul.</div><div><span></span></div></div></blockquote></div><div>= <br clear=3D"all"></div><div><br></div><div><span class=3D"gmail_signature_= prefix">-- </span><br></div><div dir=3D"ltr" class=3D"gmail_signature">Paul= Beard / <a href=3D"http://www.paulbeard.org/" target=3D"_blank">www.paulbe= ard.org/</a><br></div></blockquote><div><br></div><div><span></span></div><= /body></html> --=-025siOm+dPWlYX946Ntc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?09586bc04c827e161532db159348d8f1e904c45b.camel>