This forum uses cookies. Click X button to hide this message. What is stored? 
Total Commander Forum Index Total Commander
Forum - Public Discussion and Support
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Cannot connect to SMB server when min protocol = SMB2 is set
Goto page Previous  1, 2, 3  Next
 
Post new topic   Reply to topic    Total Commander Forum Index -> Total Commander (English) Printable version
View previous topic :: View next topic  
Author Message
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Thu Nov 09, 2017 8:01 pm    Post subject: Reply with quote

Thank you for your answer.

I don't think it's related to firewall.
The samba server's version is 4.3.11 and it's on Ubuntu server.
If I turned on "min protocol = smb2", only MS Windows's file manager can connect to the server, neither Android(Total Commander) nor Ubuntu's file managers(Dolphin, Nautilus, etc..) can.
I haven't tried linux smbclient tool.

I don't know what the problem is.. I'll stick to smb1 for now.
Back to top
View user's profile Send private message Send e-mail AIM Address
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Thu Nov 09, 2017 8:23 pm    Post subject: Reply with quote

I changed the settings for the Samba server, but no luck.
This error message might help to find the cause?

smb.conf
Code:
client min protocol = SMB2_02


Total Command's error message

Code:
Server Connect Error?(Actually it is "서버 연결 오류!" in Korean)
STATUS_ACCESS_DENIED(3221225506/322122///LAN/mySambaServer
Back to top
View user's profile Send private message Send e-mail AIM Address
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Fri Nov 10, 2017 4:20 am    Post subject: Reply with quote

I have tried with a Raspberry PI 3 running the latest Raspbian Stretch. It works with both Samba 4.5.8 and now 4.5.12 after apt-get update/upgrade.

I have tried with both
min protocol = smb2
and
min protocol = smb2_02

Using just
client min protocol = SMB2_02
has no effect here, I can still connect with SMB1 when I use that.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Sun Nov 12, 2017 8:12 am    Post subject: Reply with quote

It was false alarm. It works good on Ubuntu 16.04 and Samba 4.3.11.
Making a new settings in T.C's Lan plugin is the point.

Please ignore the below lines.

I tried with several sbcs with a few distributions then I made this conclusion.

Ubuntu Server 16.04(Armbian/CubieTruck or VirtualBox) / Samba 4.3.11 - T.C LAN plugin not Connectable.
Ubuntu Server 17.10(VirtualBox) / Samba 4.6.7 - T.C LAN plugin Connectable.
Debian Server Stretch(Raspbian) / Samba 4.5.12 - T.C LAN plugin Connectable.
** Ubuntu Server 16.04(Armbian/OrangePi) / Samba 4.6.7 - T.C LAN plugin not Connectable.

MS Windows 10 can connect all the Samba servers above.

I am using Ubuntu Server 16.04 and Samba 4.3.11(actually it is Armbian with OrangePi), so I could not connect to the server with T.C Lan plugin.
I'll find a way to use Debian for my sbcs.

Anyway, thank you for your help!


Last edited by nemonein on Tue Nov 14, 2017 10:30 pm; edited 3 times in total
Back to top
View user's profile Send private message Send e-mail AIM Address
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Sun Nov 12, 2017 8:35 am    Post subject: Reply with quote

Thanks for your tests! Did you receive any more meaningfull error messages than "cannot connect"? I looked in the sshj library error tracker, but couldn't find ANY connection issues to Linux/Samba servers:
https://github.com/hierynomus/sshj/issues?page=2&q=is%3Aissue+is%3Aopen
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Sun Nov 12, 2017 10:27 pm    Post subject: Reply with quote

No more error messages for T.C. I attached samba server's error log below.

Here's my working smb.conf. (If I run it on Ubuntu 17.10 or Debian stretch)

Code:
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = xxxyyy
security = user
map to guest = bad user
dns proxy = no

max protocol = SMB3
min protocol = SMB2_10
client max protocol = SMB3
client min protocol = SMB2_10

#============================ Share Definitions ==============================

[S_Secured]
path = /var/samba_share
valid users = abcduser
guest ok = no
writable = yes
browsable = yes


I'm not quite sure, but only "SMB2_10" worked for me. (not SMB2, SMB2_2)

This is the most important thing: if smb2 is used, an authentication is must. Anonymous share does not work with smb2.
It means 'valid users', 'guest ok' in smb.conf, and creating a user with smbpasswd are all needed.

I run Samba with above smb.conf on Ubuntu 16.04, and I try to connect to it from T.C.
Here's the log of samba server when T.C could not connect to the Samba.

Code:

[2017/11/13 13:06:29.084534,  3] ../source3/smbd/oplock.c:1328(init_oplocks)
  init_oplocks: initializing messages.
[2017/11/13 13:06:29.085170,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 61 (0 toread)
[2017/11/13 13:06:29.085554,  3] ../source3/smbd/process.c:1538(switch_message)
  switch message SMBnegprot (pid 7802) conn 0x0
[2017/11/13 13:06:29.096660,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [SMB 2.002]
[2017/11/13 13:06:29.097125,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [SMB 2.???]
[2017/11/13 13:06:29.098155,  3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2017/11/13 13:06:29.098416,  5] ../source3/auth/auth.c:491(make_auth_context_subsystem)
  Making default auth method list for server role = 'standalone server', encrypt passwords = yes
[2017/11/13 13:06:29.098651,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend trustdomain
[2017/11/13 13:06:29.098886,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'trustdomain'
[2017/11/13 13:06:29.099071,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend ntdomain
[2017/11/13 13:06:29.099250,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'ntdomain'
[2017/11/13 13:06:29.099413,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend guest
[2017/11/13 13:06:29.099576,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'guest'
[2017/11/13 13:06:29.099734,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend sam
[2017/11/13 13:06:29.099897,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'sam'
[2017/11/13 13:06:29.100055,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend sam_ignoredomain
[2017/11/13 13:06:29.100221,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'sam_ignoredomain'
[2017/11/13 13:06:29.100381,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend winbind
[2017/11/13 13:06:29.100543,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'winbind'
[2017/11/13 13:06:29.100700,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend unix
[2017/11/13 13:06:29.100904,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'unix'
[2017/11/13 13:06:29.101068,  5] ../source3/auth/auth.c:48(smb_register_auth)
  Attempting to register auth backend wbc
[2017/11/13 13:06:29.101232,  5] ../source3/auth/auth.c:60(smb_register_auth)
  Successfully added auth method 'wbc'
[2017/11/13 13:06:29.101389,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2017/11/13 13:06:29.101555,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2017/11/13 13:06:29.101720,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2017/11/13 13:06:29.101885,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2017/11/13 13:06:34.149229,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2017/11/13 13:06:34.149629,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2017/11/13 13:06:34.149824,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2017/11/13 13:06:34.150001,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'spnego' registered
[2017/11/13 13:06:34.150179,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'schannel' registered
[2017/11/13 13:06:34.150354,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2017/11/13 13:06:34.150599,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2017/11/13 13:06:34.150786,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2017/11/13 13:06:34.150965,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2017/11/13 13:06:34.151142,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'http_basic' registered
[2017/11/13 13:06:34.151323,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2017/11/13 13:06:34.151502,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'krb5' registered
[2017/11/13 13:06:34.151679,  3] ../auth/gensec/gensec_start.c:918(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2017/11/13 13:06:34.152628,  3] ../source3/smbd/negprot.c:744(reply_negprot)
  Selected protocol SMB 2.???
[2017/11/13 13:06:34.161236,  3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_10
[2017/11/13 13:06:34.161482,  5] ../source3/auth/auth.c:491(make_auth_context_subsystem)
  Making default auth method list for server role = 'standalone server', encrypt passwords = yes
[2017/11/13 13:06:34.161680,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2017/11/13 13:06:34.161859,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2017/11/13 13:06:34.162028,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2017/11/13 13:06:34.162197,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2017/11/13 13:06:34.175629,  5] ../source3/auth/auth.c:491(make_auth_context_subsystem)
  Making default auth method list for server role = 'standalone server', encrypt passwords = yes
[2017/11/13 13:06:34.175897,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2017/11/13 13:06:34.176079,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2017/11/13 13:06:34.176250,  5] ../source3/auth/auth.c:378(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2017/11/13 13:06:34.176419,  5] ../source3/auth/auth.c:403(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2017/11/13 13:06:34.177315,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe0888215
[2017/11/13 13:06:34.195094,  3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[] domain=[] workstation=[] len1=0 len2=162
[2017/11/13 13:06:34.195511,  3] ../source3/param/loadparm.c:3817(lp_load_ex)
  lp_load_ex: refreshing parameters
[2017/11/13 13:06:34.196082,  3] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2017/11/13 13:06:34.196902,  3] ../source3/param/loadparm.c:2746(lp_do_section)
  Processing section "[global]"
[2017/11/13 13:06:34.198029,  2] ../source3/param/loadparm.c:2763(lp_do_section)
  Processing section "[Torrent]"
[2017/11/13 13:06:34.198688,  2] ../source3/param/loadparm.c:2763(lp_do_section)
  Processing section "[S_Secured]"
[2017/11/13 13:06:34.199454,  3] ../source3/param/loadparm.c:1586(lp_add_ipc)
  adding IPC service
[2017/11/13 13:06:34.199851,  5] ../source3/auth/auth_util.c:123(make_user_info_map)
  Mapping user []\[] from workstation []
[2017/11/13 13:06:34.200057,  5] ../source3/auth/auth_util.c:144(make_user_info_map)
  Mapped domain from [] to [xxxyyy] for user [] from workstation []
[2017/11/13 13:06:34.200236,  5] ../source3/auth/user_info.c:62(make_user_info)
  attempting to make a user_info for  ()
[2017/11/13 13:06:34.200402,  5] ../source3/auth/user_info.c:70(make_user_info)
  making strings for 's user_info struct
[2017/11/13 13:06:34.200627,  5] ../source3/auth/user_info.c:108(make_user_info)
  making blobs for 's user_info struct
[2017/11/13 13:06:34.200799,  3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user []\[]@[] with the new password interface
[2017/11/13 13:06:34.200966,  3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
  check_ntlm_password:  mapped user is: [xxxyyy]\[]@[]
[2017/11/13 13:06:34.201405,  5] ../source3/passdb/pdb_tdb.c:600(tdbsam_getsampwnam)
  pdb_getsampwnam (TDB): error fetching database.
   Key: USER_
[2017/11/13 13:06:34.201669,  3] ../source3/auth/check_samsec.c:399(check_sam_security)
  check_sam_security: Couldn't find user '' in passdb.
[2017/11/13 13:06:34.201843,  5] ../source3/auth/auth.c:252(auth_check_ntlm_password)
  check_ntlm_password: sam authentication for user [] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/11/13 13:06:34.202176,  2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/11/13 13:06:34.202364,  3] ../source3/auth/auth_util.c:1610(do_map_to_guest_server_info)
  No such user  [] - using guest account
Back to top
View user's profile Send private message Send e-mail AIM Address
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Mon Nov 13, 2017 9:00 am    Post subject: Reply with quote

Quote:
pdb_getsampwnam (TDB): error fetching database.
Key: USER_
[2017/11/13 13:06:34.201669, 3] ../source3/auth/check_samsec.c:399(check_sam_security)
check_sam_security: Couldn't find user '' in passdb.


It looks like the server doesn't get a user name! It tries to look up the empty user, which fails.

Are you sure you filled in the "User name" field in the LAN plugin?
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Mon Nov 13, 2017 9:20 am    Post subject: Reply with quote

Yes, I did fill the "User Name" field.
Back to top
View user's profile Send private message Send e-mail AIM Address
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Mon Nov 13, 2017 10:20 am    Post subject: Reply with quote

Then why does your server report an empty name? It doesn't make any sense. Sad
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
hlloyge
Member
Member


Joined: 02 Nov 2006
Posts: 107

PostPosted: Mon Nov 13, 2017 3:45 pm    Post subject: Reply with quote

Yeah, similar problems. I am using Kodibuntu with old version of Ubuntu underneath - Ubuntu 14.04.5 LTS. Can't connect to SMB shares there with TCMD Android LAN plugin. Funny thing, I can connect with Android Samba Client, new application form Google, you can find it here:
https://play.google.com/store/apps/details?id=com.google.android.sambadocumentsprovider
They have sources on github. It is supposed to "create" some "folder" in Downloads visible with something called 'Downloads' application, but I can't see that as I have Samsung mobile phone and their file manager.
My SMB shares don't have any password, as thy are local and read-only, innacessible from anywhere but my local LAN. And I want them to stay that way. Mr. Ghisler, can you make use of this program, or at least add support for showing it's mounted shares inside Total Commander on Android?
Back to top
View user's profile Send private message
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Mon Nov 13, 2017 8:47 pm    Post subject: Reply with quote

@ghisler
I have no idea why that happens. It' weird but it is the problem of Samba with Ubuntu 16.04.
Or, Could it be the problem of my Android devices(5.x)?

@hlloyge
I wish I could try the application, but it supports only android 6 and up. My android devices stay in Android 5.x.
Back to top
View user's profile Send private message Send e-mail AIM Address
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Tue Nov 14, 2017 1:19 am    Post subject: Reply with quote

I think I've found what causes this.
I'll post it later.

I have to tell you this first, "Now it works fine." on Ubuntu 16.04.
Back to top
View user's profile Send private message Send e-mail AIM Address
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Tue Nov 14, 2017 10:30 am    Post subject: Reply with quote

Is there anything I can do to make it work with Ubuntu 16.04 without needing your change?
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
nemonein
Junior Member
Junior Member


Joined: 10 May 2013
Posts: 15

PostPosted: Tue Nov 14, 2017 10:25 pm    Post subject: Reply with quote

I think you need to do something.
The reason why I failed to connect to the mofied(smb1 ➙ smb2) Samba server is I used previous settings in T.C.

To make the long story short, creating a new setting for the Samba server works good. Using previous(also modified) setting does not work.

Here's the long story. The server I used here is Ubuntu 16.04, and Samba 4.3.11.

    1. I configured the Samba server with smb1, no authentication. (no userid, no password.)
    2. In T.C, I made a setting for Samba server(#1), named it as 'Samba_1', set the server name by its IP address(192.168.x.x) and the user id, password fileds are all emptied.


I used the Samba server and T.C until Lan plugin was upgraded 3.x.
After Lanplugin is upgraded to 3.x, I did something like this.

    3. I reconfigured smb.conf file in Samba server, by adding smb2 related lines.
    4. Because smb2 needs authentication, I created a password by 'smbpasswd'. That's all for the Samba setting.
    5. I changed the setting 'Samba_1' in T.C's Lan plugin, turned on SMB2(check box), and added User name and password made in #4.


After these steps, I tried to connect Samba from T.C using 'Samba_1' setting.
And you know the result, it failed. (No user error. "Couldn't find user '' in passdb.")

I thought it was related Ubuntu or Samba, so I tried with new Ubuntu(17.10), then I 'CREATED' a new setting(let's say it's Samba_2) in T.C's Lan plugin for the modified Samba server.
That was the point. Because it works fine, I thought there might be problems in Ubuntu 16.04.


I couldn't connect to the modified(smb1 -> smb2) Samba server using previous setting in T.C.
If I make a new setting for the Samba server, it works fine.

Maybe Lan plugin do not detect the setting's status?
Back to top
View user's profile Send private message Send e-mail AIM Address
ghisler(Author)
Site Admin
Site Admin


Joined: 04 Feb 2003
Posts: 34715
Location: Switzerland

PostPosted: Wed Nov 15, 2017 10:56 am    Post subject: Reply with quote

Did you perhaps have "older NAS compatibility" option checked? If this is checked, the SMB2 option will be ignored because the two are exclusive (you can't have both at the same time).

Also SMB2 is now disabled by default for older connections, it has to be checked manually. I changed this in 3.01 (in 3.0, SMB2 was on by default) so older connections don't get broken by the update when the server doesn't support SMB2.
_________________
Author of Total Commander
http://www.ghisler.com
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Total Commander Forum Index -> Total Commander (English) All times are GMT - 6 Hours
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Impressum: This site is maintained by Ghisler Software GmbH

Using phpBB © 2001-2005 phpBB Group