[6.11] No more "private" SMB access possible from different devices (Windows, Android, Printer)

Start by going through this thread very carefully:

     https://forums.unraid.net/topic/128875-smb-private-readwrite-working-just-cant-paste-folders-only-files       

 

 

Make sure that you have read the first post (and the PDF file) in this thread about windows issues:

       

        https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

 

Edited October 2, 2022 by Frank1940

I don't understand what I should change exactly.

When I open the console and open /mnt/user I see my shares.

Most of them have User "nobody" and group "users".

One share has my User as Users and group "Users", too.

I created a "play-share" : 

drwxrwxrwx  1 nobody                    users     6 Oct  2 21:49 TestSMB/

 

I still have no access to that share when I set it to "secure".

Do I have to change user or group on the sharedirectory to get access?

 

Next test :

I added 

force create mode = 0666
force directory mode = 0777

to Settings -> SMB -> SMB Extra configuration

 

Then I added another share and set it to "secure" and my User to "read/write".

Still no access. Neither with Windows, nor with Android...

 

Next test :

Deactivated "Netbios" in SMB-Settings. Didn't changed anything...

Edited October 2, 2022 by D.Romeleitis

One step in the right direction.

I created a new user "test" with password "Test".

Then changed SMB Security to "Private" and gave the User "test" Read/Write access.

Now I have access and can read &write, when I use this user & password.

My normal User is my email address with @-Char and .-Char.

The password has characters, numbers and a "."

This seems to be a problem for Unraid 6.11 with SMB2.

The combination never was a problem before... Can I change anything so that my normal user & password will work again?

OK, Windows and Android are now running with the workaround of the new user & password.

Does anybody know how to get my printer (EPSON WorkForce Pro WF-4745) working?

There is no "use SMB2" option. Can't find in the specs if it is only supporting SMB1. But I can't imagine. It's not a cheap or an old printer...

Try putting this line into smb-extra.conf

 

      https://forums.unraid.net/topic/127863-where-is-the-smb-log/#comment-1167231

 

I already have min protocol = SMB2 in the settings... 

If you read what it says, there is a difference in behavior between

 

'min protocol = SMBv2_02'

            and

'min protocol = SMB2'

 

(The parameter 'SMB2' -- or there is no 'min protocol' parameter specified--- actually means that only SMBv2.10 and above is supported! IF you want to use an older protocol than SMBv2.10, you must actually specify that one.)

 

EDIT:  No guarantee that 2.02 will work but it is probably the last possibility...

 

EDIT2:  I just looked up the EPSON WorkForce Pro WF-4745 and it a relatively new printer (~2018).  I thought it might be one from prior to 2010.  Not sure what the problem is.  And what does Unraid have to do with this printer?  Unraid does not have provision for mounting any printers...

Edited October 2, 2022 by Frank1940

I will try 2.02 tomorrow. 

With the printer I scan directly from the printer to a Unraid SMB share (without PC) 

Add this to "Settings/SMB/SMB Extras/Samba extra configuration"

 

ntlm auth = Yes

 

Please report back if this solves connectivity issues.

14 hours ago, limetech said:

Add this to "Settings/SMB/SMB Extras/Samba extra configuration"

 

ntlm auth = Yes

 

Please report back if this solves connectivity issues.

I tried this NTML and the above SMB version setup.  I tried each by themselves, and together, nothing made any difference... my user with an @ sign don't work, I still get prompted to log in by windows whne accessing share.  If I type in my user without na @ in the username, it works, even if I type the @ user/pass out it does not work.  This is how I'm supposed to enter those right?+

 

1 hour ago, onyxdrew said:

I tried this NTML and the above SMB version setup.  I tried each by themselves, and together, nothing made any difference... my user with an @ sign don't work, I still get prompted to log in by windows whne accessing share.  If I type in my user without na @ in the username, it works, even if I type the @ user/pass out it does not work.  This is how I'm supposed to enter those right?+

 

 

Change

#ntlm_auth = Yes

to

ntlm_auth = Yes

 

The # character means it's a comment.

 

What do you mean by "my user with an @ sign"?

The problem with permitting access to shares occurs when your username is your email address. With Windows you normally login with your (Microsoft) email address. Since 6.11 this is a problem. 

8 minutes ago, D.Romeleitis said:

The problem with permitting access to shares occurs when your username is your email address. With Windows you normally login with your (Microsoft) email address. Since 6.11 this is a problem. 

Please elaborate.

You can use a (Microsoft) Email address as account to login to Windows. When you created the same user and password in Unraid you were able to connect to shares without any other information. With 6.10 the usage of e.g. [email protected] was possible. With 6.11 you get an invalid user/password error. A workaround is to create a new user e.g. user1. Now you have to mount these shares with different credentials (user1 and password of user1). 

17 minutes ago, D.Romeleitis said:

With 6.11 you get an invalid user/password error.

This is reported by windows when trying to connect?

 

In Unraid OS 6.10 (and all Unraid OS releases I think) it's not possible to set a user name of the form "[email protected]".

Yes, message is from Windows. 

 

It was possible to user emailadress users with some tricks:

https://cyanlabs.net/docs/tips/windows/use-microsoft-accounts-with-samba-unraid/

 

Same topic here:

 

Edited October 5, 2022 by D.Romeleitis

A valid user name for Unraid consists of lowercase letters a-z, digits 0-9, underscore(s) and dash(es).

 

An email address as user name is invalid.

 

44 minutes ago, D.Romeleitis said:

It was possible to user emailadress users with some tricks:

https://cyanlabs.net/docs/tips/windows/use-microsoft-accounts-with-samba-unraid/

This was a work around in the past, but it looks like Samba may no longer support "username map =".  I suspect it may be a security issue.  A Google search shows some posts about security.