Can't see or access samba share from router

Hello,

My router, an Inteno DG200AL, has USB ports in which I have plugged a USB stick in to share videos over DLNA. I want to put videos on it over the network too, and the USB stick is mounted as a Samba share in the router, and it works fine from a Windows 7 pc. But I can’t see any sign of it from my Tumbleweed PC; not from “Connect to a server” in Caja; not from smb://inteno/usb, not from smbclient -L inteno. I am almost crying inside that it’s plug-and-play in 11 year old Win7, but takes hours and hours of troubleshooting on a top-modern linux OS.

First of all, I don’t even think the ‘inteno’ name is resolving correctly to the router. I can do a ‘smbclient -L 192.168.1.1’ which gives me a “protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED”, which I expect is because the router disallows direct connections outside the samba share.

‘smbclient -L inteno’ gives the error “do_connect: Connection to inteno failed (Error NT_STATUS_NOT_FOUND)”.

Trying through Caja, without specifying a share, gives the error “Failed to retrieve share list from server: Connection refused” no matter what server name I use.
With specifying a share, the error is “Failed to mount Windows share: Invalid argument”.

I can use 192.168.1.1 as the server name, which gives “Software caused connection abort”.

Ideally it should just be automatically visible in Network in Caja, like it is in Windows. I have tried different things like adding SMB CLIENT 1.0 and WINS and stuff to all kinds of different files. I’m willing to try anything, I’m out of ideas.

Do you know which samba protocol version(s) your router supports? Most Linux file managers currently relied on using the now deprecated NetBIOS discovery (SMBv1 runs on NetBIOS as well). This is best left disabled for security reasons. However KDE’s Dolphin file manager has recently gained the ability to use WS-Discovery for servers that support that mechanism.

Assuming that the router supports avahi service discovery, see if you can reach it via a .local name…

ping inteno.local
avahi-browse -art

If inteno.local is enumerated in the avahi-browse output, try

smb://inteno.local/usb

or via it’s IP address if that fails eg

smb://192.168.1.1/usb/

Is the firewall active?

sudo systemctl status firewalld

and if it is, check that samba and avahi allowed?

firewall-cmd --list-all

Thank you for your reply.
No, I don’t know the Samba version of the router. I have tried logging in with SSH to examine it, but I can’t even do that, it says “Permission denied” for all users and passwords. The manual is here http://docs.intenogroup.com/v313/en/_media/wiki/downloads/juci.pdf and it is as badly written as the router software it seems; on the last page it explains how to log in with SSH but they have forgot to fill out a lot of info! It says to use admin@192.168.1.1, elsewhere it says both username and password is root, but none work.

I tried booting Kubuntu up but Dolphin isn’t doing any better.

Pinging inteno.local doesn’t work.
Pinging inteno works from the Win7 machine.
avahi-browse likewise shows nothing.

smb://192.168.1.1/usb/ gives the error “Failed to mount Windows share: Software caused connection abort”
firewall-cmd --list-all output:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp7s0
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Which I don’t understand, because in the Zypper firewall Samba is listed as allowed in External, Internal and home. But I don’t see avahi in the list of services available.

I suspect the router is using SMBv1, and so no issue accessing via Windows 7 machine.

I have tried logging in with SSH to examine it, but I can’t even do that, it says “Permission denied” for all users and passwords. The manual is here http://docs.intenogroup.com/v313/en/_media/wiki/downloads/juci.pdf and it is as badly written as the router software it seems; on the last page it explains how to log in with SSH but they have forgot to fill out a lot of info! It says to use admin@192.168.1.1, elsewhere it says both username and password is root, but none work.

Can you not access the router’s web interface using a browser?

http://192.168.1.1

Pinging inteno.local doesn’t work.

Ok, so mDNS not in use with this router.

Pinging inteno works from the Win7 machine.

That is using NetBIOS name resolution.

firewall-cmd --list-all output:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp7s0
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Which I don’t understand, because in the Zypper firewall Samba is listed as allowed in External, Internal and home. But I don’t see avahi in the list of services available.

You’re using the public (default) zone currently.

smb://192.168.1.1/usb/ gives the error “Failed to mount Windows share: Software caused connection abort”

That is because your router is using SMBv1. Upstream Samba has disabled the insecure and obsolete SMB1 protocol. The best option is to upgrade the router firmware to support SMB2 (or higher), however this may not be a viable option depending on how old the router is. A new router might be another option.

However, if you don’t mind taking a risk in your private network, then it is possible to force SMBv1 by adding the following directive into the ‘[Global]’ section of /etc/samba/smb.conf

client min protocol = NT1

Then attempt the same again.

FWIW, a similar thread here…
https://forum.manjaro.org/t/smb-problem-failed-to-mount-windows-share-software-caused-connection-abort/138022/5

FINALLY SUCCESS!

I tried adding “client min protocol = NT1” to smb.conf but did it at the bottom, but it HAS to be in the [Global] section! Now it works!

Anyways, it is truly mind-boggling that the router only supports SMB1 since the router is from 2017!! I’ll complain to my ISP.

Thank you for your help!!

Yes. :wink:

Anyways, it is truly mind-boggling that the router only supports SMB1 since the router is from 2017!! I’ll complain to my ISP.

Thank you for your help!!

Well done. Glad to have been of help.

BTW, I’m not sure that your ISP will care so much, but they should understand the risks of ‘encouraging’ customers to using these routers as NAS devices.

https://blog.malwarebytes.com/101/2018/12/how-threat-actors-are-using-smb-vulnerabilities/
https://securityboulevard.com/2018/12/whats-the-problem-with-smb-1-and-should-you-worry-about-smb-2-and-3/