On 10/3/23 12:03, Steve Matzura wrote:
I gave up on the NFS business and went back to good old buggy but
reliable SAMBA (LOL), which is what I was using when I was on Debian 8,
and which worked fine. Except for one thing, everything's great.
In /etc/fstab, I have:
//192.168.1.156/BigVol1 /mnt/bigvol1 civs
vers=2.0,credentials=/root/smbcreds,ro
That should work, right? Well, it does, but only sometimes. If I boot
the system, the remote share isn't there. If I unmount everything with
'umount -a', wait a few seconds, then remount everything with 'mount
-a', I sometimes have to do it twice. Sometimes, the first time I get a
message from mount about error -95, but if I wait the space of a couple
heartbeats and try 'mount -a' again, the share mounts. If I look through
/var/kern.log for errors, I don't find anything that stands out as
erroneous, but would be glad to supply extracts here that might help me
to trace this down and fix it.
Using Samba to share files over the network requires various steps and
settings on both the server and on the clients. I put a lot of effort
into Samba back in the day, and only went far enough to get basic file
sharing working. Since then, I have copied-and-pasted. But Microsoft
has not stood still, nor has Samba.
I have attempted to document the current state of Samba on my SOHO,
below. But beware -- my Samba setup is insecure and has issues.
My username is "dpchrist" on all computers and on Samba.
My primary group is "dpchrist" on all Unix computers.
My UID and GID are both "12345" (redaction) on all Unix computers.
The server is FreeBSD (I previously used Debian, but switched to get
native ZFS):
2023-10-03 12:20:58 toor@f3 ~
# freebsd-version -kru
12.4-RELEASE-p5
12.4-RELEASE-p5
12.4-RELEASE-p5
The latest version of Samba seemed to want Kerberos, so I chose an older
version that does not:
2023-10-03 12:25:25 toor@samba ~
# pkg version | grep samba
samba413-4.13.17_5 =
I configured Samba to share files:
2023-10-03 14:49:00 toor@samba ~
# cat /usr/local/etc/smb4.conf
[global]
local master = Yes
netbios name = SAMBA
ntlm auth = ntlmv1-permitted
passdb backend = tdbsam
preferred master = Yes
security = USER
server string = Samba Server Version %v
wins support = Yes
workgroup = WORKGROUP
<redacted>
[dpchrist]
force user = dpchrist
path = /var/local/samba/dpchrist
read only = No
valid users = dpchrist
<redacted>
I validate the configuration file with testparm(1):
2023-10-03 13:37:31 toor@samba ~
# testparm
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
ntlm auth = ntlmv1-permitted
preferred master = Yes
security = USER
server string = Samba Server Version %v
wins support = Yes
idmap config * : backend = tdb
<redacted>
[dpchrist]
force user = dpchrist
path = /var/local/samba/dpchrist
read only = No
valid users = dpchrist
<redacted>
I created a Samba user account:
root@samba:~ # pdbedit -a dpchrist
new password:
retype new password:
Whenever I change anything related to Samba on the server, I reboot and
verify before I attempt to connect from a client.
On Debian clients:
2023-10-03 12:44:39 root@taz ~
# cat /etc/debian_version ; uname -a
11.7
Linux taz 5.10.0-25-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64
GNU/Linux
I installed the Samba client file sharing package:
2023-10-03 12:55:06 root@taz ~
# dpkg-query -W cifs-utils
cifs-utils 2:6.11-3.1+deb11u1
I created a mount point for the incoming share:
2023-10-03 12:58:13 root@taz ~
# ls -ld /samba/dpchrist
drwxr-xr-x 2 dpchrist dpchrist 0 Jun 18 14:31 /samba/dpchrist
I created an /etc/fstab entry for the incoming share:
2023-10-03 12:59:41 root@taz ~
# grep samba\/dpchrist /etc/fstab
//samba/dpchrist /samba/dpchrist cifs
noauto,vers=3.0,user,username=dpchrist 0 0
I mount the incoming share manually:
2023-10-03 13:01:07 dpchrist@taz ~
$ mount /samba/dpchrist
Password for dpchrist@//samba/dpchrist:
2023-10-03 13:01:46 dpchrist@taz ~
$ mount | grep samba\/dpchrist
//samba/dpchrist on /samba/dpchrist type cifs
(rw,nosuid,nodev,relatime,vers=3.0,cache=strict,username=dpchrist,uid=12345,forceuid,gid=12345,forcegid,addr=192.168.5.24,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user=dpchrist)
Note that there is a maddening issue with Samba on Unix clients -- the
Unix execute bits vs. MS-DOS System, Hidden, and Archive bits:
https://unix.stackexchange.com/questions/103415/why-are-files-in-a-smbfs-mounted-share-created-with-executable-bit-set
On Windows 7 clients, I needed to change a Registry entry to allow
Windows to use deprecated file sharing security:
Start
-> Command Prompt
-> Run as administrator
-> C:\Windows\system32>secpol.msc
Security Settings
-> Local Policies
-> Security Options
-> Network Security: LAN Manager authentication level
-> Send LM & NTLM - use NTLMv2 session security if negotiated
Note that there is an issue with Samba on Windows 7 clients -- Windows
Explorer -> Network does not find or list the Samba server. The
work-around is to enter a UNC path in the Windows Explorer address box
(either IP address, or host name if I have configured such on the DHCP
server):
\\192.168.1.23\dpchrist
On Windows 7/ Cygwin clients, I map a drive letter to the connected
Samba share. The execute bits issue is present.
On macOS clients, there are issues with finding and listing the Samba
server and with execute bits. The work-around for the former is to
enter a URL into Finder -> Go -> Connect to Server:
smb://192.168.1.23/dpchrist
See also:
https://www.samba.org/
https://lists.samba.org/
Comments and suggestions for any of the above are welcome.
HTH,
David
