pyro.699 Posted December 26, 2016 Share Posted December 26, 2016 I have spent 2 days googling and searching around the forums and am ready to ask for some help regarding this issue. I recently upgraded my server from 6.1.9 to 6.2.4 and after that, the samba shares have not worked at all - I have read a few other articles from members here in the release thread with a similar problem but any solution proposed there didn't seem to work. Starting here I followed through and was linked to this article which also linked to a feature request which i believe was implemented in 6.2.4. All of which provided great information for potential debugging avenues. I connect to my host through a combination of windows and linux computers, for the sake of simplicity I have only configured the SMB shares and when using a linux guest, will mount the share through a cifs share. Throughout me trying to get this working I have tried to setup a NFS Share - but was unable to get that working correctly either. smbclient -L 127.0.0.1 -N -d 10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 Processing section "[global]" doing parameter include = /etc/samba/smb-names.conf doing parameter netbios name = Charmander doing parameter server string = Media server doing parameter hide dot files = no doing parameter security = USER doing parameter workgroup = WORKGROUP doing parameter local master = yes doing parameter map to guest = Bad User doing parameter passdb backend = smbpasswd doing parameter encrypt passwords = Yes doing parameter null passwords = Yes WARNING: The "null passwords" option is deprecated doing parameter map archive = No doing parameter map hidden = No doing parameter map system = No doing parameter map readonly = Yes doing parameter create mask = 0777 doing parameter directory mask = 0777 doing parameter log level = 0 doing parameter syslog = 0 WARNING: The "syslog" option is deprecated doing parameter syslog only = Yes WARNING: The "syslog only" option is deprecated doing parameter show add printer wizard = No doing parameter disable spoolss = Yes doing parameter load printers = No doing parameter printing = bsd doing parameter printcap name = /dev/null doing parameter invalid users = root doing parameter unix extensions = No doing parameter wide links = Yes doing parameter use sendfile = Yes doing parameter aio read size = 4096 doing parameter aio write size = 4096 doing parameter acl allow execute always = Yes doing parameter include = /boot/config/smb-extra.conf Processing section "[global]" doing parameter interfaces = lo eth0 eth1 doing parameter preferred master = yes doing parameter domain master = yes doing parameter os level = 255 doing parameter include = /etc/samba/smb-shares.conf pm_process() returned Yes lp_servicenumber: couldn't find homes added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 add_interface: not adding duplicate interface 127.0.0.1 added interface eth0 ip=192.168.2.40 bcast=192.168.2.255 netmask=255.255.255.0 added interface eth1 ip=192.168.2.41 bcast=192.168.2.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="CHARMANDER" Client started (version 4.4.5). Connecting to 127.0.0.1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 2626560 SO_RCVBUF = 1061296 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 session request ok protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED /usr/bin/nmblookup -M -- - 2>/dev/null | /usr/bin/grep -Pom1 '^\S+' 192.168.2.41 Samba extra configuration: [global] interfaces = lo eth0 eth1 preferred master = yes domain master = yes os level = 255 Workgroup Settings Workgroup: WORKGROUP Local Master: Yes df -h /mnt/disk* Filesystem Size Used Avail Use% Mounted on /dev/md1 1.9T 1.4T 442G 77% /mnt/disk1 /dev/md2 1.9T 1.4T 473G 75% /mnt/disk2 /dev/md3 932G 413G 519G 45% /mnt/disk3 /dev/md4 932G 15G 917G 2% /mnt/disk4 /dev/md5 1.9T 951G 912G 52% /mnt/disk5 /dev/md6 932G 33M 932G 1% /mnt/disk6 ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.40 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:04:4b:15:99:ae txqueuelen 1000 (Ethernet) RX packets 7056107 bytes 2903118903 (2.7 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5441547 bytes 3713613254 (3.4 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.2.41 netmask 255.255.255.0 broadcast 0.0.0.0 ether 00:04:4b:15:99:ac txqueuelen 1000 (Ethernet) RX packets 126303 bytes 39111094 (37.2 MiB) RX errors 0 dropped 57373 overruns 0 frame 0 TX packets 98 bytes 7782 (7.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ham0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1200 inet 25.*.*.* netmask 255.0.0.0 broadcast 25.255.255.255 ether *:*:*:*:*:* txqueuelen 1000 (Ethernet) RX packets 33980 bytes 4311879 (4.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 24201 bytes 4310850 (4.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.255.255.255 loop txqueuelen 1 (Local Loopback) RX packets 31791 bytes 4319233 (4.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 31791 bytes 4319233 (4.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ip route default via 192.168.2.1 dev eth0 25.0.0.0/8 dev ham0 proto kernel scope link src 25.*.*.* 127.0.0.0/8 dev lo scope link 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.40 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.41 Things I have tried: Using a bridge and a bonded bridge instead of having eth0 and eth1 separate. Different permutations of entries listed in the "Samba extra configuration" including an empty file and having "allow hosts = 0.0.0.0/24" Connecting to it from various ips, including the one located at ham0 Rebooting the host in the hopes of it "magically" fixing itself Yelling at it Any help would be greatly appreciated. I do not currently have physical access to the hardware, but am able to ssh into it from my current location. Happy Holidays -Cody Quote Link to comment
Frank1940 Posted December 26, 2016 Share Posted December 26, 2016 Did you find this thread? http://lime-technology.com/forum/index.php?topic=54910.0 Did you install the 'Local Master' plugin? You can find it in the first post in this thread http://lime-technology.com/forum/index.php?topic=36543 Have tried reboot the clients? Have you checked to see what your clients 'think' is the Local MAster? (You will have to google for this one.) Are all the clients affected or is only certain ones? Be sure that you understand the Windows ignores Capitalization of many names and Linux/Unix honors it. (and I have no idea how Samba resolves this issue!) For that reason, it is recommended that the Workgroup name be in all caps on all computers! By the way, you have my sympathy! Troubleshooting Samba issues locally is a headache (as Samba solutions are often like witchcraft) but doing it remotely is not something that I would want to tackle. Quote Link to comment
Andrewch Posted December 26, 2016 Share Posted December 26, 2016 All great suggestions above. I've been through days of troubleshooting Samba issues between various devices. In the end what resolved all my issues was a fully wired network. Not ideal and not possible for everyone but it sorted out my headache. My witchcraft was not up to scratch. Quote Link to comment
pyro.699 Posted December 27, 2016 Author Share Posted December 27, 2016 Thank you for the replies. As I mentioned in the original post, the issues can be reproduced on the host trying to use the smbclient. They are not specific to a windows client trying to access it. Local Master is something that has been included as part of 6.2.4 as a direct configurable option. To address other concerns in your posts. * Yes I have rebooted both clients and hosts. * All clients are effected, not just the host or one particular client * Capitalization doesn't play a roll when using direct ip addresses * The entire network is wired and none of it is wireless I am open to all other solutions and suggestions Quote Link to comment
Frank1940 Posted December 27, 2016 Share Posted December 27, 2016 Thank you for the replies. As I mentioned in the original post, the issues can be reproduced on the host trying to use the smbclient. They are not specific to a windows client trying to access it. Local Master is something that has been included as part of 6.2.4 as a direct configurable option. To address other concerns in your posts. * Yes I have rebooted both clients and hosts. * All clients are effected, not just the host or one particular client * Capitalization doesn't play a roll when using direct ip addresses * The entire network is wired and none of it is wireless I am open to all other solutions and suggestions Unfortunately, static IP addresses does NOT address the capitalization problem! And each computer must have a IP address before it even broadcasts that it is looking for a Samba network. Each computer will join only to the workgroup to which it is assigned with the proper workgroup name. Assigning IP addresses without having collisions can be a problem if a combination of assigning static IP Addresses and using addresses assigned using DHCP which is 'turn-on' by default in every router that I have seen in the past twenty years. If your network administrator is assigning IP addresses to computers, what is being done to assure that no device is ever connected to that network that uses DHCP to get an address. By default, every OS that I have ever heard of uses DHCP by default to get its address. It could be a case of your unRAID server and another computer/device having the same IP address but that does not seem to be the case because you seem to accessing the server from the outside world. Each computer will join only to the workgroup to which is assigned by the workgroup name. If you are coming in from the outside world, you should be coming in through a VPN and not an open port on the router. unRAID is not secured to run on the open Internet!!!! I would still suggest that you do this: Have you checked to see what your clients 'think' is the Local Master? (You will have to google for this one.) This could provide an insight into what is going on. Quote Link to comment
pyro.699 Posted December 27, 2016 Author Share Posted December 27, 2016 I am the network administrator for this particular network. I am ensuring that there are no static ip conflicts. I name each of my computers on the network after Pokemon (cause I am a cool 90's kid) and am sure that the host name is unique. I have seen the security flaws that are present in the standard unraid setup and done some work on my router to protect against that. The only IP's that are open to the outside world are 80 and 443 - and I am emhttp is not being served to port 80 but rather port 8081 and I am using nginx to server on those ports and have specified more specific rules to prevent outside issues. I am connecting to my unraid server through a VPN called hamachi (via logmein) - so port 22 is closed on my router. I will have to google how to check what my clients think that the local master is - however even from the host - trying to connect to 127.0.0.1 is providing a disconnected error - something about that feels very wrong. Quote Link to comment
Frank1940 Posted December 27, 2016 Share Posted December 27, 2016 Type diagnostics at the command prompt. That will write the diagnostics file to the Flash drive (either in the logs folder or the root of the flash drive). Attach that file to your next post. Quote Link to comment
Frank1940 Posted December 27, 2016 Share Posted December 27, 2016 Follow on: Did you read the first two posts in the release notes for version 6.2? http://lime-technology.com/forum/index.php?topic=51874.0 In the second post, there is a whole section on Network changes and issues. But read the entirety of these first two posts in any case as there might be a clue to some small 'gotcha' that you missed. It might also help if you were to post what MB and CPU you are using. (I am suspecting that you are using a server class MB with remote management features...) Quote Link to comment
pyro.699 Posted December 27, 2016 Author Share Posted December 27, 2016 I have read all of the networking changes, and unless I am missing something - it should be setup correctly. There is no special remote hardware that is setup - I have simply setup a VPN service called hamachi that I can use to simply ssh into the machine. I was unable to attach the file directly to my post as it is greater than 320kb. I have uploaded it to an external server. Diagnostics: -Removed- Motherboard: dmidecode -t 2 # dmidecode 3.0 Getting SMBIOS data from sysfs. SMBIOS 2.4 present. Handle 0x0002, DMI type 2, 8 bytes Base Board Information Manufacturer: XFX Product Name: XFX nForce 780i 3-Way SLI Version: 1 Serial Number: 1 CPU: dmidecode -t 4 # dmidecode 3.0 Getting SMBIOS data from sysfs. SMBIOS 2.4 present. Handle 0x0004, DMI type 4, 35 bytes Processor Information Socket Designation: Socket 775 Type: Central Processor Family: Other Manufacturer: Intel ID: FB 06 00 00 FF FB EB BF Signature: Type 0, Family 6, Model 15, Stepping 11 Flags: FPU (Floating-point unit on-chip) VME (Virtual mode extension) DE (Debugging extension) PSE (Page size extension) TSC (Time stamp counter) MSR (Model specific registers) PAE (Physical address extension) MCE (Machine check exception) CX8 (CMPXCHG8 instruction supported) APIC (On-chip APIC hardware supported) SEP (Fast system call) MTRR (Memory type range registers) PGE (Page global enable) MCA (Machine check architecture) CMOV (Conditional move instruction supported) PAT (Page attribute table) PSE-36 (36-bit page size extension) CLFSH (CLFLUSH instruction supported) DS (Debug store) ACPI (ACPI supported) MMX (MMX technology supported) FXSR (FXSAVE and FXSTOR instructions supported) SSE (Streaming SIMD extensions) SSE2 (Streaming SIMD extensions 2) SS (Self-snoop) HTT (Multi-threading) TM (Thermal monitor supported) PBE (Pending break enabled) Version: Intel(R) Core(TM)2 Quad CPU Voltage: 1.7 V External Clock: 267 MHz Max Speed: 200 MHz Current Speed: 2403 MHz Status: Populated, Enabled Upgrade: ZIF Socket L1 Cache Handle: 0x000A L2 Cache Handle: 0x000B L3 Cache Handle: Not Provided Serial Number: Asset Tag: Part Number: (Not really proud of the specs - Believe me I am looking to upgrade - lol) Thanks again for your help -Cody Quote Link to comment
Frank1940 Posted December 27, 2016 Share Posted December 27, 2016 I took a look at your logs and found they are full of entries like these: Dec 26 01:40:01 Charmander rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="1326" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 26 01:40:02 Charmander login[1912]: invalid password for 'root' on '/dev/pts/2' from '202.71.9.205' Dec 26 01:40:02 Charmander login[1912]: REPEATED login failures on '/dev/pts/2' from '202.71.9.205' Dec 26 01:40:03 Charmander login[1946]: invalid password for 'root' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:03 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:04 Charmander login[1977]: invalid password for 'UNKNOWN' on '/dev/pts/10' from '171.231.149.16' Dec 26 01:40:04 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:04 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' Dec 26 01:40:05 Charmander in.telnetd[2062]: connect from 202.71.9.205 (202.71.9.205) Dec 26 01:40:06 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:06 Charmander login[1946]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:06 Charmander login[1946]: REPEATED login failures on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:06 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:07 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:07 Charmander login[2067]: invalid password for 'root' on '/dev/pts/13' from '202.71.9.205' Dec 26 01:40:08 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:08 Charmander login[1947]: REPEATED login failures on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:08 Charmander in.telnetd[2076]: connect from 171.231.149.16 (171.231.149.16) Dec 26 01:40:08 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:08 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' My guess would be that you are are being hacked! Quote Link to comment
trurl Posted December 28, 2016 Share Posted December 28, 2016 I took a look at your logs and found they are full of entries like these: Dec 26 01:40:01 Charmander rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="1326" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 26 01:40:02 Charmander login[1912]: invalid password for 'root' on '/dev/pts/2' from '202.71.9.205' Dec 26 01:40:02 Charmander login[1912]: REPEATED login failures on '/dev/pts/2' from '202.71.9.205' Dec 26 01:40:03 Charmander login[1946]: invalid password for 'root' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:03 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:04 Charmander login[1977]: invalid password for 'UNKNOWN' on '/dev/pts/10' from '171.231.149.16' Dec 26 01:40:04 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:04 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' Dec 26 01:40:05 Charmander in.telnetd[2062]: connect from 202.71.9.205 (202.71.9.205) Dec 26 01:40:06 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:06 Charmander login[1946]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:06 Charmander login[1946]: REPEATED login failures on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:06 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:07 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:07 Charmander login[2067]: invalid password for 'root' on '/dev/pts/13' from '202.71.9.205' Dec 26 01:40:08 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:08 Charmander login[1947]: REPEATED login failures on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:08 Charmander in.telnetd[2076]: connect from 171.231.149.16 (171.231.149.16) Dec 26 01:40:08 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:08 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' My guess would be that you are are being hacked! bots are ubiquitous and relentless. Quote Link to comment
pyro.699 Posted December 28, 2016 Author Share Posted December 28, 2016 I took a look at your logs and found they are full of entries like these: Dec 26 01:40:01 Charmander rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="1326" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 26 01:40:02 Charmander login[1912]: invalid password for 'root' on '/dev/pts/2' from '202.71.9.205' Dec 26 01:40:02 Charmander login[1912]: REPEATED login failures on '/dev/pts/2' from '202.71.9.205' Dec 26 01:40:03 Charmander login[1946]: invalid password for 'root' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:03 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:04 Charmander login[1977]: invalid password for 'UNKNOWN' on '/dev/pts/10' from '171.231.149.16' Dec 26 01:40:04 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:04 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' Dec 26 01:40:05 Charmander in.telnetd[2062]: connect from 202.71.9.205 (202.71.9.205) Dec 26 01:40:06 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:06 Charmander login[1946]: invalid password for 'UNKNOWN' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:06 Charmander login[1946]: REPEATED login failures on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:06 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:07 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:07 Charmander login[2067]: invalid password for 'root' on '/dev/pts/13' from '202.71.9.205' Dec 26 01:40:08 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:08 Charmander login[1947]: REPEATED login failures on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:08 Charmander in.telnetd[2076]: connect from 171.231.149.16 (171.231.149.16) Dec 26 01:40:08 Charmander sshd[1993]: Failed password for root from 218.65.30.134 port 14907 ssh2 Dec 26 01:40:08 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' My guess would be that you are are being hacked! They are trying, thats obvious. On the other hand I'm not sure how this cold relate to samba disconnecting me. I will deal with the security issues asap, but failed attempts like this shouldn't be preventing access from localhost. Quote Link to comment
JonathanM Posted December 28, 2016 Share Posted December 28, 2016 They are trying, thats obvious. On the other hand I'm not sure how this cold relate to samba disconnecting me. I will deal with the security issues asap, but failed attempts like this shouldn't be preventing access from localhost. Can you be positive they all failed? Quote Link to comment
Frank1940 Posted December 28, 2016 Share Posted December 28, 2016 Plus the number of attempts and with your hardware, you could be experiencing the equivalent of a DOS attack. Furthermore, no one is has the time to wade through more than 6MB of syslogs for you!!! Quote Link to comment
pyro.699 Posted December 30, 2016 Author Share Posted December 30, 2016 Plus the number of attempts and with your hardware, you could be experiencing the equivalent of a DOS attack. Furthermore, no one is has the time to wade through more than 6MB of syslogs for you!!! I appreciate you pointing out the security issue. I have gone ahead and patched that all up, restarted the server, reran a bunch of the commands above to try and connect to the samba share from both the host itself and clients - all with the same outcome. I went ahead and reran the diagnostics file and am uploading it here. Thanks again for looking. charmander-diagnostics-20161230-1159.zip Quote Link to comment
Frank1940 Posted December 31, 2016 Share Posted December 31, 2016 Go into that Diagnostics File to the system folder and look at the ifconfig.txt file. Look at the eth0 receive packets bytes received. All of this traffic occurred in a period of three minutes. Do you have an explanation for that. Are the data disks receiving this information (Are they staying spun up even if you try to spin them down)? I also found this in the syslog: Dec 30 11:55:45 Charmander avahi-daemon[10444]: Joining mDNS multicast group on interface ham0.IPv4 with address 25.6.239.12. Dec 30 11:55:45 Charmander avahi-daemon[10444]: New relevant interface ham0.IPv4 for mDNS. Dec 30 11:55:45 Charmander avahi-daemon[10444]: Registering new address record for 25.6.239.12 on ham0.IPv4. A search indicates that this address is assigned to the United Kingdom - UK Ministry of Defence. There is a whole lot more lines in your go file than is found in the normal go file. Is this something that you placed there? Is this server still directly on the Internet? While I am no security expert, there is general consensus (confirmed by LimeTech) that unRAID servers should not be directly exposed to the Internet. If you have to conect to a server from the WAN, the preferred method is to use a VPN. Quote Link to comment
pyro.699 Posted December 31, 2016 Author Share Posted December 31, 2016 I have placed a bunch of information in my go file. Copying over new ssh configs, starting up hamachi (the vpn tunneling system), copying over the timezone information, setting up pip so i can have python modules available for cron scripts. I also touch /etc/nologin to prevent anyone other than root logging in. the sshd_config file has password authentication now turned off. I also have a lot of new lines with comments explaining each section to myself. the 25.0.0.0/24 space is reserved for the ham0 interface. That is the ip address that is assigned to this particular. root@Charmander:/var/log# hamachi version : 2.0.1.13 pid : 10717 status : logged in client id : 196-***-*** address : 25.6.239.12 nickname : Charmander lmi account: ********@gmail.com The only ports that are exposed to the open internet is 80 and 443 - all others are closed. emhttp does not connect to port 80 - but rather port 8081. I have used nginx running in a docker container to expose a site that is designed to be on the open internet. Everything else that is related to unraid is inaccessible outside the Hamachi VPN and internal network. If you would like to see my nginx configs that are part of the docker container, i can share those as well. Samba runs on ports 137-139 / 445 - connecting to it through the host 127.0.0.1 should not pose any problems. To address your concern about the large volume of traffic in 3 minutes - I am going to assume that is my docker container for deluge seeding some of my recent downloads. I can start to disable some of these services if you think they are causing a problem with my ability to connect via smbclient, I am just having a difficult time picturing exactly what would be interfering. Thanks again Frank! Quote Link to comment
bonienl Posted December 31, 2016 Share Posted December 31, 2016 You have both telnet and ssh opened for the outside world. I would start closing that first. Quote Link to comment
Frank1940 Posted December 31, 2016 Share Posted December 31, 2016 Let's try some things: First, from the command prompt, type: ping 8.8.8.8 Second, from a Windows computer, open a Command Prompt window. Then type: ping 192.168.2.40 and ping 192.168.2.41 If you don't get the proper response, post back with the error message (if any). If these tests are successful, then let's move on to try this. Open up Windows Explorer and in the address bar enter first: \\192.168.2.40 (Press<Enter>) and then try: \\192.168.2.41 What did you get? Report back any error messages. Quote Link to comment
pyro.699 Posted December 31, 2016 Author Share Posted December 31, 2016 Let's try some things: First, from the command prompt, type: ping 8.8.8.8 Second, from a Windows computer, open a Command Prompt window. Then type: ping 192.168.2.40 and ping 192.168.2.41 If you don't get the proper response, post back with the error message (if any). If these tests are successful, then let's move on to try this. Open up Windows Explorer and in the address bar enter first: \\192.168.2.40 (Press<Enter>) and then try: \\192.168.2.41 What did you get? Report back any error messages. I do not currently have access to any windows computers. Only OSx and Linux. I am still on vacation and only have access to these computers remotely. I will be home on Tuesday if debugging from windows is that important. Luxray is a linux box that is used as a media computer to play the files. (Yes, i name all my computers after Pokmeon ) ping 8.8.8.8 PING 8.8.8.8 (8.8.8. 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=21.1 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=19.1 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=27.0 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 19.129/22.451/27.085/3.380 ms ping 192.168.2.40 PING 192.168.2.40 (192.168.2.40) 56(84) bytes of data. 64 bytes from 192.168.2.40: icmp_seq=1 ttl=64 time=0.118 ms 64 bytes from 192.168.2.40: icmp_seq=2 ttl=64 time=0.149 ms ^C --- 192.168.2.40 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.118/0.133/0.149/0.019 ms ping 192.168.2.41 PING 192.168.2.41 (192.168.2.41) 56(84) bytes of data. 64 bytes from 192.168.2.41: icmp_seq=1 ttl=64 time=0.574 ms 64 bytes from 192.168.2.41: icmp_seq=2 ttl=64 time=0.266 ms ^C --- 192.168.2.41 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.266/0.420/0.574/0.154 ms ifconfig - run on a computer other than the unraid server. docker0 Link encap:Ethernet HWaddr 02:42:bc:53:7b:20 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth1 Link encap:Ethernet HWaddr d4:3d:7e:9a:3d:e8 inet addr:192.168.2.50 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fd00:bc4d:fbdc:5c42:851c:c177:4879:86ac/64 Scope:Global inet6 addr: 2607:fea8:be60:413:c61:26d9:6a55:7956/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:acfd:f5c3:8bc2:a43b/64 Scope:Global inet6 addr: 2607:fea8:be60:413:55e6:da67:cd4b:2612/64 Scope:Global inet6 addr: 2607:fea8:be60:413:acfd:f5c3:8bc2:a43b/64 Scope:Global inet6 addr: 2607:fea8:be60:413:851c:c177:4879:86ac/64 Scope:Global inet6 addr: 2607:fea8:be60:413:38a3:db8b:a2b:bcc3/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:55e6:da67:cd4b:2612/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:38a3:db8b:a2b:bcc3/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:70be:e856:e9c9:5825/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:c61:26d9:6a55:7956/64 Scope:Global inet6 addr: 2607:fea8:be60:413:d63d:7eff:fe9a:3de8/64 Scope:Global inet6 addr: fe80::d63d:7eff:fe9a:3de8/64 Scope:Link inet6 addr: fd00:bc4d:fbdc:5c42:41d4:882d:24ff:d0a3/64 Scope:Global inet6 addr: 2607:fea8:be60:413::3/128 Scope:Global inet6 addr: 2607:fea8:be60:413:70be:e856:e9c9:5825/64 Scope:Global inet6 addr: 2607:fea8:be60:413:41d4:882d:24ff:d0a3/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:d63d:7eff:fe9a:3de8/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28480648 errors:0 dropped:0 overruns:0 frame:0 TX packets:6349823 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:36488804599 (36.4 GB) TX bytes:2221799475 (2.2 GB) Interrupt:20 Memory:f7f00000-f7f20000 ham0 Link encap:Ethernet HWaddr 7a:79:19:49:b1:0e inet addr:25.73.177.14 Bcast:25.255.255.255 Mask:255.0.0.0 inet6 addr: 2620:9b::1949:b10e/96 Scope:Global inet6 addr: fe80::7879:19ff:fe49:b10e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1404 Metric:1 RX packets:441195 errors:0 dropped:0 overruns:0 frame:0 TX packets:355253 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:209186271 (209.1 MB) TX bytes:139962909 (139.9 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:2173383 errors:0 dropped:0 overruns:0 frame:0 TX packets:2173383 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:322483380 (322.4 MB) TX bytes:322483380 (322.4 MB) You have both telnet and ssh opened for the outside world. I would start closing that first. I am not sure where you are getting telnet and ssh opened to the outside world. My router explicitly blocks all ports but 443 and 80 (or rather the only ports being forwarded are). Finally, i was able to have a work around to get access to the files. I changed my /etc/fstab mounting lines from: //192.168.2.40/Backup /mnt/charmander cifs username=media,iocharset=utf8,file_mode=0644,dir_mode=0644,noperm,nofail 0 0 to [email protected]:/mnt/user/Backup /mnt/charmander fuse.sshfs _netdev,user,idmap=user,transform_symlinks,identityfile=/root/.ssh/id_rsa,allow_other,default_permissions,uid=1000,gid=1000,umask=0 0 0 Yes i understand the second option is a huge security issue, but is only temporary until i can actually get samba working. The fact that i can get sshfs to actually mount and be successful - should remove concerns about a connectivity issue on the network. Quote Link to comment
bonienl Posted December 31, 2016 Share Posted December 31, 2016 You have both telnet and ssh opened for the outside world. I would start closing that first. I am not sure where you are getting telnet and ssh opened to the outside world. My router explicitly blocks all ports but 443 and 80 (or rather the only ports being forwarded are). Your syslog shows Dec 26 01:40:03 Charmander login[1946]: invalid password for 'root' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:03 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:04 Charmander login[1977]: invalid password for 'UNKNOWN' on '/dev/pts/10' from '171.231.149.16' Dec 26 01:40:04 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:04 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' These are login attemps from outside. Don't think this is you, unless you are able to travel between Slovakia and Taiwan in 0 seconds Quote Link to comment
pyro.699 Posted December 31, 2016 Author Share Posted December 31, 2016 You have both telnet and ssh opened for the outside world. I would start closing that first. I am not sure where you are getting telnet and ssh opened to the outside world. My router explicitly blocks all ports but 443 and 80 (or rather the only ports being forwarded are). Your syslog shows Dec 26 01:40:03 Charmander login[1946]: invalid password for 'root' on '/dev/pts/0' from '92.62.242.130.fibermax.bg' Dec 26 01:40:03 Charmander login[1982]: invalid password for 'UNKNOWN' on '/dev/pts/12' from '220-133-241-171.HINET-IP.hinet.net' Dec 26 01:40:04 Charmander login[1977]: invalid password for 'UNKNOWN' on '/dev/pts/10' from '171.231.149.16' Dec 26 01:40:04 Charmander login[1947]: invalid password for 'UNKNOWN' on '/dev/pts/11' from 'bband-dyn244.178-41-156.t-com.sk' Dec 26 01:40:04 Charmander login[1967]: invalid password for 'root' on '/dev/pts/1' from '27-105-153-76-adsl-TXG.dynamic.so-net.net.tw' These are login attemps from outside. Don't think this is you, unless you are able to travel between Slovakia and Taiwan in 0 seconds Ya never know But yes, those logs were from the 26th - I have since patched that up and removed the "openness" to the world wide web. Now it is just port 80 and 443 that are open. You are looking at an older diagnostics report There should be a new one attached to one of the posts that is much smaller. Thanks for looking though! Quote Link to comment
saarg Posted December 31, 2016 Share Posted December 31, 2016 Let's try some things: First, from the command prompt, type: ping 8.8.8.8 Second, from a Windows computer, open a Command Prompt window. Then type: ping 192.168.2.40 and ping 192.168.2.41 If you don't get the proper response, post back with the error message (if any). If these tests are successful, then let's move on to try this. Open up Windows Explorer and in the address bar enter first: \\192.168.2.40 (Press<Enter>) and then try: \\192.168.2.41 What did you get? Report back any error messages. I do not currently have access to any windows computers. Only OSx and Linux. I am still on vacation and only have access to these computers remotely. I will be home on Tuesday if debugging from windows is that important. Luxray is a linux box that is used as a media computer to play the files. (Yes, i name all my computers after Pokmeon ) ping 8.8.8.8 PING 8.8.8.8 (8.8.8. 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=21.1 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=19.1 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=27.0 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 19.129/22.451/27.085/3.380 ms ping 192.168.2.40 PING 192.168.2.40 (192.168.2.40) 56(84) bytes of data. 64 bytes from 192.168.2.40: icmp_seq=1 ttl=64 time=0.118 ms 64 bytes from 192.168.2.40: icmp_seq=2 ttl=64 time=0.149 ms ^C --- 192.168.2.40 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.118/0.133/0.149/0.019 ms ping 192.168.2.41 PING 192.168.2.41 (192.168.2.41) 56(84) bytes of data. 64 bytes from 192.168.2.41: icmp_seq=1 ttl=64 time=0.574 ms 64 bytes from 192.168.2.41: icmp_seq=2 ttl=64 time=0.266 ms ^C --- 192.168.2.41 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.266/0.420/0.574/0.154 ms ifconfig docker0 Link encap:Ethernet HWaddr 02:42:bc:53:7b:20 inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) eth1 Link encap:Ethernet HWaddr d4:3d:7e:9a:3d:e8 inet addr:192.168.2.50 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fd00:bc4d:fbdc:5c42:851c:c177:4879:86ac/64 Scope:Global inet6 addr: 2607:fea8:be60:413:c61:26d9:6a55:7956/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:acfd:f5c3:8bc2:a43b/64 Scope:Global inet6 addr: 2607:fea8:be60:413:55e6:da67:cd4b:2612/64 Scope:Global inet6 addr: 2607:fea8:be60:413:acfd:f5c3:8bc2:a43b/64 Scope:Global inet6 addr: 2607:fea8:be60:413:851c:c177:4879:86ac/64 Scope:Global inet6 addr: 2607:fea8:be60:413:38a3:db8b:a2b:bcc3/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:55e6:da67:cd4b:2612/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:38a3:db8b:a2b:bcc3/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:70be:e856:e9c9:5825/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:c61:26d9:6a55:7956/64 Scope:Global inet6 addr: 2607:fea8:be60:413:d63d:7eff:fe9a:3de8/64 Scope:Global inet6 addr: fe80::d63d:7eff:fe9a:3de8/64 Scope:Link inet6 addr: fd00:bc4d:fbdc:5c42:41d4:882d:24ff:d0a3/64 Scope:Global inet6 addr: 2607:fea8:be60:413::3/128 Scope:Global inet6 addr: 2607:fea8:be60:413:70be:e856:e9c9:5825/64 Scope:Global inet6 addr: 2607:fea8:be60:413:41d4:882d:24ff:d0a3/64 Scope:Global inet6 addr: fd00:bc4d:fbdc:5c42:d63d:7eff:fe9a:3de8/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:28480648 errors:0 dropped:0 overruns:0 frame:0 TX packets:6349823 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:36488804599 (36.4 GB) TX bytes:2221799475 (2.2 GB) Interrupt:20 Memory:f7f00000-f7f20000 ham0 Link encap:Ethernet HWaddr 7a:79:19:49:b1:0e inet addr:25.73.177.14 Bcast:25.255.255.255 Mask:255.0.0.0 inet6 addr: 2620:9b::1949:b10e/96 Scope:Global inet6 addr: fe80::7879:19ff:fe49:b10e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1404 Metric:1 RX packets:441195 errors:0 dropped:0 overruns:0 frame:0 TX packets:355253 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:209186271 (209.1 MB) TX bytes:139962909 (139.9 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:2173383 errors:0 dropped:0 overruns:0 frame:0 TX packets:2173383 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:322483380 (322.4 MB) TX bytes:322483380 (322.4 MB) You have both telnet and ssh opened for the outside world. I would start closing that first. I am not sure where you are getting telnet and ssh opened to the outside world. My router explicitly blocks all ports but 443 and 80 (or rather the only ports being forwarded are). Finally, i was able to have a work around to get access to the files. I changed my /etc/fstab mounting lines from: //192.168.2.40/Backup /mnt/charmander cifs username=media,iocharset=utf8,file_mode=0644,dir_mode=0644,noperm,nofail 0 0 to [email protected]:/mnt/user/Backup /mnt/charmander fuse.sshfs _netdev,user,idmap=user,transform_symlinks,identityfile=/root/.ssh/id_rsa,allow_other,default_permissions,uid=1000,gid=1000,umask=0 0 0 Yes i understand the second option is a huge security issue, but is only temporary until i can actually get samba working. The fact that i can get sshfs to actually mount and be successful - should remove concerns about a connectivity issue on the network. Is that ifconfig from your unraid server? If it is, how come you have IPv6? Quote Link to comment
pyro.699 Posted January 2, 2017 Author Share Posted January 2, 2017 Is that ifconfig from your unraid server? If it is, how come you have IPv6? No, it is the address of the computer I used to ping the unraid server. Ill modify my post to make that more clear. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.