Jump to content

  • [6.11.0] SMB passwords do not work anymore after upgrade from 6.10

    MAM59

    By MAM59

      • Closed

    yesterday I have tried to update my working 6.10 system to 6.11,

    The update seemed to work flawlessly at the beginning.

    But then more and more users rang me up, they could not access the shares anymore. Their (stored) passwords were refused.

     

    I noticed that even me, the admin, was locked out 😞

     

    All access from windows machines was denied, FreeBSD with Samba also could not mount shares anymore, just Boxes with Libreelec (Linux) still could connect to the shares.

     

    Of course I did not change a thing.

     

    Tries to reset passwords or to use public shares instead also failed miserably.

     

    At the end, I had to switch back to 6.10 and everything started to work again like before.

     

    I have no diagnostics from 6.11 ( I attach the ones from working 6.10), after 2 hours of fiddling users were about to kill me...

     

    The only errors or strangeness I have noticed:

    As soon as someone wanted to connect to an (SMB) share, the UNRAID box noted down dozens or hundreds of lines like these: 

    Sep 24 17:23:57 F nginx: 2022/09/24 17:23:57 [error] 7090#7090: *5754 limiting requests, excess: 20.514 by zone "authlimit", client: 2001:470:XXX, server: , request: "PROPFIND /login HTTP/1.1", host: "f"
Sep 24 17:23:57 F nginx: 2022/09/24 17:23:57 [error] 7090#7090: *5756 limiting requests, excess: 20.494 by zone "authlimit", client: 2001:470:XXX, server: , request: "PROPFIND /login HTTP/1.1", host: "f"

    What the hell has nginx to do with samba authentication???

     

    These errors are repeatable, just try to mount a share and they bomb your syslog

     

    More infos: the windows boxes are part of a domain (with the same name as the UNRAID workgroup), but the FreeBSD Box is not part of this domain, so the denial of the passwords may have nothing to do with domain joined or not.

     

    Maybe there is a cypher method that is not supported/included anymore in 6.11?

     

    f-diagnostics-20220925-0643.zip

    Go to reports Stable Releases

    User Feedback

    Recommended Comments



    DrQ
    4 minutes ago, JorgeB said:

    If I understood correctly one of the clients still works with v6.11?

    This is correct.  One win11 Pro connects the other claims auth error when connecting to the samba server.  I checked Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters  

    and only difference is the one that does connect has FileInfoCacheLifetime -> 0x0 and FileNotFoundCacheLifetime -> 0x0 but seems not relevant to SMB auth.  Also when on 6.11 I delete the Stored Credentials on the computer that would not connect and had no effect.  Ran a sfc /scannow to rule out bad files. Not sure what else to check on the windows settings for issues so falling back to just running 6.10

    Link to comment
    Erich

    I also have this problem. Network credentials no longer accepted after upgrading to 6.11. Once I reverted back to 6.10, everything works again. Is there a fix for this?

    Edited by Erich
    Link to comment
    systract
    3 hours ago, JorgeB said:

    If I understood correctly one of the clients still works with v6.11?

    In my case, the shares worked right after upgraded to v6.11, but failed to connect after some time.

    Link to comment
    systract
    On 9/27/2022 at 5:38 AM, D.Romeleitis said:

    Found a solution for me. My shares had as SMB Security Settings -> Security = "Private". Switched this setting to "Secure" and I have access again. Description says:

    Public All users including guests have full read/write access.

    Secure All users including guests have read access, you select which of your users have write access.

    Private No guest access at all, you select which of your users have read/write, read-only access or no access.

     

    So only a workaround, but this means there is no problem with SMB Version but how User & Passwords are handled ?!?

     

    I have Security set to "Private" as well, but unfortunately switching to "Secure" doesn't fix the problem for me.

    Edited by systract
    Link to comment
    JorgeB

    I'm trying to investigate this issue, but to me not yet clear cut it's a Samba problem, it's working correctly for most users and for example for @DrQone of two Windows 11 clients works while the other does not, so the problem might be Unraid but it also might be the non working client.

    • Upvote 1
    Link to comment
    systract
    6 hours ago, JorgeB said:

    Anyone with this issue see if this helps:

    https://forums.unraid.net/topic/128696-after-611-no-longer-can-access-smb-via-network/?do=findComment&comment=1174207

     

    I set it to "Send NTLMv2 response only" based on the instruction, then upgrade my unRaid to v6.11.0, initially the shares are working, but after a few minutes Windows  client can't connect again. Same experience as before.

     

    Below are the last lines of the log:

     

    Sep 29 09:39:14 NAS  nmbd[2675]:   
    Sep 29 09:39:14 NAS  nmbd[2675]:   Samba name server NAS is now a local master browser for workgroup WORKGROUP on subnet 172.17.0.1
    Sep 29 09:39:14 NAS  nmbd[2675]:   
    Sep 29 09:39:14 NAS  nmbd[2675]:   *****

     

     

    • Like 1
    Link to comment
    jsebright

    I can confirm that changing the policy worked for me and I am now able to access private shares.

     

    For others and my future reference (as per link above)

    run secpol.msc browse to Security Settings > Local Policies > Security Options > Network security: LAN Manager authentication level

    Mine was "Not Defined", changed it to "Send NTLMv2 response only". Worked immediately , no need to logout / reboot.

     

    Edit: I see @systract had issues after a few minutes, I will monitor to see how long this lasts for.

    Edited by jsebright
    update
    • Like 1
    Link to comment
    JorgeB
    1 hour ago, systract said:

    but after a few minutes Windows  client can't connect again.

    This part is strange, lets see how it goes for others.

    Link to comment
    Erich

    I followed the instructions about changing the security policy to "NTLMv2 response only/refuse LM and NTLM" and upgraded Unraid to 6.11. I am now able to access the Unraid server from my Windows machine. So it seems to have resolved this issue for me.

    • Like 1
    Link to comment
    DrQ
    10 hours ago, JorgeB said:

    Anyone with this issue see if this helps:

    https://forums.unraid.net/topic/128696-after-611-no-longer-can-access-smb-via-network/?do=findComment&comment=1174207

     

    Resolved my issue.  Also my win11 pro that was working was set to "Not Defined".  The one that did not work was "Send LM & NTLM - use NTLMv2 session security if negotiated"  and changing that to "Send NTLMv2 response only" allows me to connect to the private shares again.  Not sure what in the past may have set this to something other than "Not defined"  Thanks for the time and resolution to this issue.

    • Like 1
    Link to comment
    limetech

    For those still stuck, add this to "Settings/SMB/SMB Extras/Samba extra configuration"

     

    ntlm auth = Yes

     

    Please report back if this solves connectivity issues.

    Link to comment
    cynod

    Just hit this problem after upgrading my home system to 6.11.0 and rebooting my Windows machine. Confirmed that changing to "Send NTLMv2 response only" immediately fixed the issue (no reboot of unraid or Windows needed).

     

    In case it helps debugging, my Windows 11 Pro PC was set to "Send LM & NTLM - use NTLMv2 session security if negotiated" and my other Windows 10 Pro PC was "Not Defined".

     

    Neither are on AD, just home "WORKGROUP"

     

    For reference, as others above have said:

     

    start -> Run -> secpol.msc

     

    then

     

    Security Settings -> Local Policies -> Security Options -> "Network security: LAN Manager authentication level"

     

    Double click and change this and hit OK

     

    image.png.6a55ec5c3b0e5bbbadd9ae5d72af7d73.png

    Link to comment


    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Restore formatting

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Status Definitions

     

    Open = Under consideration.

     

    Solved = The issue has been resolved.

     

    Solved version = The issue has been resolved in the indicated release version.

     

    Closed = Feedback or opinion better posted on our forum for discussion. Also for reports we cannot reproduce or need more information. In this case just add a comment and we will review it again.

     

    Retest = Please retest in latest release.

    Priority Definitions

     

    Minor = Something not working correctly.

     

    Urgent = Server crash, data loss, or other showstopper.

     

    Annoyance = Doesn't affect functionality but should be fixed.

     

    Other = Announcement or other non-issue.

×
×
  • Create New...