I don't know if it's related, it probably isn't, but I'll mention it
just in case.. I noticed a regression in smbclient and I'm wondering if
that's affecting gvfs as well.
After setting up an open share (RW access to everyone, no password) on
the Windows 10 box, I can access it with Ubuntu 16.04 (samba 4.3.11):
$ smbclient -L 192.168.0.104 -N
WARNING: The "syslog" option is deprecated
OS=[Windows 10 Home 17134] Server=[Windows 10 Home 6.3]
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
MySharedFolder Disk
print$ Disk Printer Drivers
Users Disk
Connection to 192.168.0.104 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available
I get that successful result also if I set the min protocol to NT1, SMB2
or SMB3 using the -m argument.
But if I try to access it in Ubuntu 18.04 (samba 4.7.6), I get an
ACCESS_DENIED error:
$ smbclient -L 192.168.0.104 -N
WARNING: The "syslog" option is deprecated
session setup failed: NT_STATUS_ACCESS_DENIED
Specifying the protocol to SMB2 or SMB3 doesn't change anything:
$ smbclient -L 192.168.0.104 -N -m SMB2
WARNING: The "syslog" option is deprecated
session setup failed: NT_STATUS_ACCESS_DENIED
Interestingly enough, changing it to NT1 doesn't solve the issue but
note how smbclient reports a successful anonymous login:
$ smbclient -L 192.168.0.104 -N -m NT1
WARNING: The "syslog" option is deprecated
Anonymous login successful
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Reconnecting with SMB1 for workgroup listing.
Connection to 192.168.0.104 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Failed to connect with SMB1 -- no workgroup available
And finally, what solves the issue is to set a username to something,
anything. In the example below I use the string "dummy", which doesn't
correspond to any username in the Windows or in the Linux box:
smbclient -L 192.168.0.104 -N -U dummy
WARNING: The "syslog" option is deprecated
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
MySharedFolder Disk
print$ Disk Printer Drivers
Users Disk
Reconnecting with SMB1 for workgroup listing.
Connection to 192.168.0.104 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Failed to connect with SMB1 -- no workgroup available
If you think this regression is specific to smbclient, please ignore
this, we can open a new bug report. The reason I mention it is that I'm
wondering if gvfs isn't failing in a similar manner.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gvfs in Ubuntu.
https://bugs.launchpad.net/bugs/1778322
Title:
gvfs-smb-browse can't browse samba/smb tree
Status in gvfs package in Ubuntu:
Triaged
Status in nautilus package in Ubuntu:
Invalid
Status in samba package in Ubuntu:
Fix Released
Status in gvfs source package in Bionic:
Triaged
Status in samba source package in Bionic:
Fix Released
Status in gvfs source package in Cosmic:
Triaged
Status in samba source package in Cosmic:
Fix Released
Bug description:
[Impact]
The so called "browsing a windows network" made use of an SMB1 protocol
version feature. Recent versions of samba, including the one released with
bionic, default to a higher versions of the protocol which lacks this feature.
As a result, the "other locations -> windows network" tab in Nautilus is empty
even when there are windows or samba machines in the network.
Accessing such machines directly, via smb://<name-or-ip>/ type urls,
continues to work.
The fix is two-fold:
- introduce a new samba API call that can be used to set the protocol version
to use
- change applications to make use of this API call to set the protocol versio
to SMB1/NT1 just for the network browsing
gvfs was updated to make use of this api call, if detected at build
time. To complete this SRU, gvfs needs a no-change rebuild *after*
samba was accepted into proposed.
[Test case]
* Launch a bionic desktop vm. You can start with a server one, and then
install the "ubuntu-desktop" package. In the same command, also install the
packages we need for this test:
$ sudo apt update
$ sudo apt install ubuntu-desktop samba smbclient
* set a password for the ubuntu user, so you can login at the graphical
console
$ sudo passwd ubuntu
* set the same password for the ubuntu samba user:
sudo smbpasswd -a ubuntu
* add a simple [pub] share to samba:
$ printf "[pub]\n\tpath=/tmp\n\tguest ok = no\n" | sudo tee -a
/etc/samba/smb.conf
* reboot
$ sudo reboot
* login at the graphical console as the ubuntu user. Go through the
first-user-setup motions as you want.
* try to browse the windows network via "other locations -> windows
network". You will get an empty folder.
* update the samba and gvfs packages
* logout and login again on the gui, browse the windows network again. This
time it will show the "WORKGROUP" folder, and if you click through, you will
see yourself (your VM) and the [pub] share, among others.
* click on the "pub" share, select registered user and login with the
ubuntu credentials you created earlier with smbpasswd.
* in another terminal, run this command to confirm that the SMB protocol
version that was used to connect to [pub] was not just NT1/SMB1, but higher:
$ sudo smbstatus
...
8779 ubuntu ubuntu 192.168.122.94 (ipv4:192.168.122.94:60818)
SMB3_11 - partial(AES-128-CMAC)
Note "SMB3_11" above.
[Regression potential]
The samba update itself just introduces and exposes a new API call. It's up
to other applications to make use of that. gvfs was patched to detect this call
at build time and use it if it's detected.
Packages that are not rebuilt will not see the change, and packages that
*are* rebuilt will only see the change if they make use of it.
[Other Info]
This update introduces a specific runtime dependency between gvfs and
libsmbclient due to the new API call added to the latter. Any package that is
rebuilt with libsmbclient and makes use of that API call will get this specific
dependency. This is handled automatically by dh_mkshlibs.
To complete this SRU, gvfs will need a no-change rebuild after samba
was accepted into proposed.
Disco's gvfs is already using the new call, as can be seen in this build log
https://launchpadlibrarian.net/415424052/buildlog_ubuntu-disco-amd64.gvfs_1.40.0-1_BUILDING.txt.gz:
...
Dependency smbclient found: YES 0.5.0
Checking for function "smbc_setOptionProtocols" with dependency smbclient: YES
The smbc_setOptionProtocols() call is only used when the url is like
"smb:///", or the server cannot be resolved. The downgrade overrides
the setting in smb.conf, and is used just for this case: browsing the
network. When connecting to a machine, the url is like
"smb://<name>/", and then this function we are adding is not called.
I updated the test to actually click on the machine that shows up in
the network browsing, and then check with "smbstatus" which version of
the protocol was used when connecting to an actual share.
---
Nautilus should show smbtree and host on the smb network.
When inputing this command:
killall gvfsd-smb-browse && GVFS_DEBUG=1 /usr/lib/gvfs/gvfsd-smb-browse
You can see the error:
smb-network: Queued new job 0x55b19a2c9f40 (GVfsJobCreateMonitor)
smb-network: send_reply(0x55b19a2c9f40), failed=1 (Action not supported by
the processing engine)
smb-network: backend_dbus_handler org.gtk.vfs.Mount:QueryFilesystemInfo
(pid=5708)
smb-network: Queued new job 0x55b19a2e7820 (GVfsJobQueryFsInfo)
smb-network: send_reply(0x55b19a2e7820), failed=0 ()
smb-network: backend_dbus_handler org.gtk.vfs.Mount:Enumerate (pid=5708)
smb-network: Queued new job 0x55b19a2c30c0 (GVfsJobEnumerate)
smb-network: send_reply(0x55b19a2c30c0), failed=0 ()
Proposed solution:
Add gvfsbackendbrowse-switch-to-NT1.patch disscused on RedHat Bugzilla
[link]https://bugzilla.redhat.com/show_bug.cgi?id=1513394
which implements "change to NT1" in gvfs-smb-browse to browse smbtree to
aviod adding "max client protocol" = NT1" to smb.conf to switch all samba to
unsafe NT1 which most users are doing to correct this bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/1778322/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
