After upgrade to 15.2, Dolphin and VLC no longer samba to external hard drive on router.

I used the DVD image on a flash drive to upgrade this machine from 15.1 to 15.2 KDE. That went well, including multimedia switched to Packman. The only issue I find is that Dolphin and VLC can no longer connect with samba to an external hard drive on our router. (They could in 15.1.) Using the link to the drive in Dolphin Remote gives

Connection to host 192.168.1.1 is broken.

Same response trying to navigate to the drive with VLC. Behavior is the same with firewall on or off.
Dolphin Remote links do work to samba to other machines in the network, such as

smb://192.168.1.145/

Firefox reaches the router admin page at 192.168.1.1
The other network machines are still on 15.1 and reach the network drive correctly.

I get:

howard@X201-oS15KDE:~> smbtree
Enter CANDH\howard's password: 
howard@X201-oS15KDE:~> smbtree

In 15.1, smbtree did not request domain password, and did list network items.
/etc/samba/smb.conf global stanza is

[global]
    netbios name = X201-oS15KDE
    workgroup = CANDH
    server string = ""
    passdb backend = tdbsam
    name resolve order = bcast host lmhosts wins
    local master = yes
    preferred master = auto
    os level = 65
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
#    logon path = \\%L\profiles\.msprofile
#    logon home = \\%L\%U\.9xprofile
#    logon drive = P:
    usershare allow guests = No
    wins support = No
    ldap admin dn = 
    wins server =

What needs tweaking to get samba access to the network drive with 15.2?
Thanks,

Not enough error info.
Try displaying your system events written to your journal by invoking the following command in an elevated contolse (sudo or su or su -)and leave it open while you try to connect to your samaba share, maybe more useful information will display

journalctl -f

TSU

That gives

howard@X201-oS15KDE:~> sudo journalctl -f
[sudo] password for root: 
-- Logs begin at Sun 2020-07-12 08:09:01 PDT. --
Jul 12 22:39:55 X201-oS15KDE nmbd[1360]: 
Jul 12 22:39:55 X201-oS15KDE nmbd[1360]:   Samba name server X201-OS15KDE is now a local master browser for workgroup CANDH on subnet 192.168.1.144
Jul 12 22:39:55 X201-oS15KDE nmbd[1360]: 
Jul 12 22:39:55 X201-oS15KDE nmbd[1360]:   *****
Jul 12 22:40:28 X201-oS15KDE kwin_x11[2120]: qt.qpa.xcb: QXcbConnection: XCB error: 3 (BadWindow), sequence: 29003, resource id: 46164726, major code: 18 (ChangeProperty), minor code: 0
Jul 12 22:40:29 X201-oS15KDE kwin_x11[2120]: qt.qpa.xcb: QXcbConnection: XCB error: 3 (BadWindow), sequence: 29751, resource id: 48440709, major code: 3 (GetWindowAttributes), minor code: 0
Jul 12 22:40:29 X201-oS15KDE kwin_x11[2120]: qt.qpa.xcb: QXcbConnection: XCB error: 9 (BadDrawable), sequence: 29752, resource id: 48440709, major code: 14 (GetGeometry), minor code: 0
Jul 12 22:40:56 X201-oS15KDE kwin_x11[2120]: qt.qpa.xcb: QXcbConnection: XCB error: 3 (BadWindow), sequence: 37074, resource id: 48363945, major code: 20 (GetProperty), minor code: 0
Jul 12 22:41:11 X201-oS15KDE sudo[12695]:   howard : TTY=pts/1 ; PWD=/home/howard ; USER=root ; COMMAND=/usr/bin/journalctl -f
Jul 12 22:41:11 X201-oS15KDE sudo[12695]: pam_unix(sudo:session): session opened for user root by howard(uid=0)
Jul 12 22:41:46 X201-oS15KDE chronyd[1359]: Selected source 72.30.35.88
^C
howard@X201-oS15KDE:~> 

Regards,

This is almost certainly due to the samba server only supporting SMBv1 (insecure and now deprecated protocol) and this now is disabled by default. Your working servers likely support SMBv2+.

What needs tweaking to get samba access to the network drive with 15.2?
Thanks,

The preferred option is to upgrade all servers so that SMBv2/v3 is used. If you must, SMBv1 can be enabled in the client by adding ‘client min protocol=NT1’ in the ‘[global]’ section of smb.conf…
https://forums.opensuse.org/showthread.php/538002-SMB1?p=2918183#post2918183
https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha-samba.html#sec-samba-client-old-server

It is an SMBv1 issue. I modified smb.conf as you mention, stopped and started smb, and Dolphin accessed the network hard drive OK in 15.2, same as 15.1. I commented the new smb.conf line, restarted smb, and 15.2 access to the drive was lost.

When you say “upgrade all servers”, in our case I take it that means the router. The router’s firmware version says its latest update “Fixed the Samba’s vulnerabilities(CVE-2017-15275).” and the samba web site says that CVE applies to “All versions of Samba from 3.6.0 onward”. The router must still have SMBv1 enabled, and wants to use it for some tasks. Running smbclient in 15.1 gives

howard@HP-oS15KDE:~> smbclient -m SMB3 -L 192.168.1.1 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Can't find include file /etc/samba/dhcp.conf
directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/lock/msg.lock
cmdline_messaging_context: Unable to initialize messaging context.
Unable to initialize messaging context
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Can't find include file /etc/samba/dhcp.conf
added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.9.5-git.296.3dd62eee45elp151.2.21.1-SUSE-oS15.0-x86_64).
Connecting to 192.168.1.1 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Enter CANDH\howard's password: 
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215

        Sharename       Type      Comment
        ---------       ----      -------
        PUBLIC          Disk      PUBLIC
        IPC$            IPC       IPC Service ()
Reconnecting with SMB1 for workgroup listing.
Connecting to 192.168.1.1 at port 139
got OID=1.3.6.1.4.1.311.2.2.10
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        CANDH                BUFFALO DD-WRT
howard@HP-oS15KDE:~> 

with the statement “Reconnecting with SMB1 for workgroup listing.”

Running smbclient in 15.2 gives

howard@X201-oS15KDE:~> smbclient -m SMB3 -L 192.168.1.1 -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Can't find include file /etc/samba/dhcp.conf
added interface wlan1 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0
Client started (version 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64).
Connecting to 192.168.1.1 at port 445
protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED
howard@X201-oS15KDE:~> 

with “protocol negotiation failed”.

I guess it’s time to start shopping for a new router.

Thanks for the insight.

Does your router support some other protocol for your network shares?
Clients like Dolphin and I’d expect VLC can connect to network shares by other protocols, some common are ftp, http, nfs and when possible encrypted versions of those protocols.

BTW -
Unknown how well your router’s SMBv1 patching might work, one of the hazards of using it is to become vulnerable to numerous Ransomware attacks normally directed only at Windows machines.

TSU

Yep, as I suspected. :wink:

When you say “upgrade all servers”, in our case I take it that means the router.

Yes, I guessed from the IP address you posted that you’re using the router to provide this service. Perhaps investing in a NAS would be a viable option instead?

I guess it’s time to start shopping for a new router.

You’d be surprised how many vendors are not yet offering SMB v2 or v3 support natively. If wanting to use a router for shared storage, I would look at replacing with a router model compatible with OpenWRT (or DD-WRT ) open source firmwares that offer other file sharing options including the newer SMB protocols.

Thanks for the insight.

Glad to have been of guidance. :slight_smile:

Current router is a Buffalo WZR-600DHP with Buffalo’s version of DD-WRT v3.0-r30356 std (11/30/17). DD-WRT site has a newer version, beta buffalo_to_ddwrt_webflash-MULTI 06Aug2019-r40559. I guess I’ll flash that and see what happens.
Regards,

The German manufacturer AVM (FRITZ!Box) is currently working on SMB2/SMB3 support for their next image version for their current products: <https://en.avm.de/migrating-access-to-fritznas-content-smb-protocol/&gt;.
The current status (for the next week or so) is as follows: <https://en.avm.de/service/fritzbox/fritzbox-7490/knowledge-base/publication/show/3327_SMB-versions-supported-by-the-FRITZ-Box/&gt;.
[HR][/HR]In other words, if you have a fairly new AVM DSL Router, wait for a week or two until the Router upgrade appears and then, upgrade from Leap 15.1 to Leap 15.2 …

  • Or, check your ‘/etc/samba/smb.conf’ content – and, don’t forget to change it once the Router upgrade appears …

Success. I flashed the router with DD-WRT buffalo_to_ddwrt_webflash-MULTI.bin, and now Dolphin and VLC connect to the network hard drive with KDE 15.2. I cannot tell what samba version the router is using, but it is sufficient. New router not required, just a donation to DD-WRT. Now to work through upgrading our other machines.
Cheers,

Good result.

I cannot tell what samba version the router is using, but it is sufficient. New router not required, just a donation to DD-WRT. Now to work through upgrading our other machines.
Cheers,

You could test from a Linux client using something like

sudo smbtree -d4 -S 192.168.1.1

Anyway, likely to be SMB2.

That gave

howard@HP-oS15KDE:~> sudo smbtree -d4 -S 192.168.1.1
[sudo] password for root: 
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
doing parameter workgroup = CANDH
doing parameter passdb backend = tdbsam
doing parameter netbios name = HP-oS15KDE
doing parameter server string = ""
doing parameter name resolve order = bcast host lmhosts wins
doing parameter local master = yes
doing parameter preferred master = auto
doing parameter os level = 65
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter printcap cache time = 750
doing parameter cups options = raw
doing parameter map to guest = Bad User
doing parameter include = /etc/samba/dhcp.conf
Can't find include file /etc/samba/dhcp.conf
doing parameter usershare allow guests = No
doing parameter wins support = No
doing parameter wins server = 
pm_process() returned Yes
added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0
name_resolve_bcast: Attempting broadcast lookup for name CANDH<0x1d>
nmb packet from 192.168.1.107(35072) header: id=27817 opcode=Query(0) response=Yes
    header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=CANDH<1d> rr_type=32 rr_class=1 ttl=259200
    answers   0 char .....k   hex 0000C0A8016B
Got a positive name query response from 192.168.1.107 ( 192.168.1.107 )
Connecting to 192.168.1.107 at port 445
Connecting to 192.168.1.107 at port 139
got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_SERVER
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
CANDH
Connecting to 192.168.1.107 at port 445
got OID=1.3.6.1.4.1.311.2.2.10
Got challenge flags:
Got NTLMSSP neg_flags=0x628a8215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_SERVER
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62008215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
        \\T61-OS15KDE    
        \\HP-OS15KDE     
        \\E550-OS15                     Samba 4.9.5-git.317.6d82fb3918blp151.2.24.1-SUSE
        \\BUFFALO DD-WRT 
howard@HP-oS15KDE:~> 


but the only mention of samba I see is what is part of the 15.1 systems, not the router.
Best regards,

I guess you could also test by forcing the SMB protocol

smbclient -m SMB2 -L 192.168.1.1

then

smbclient -m SMB3 -L 192.168.1.1

An example for your reference (using debug level 4)…

~> smbclient -d4 -m SMB3 -L 192.168.0.4
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
doing parameter workgroup = WORKGROUP
doing parameter passdb backend = tdbsam
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter printcap cache time = 750
doing parameter cups options = raw
doing parameter map to guest = Bad User
doing parameter logon path = \\%L\profiles\.msprofile
doing parameter logon home = \\%L\%U\.9xprofile
doing parameter logon drive = P:
doing parameter usershare allow guests = Yes
doing parameter min protocol = SMB3
pm_process() returned Yes
added interface eth0 ip=192.168.0.7 bcast=192.168.0.255 netmask=255.255.255.0
Client started (version 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64).
Connecting to 192.168.0.4 at port 445
 session request ok
 negotiated dialect[SMB3_11] against server[192.168.0.4]

Interesting, I get

howard@HP-oS15KDE:~> smbclient -m SMB2 -L 192.168.1.1
Enter CANDH\howard's password: 

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service ()
        PUBLIC          Disk      PUBLIC
Reconnecting with SMB1 for workgroup listing.

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        CANDH                BUFFALO DD-WRT
howard@HP-oS15KDE:~> 
howard@HP-oS15KDE:~> 
howard@HP-oS15KDE:~> smbclient -m SMB3 -L 192.168.1.1
Enter CANDH\howard's password: 

        Sharename       Type      Comment
        ---------       ----      -------
        IPC$            IPC       IPC Service ()
        PUBLIC          Disk      PUBLIC
Reconnecting with SMB1 for workgroup listing.

        Server               Comment
        ---------            -------

        Workgroup            Master
        ---------            -------
        CANDH                BUFFALO DD-WRT
howard@HP-oS15KDE:~>

SMB1 seems to be lurking about for some tasks.
But network hard drive access works with 15.2 Dolphin and VLC.
Thanks,

Yes, that’s just for workgroup listing (and legacy code in libsmbclient AFAIU). SMB2 is okay to use currently. However, you can force SMB3 in smb.conf if desired with

min protocol = SMB3

Yes, mission accomplished. :slight_smile: