Windows issues with unRAID


RobJ

Recommended Posts

On 7/26/2020 at 8:12 AM, DoleWhip said:

 

TL;DR: 

1. If Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons shows "Enabled" but it isn't working, continue

2. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

3. Double-click on AllowInsecureGuestAuth

4. Under "Value data:", change it from 0 to 1 

 

Describing what I did troubleshooting-wise (not that it matters, but maybe it'll help someone):

 

I updated my Windows 10 Education to version 2004 yesterday and was no longer able to access my SMB shares (was working fine before Windows update).

 

I could see them, but double-clicking on my server name in Windows Explorer under Network gave me the generic can't access error. Luckily (because it helped me google my problem) I had pinned some folders in it, and trying to access those gave me the popup pictured in that preview/thread saying:

"You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network."

 

I was confused because my group policy under: 

Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons

showed "Enabled". Toggling this back and forth and restarting my PC didn't fix anything.

 

My unRAID server SMB settings had enabled for workgroup, enable NetBIOS to yes, and enable WSD to yes. My workgroup under those SMB settings matched with my PC, I even retyped them in holding down shift to capitalize just in case. Local master was set to yes, and I also downloaded the Dynamix Local Master plugin to check for me and it verified that yes, my unRAID server was indeed the current local master. Still not working.

 

I added:

log level=2

syslog=3

to SMB Extras and saw in my syslog that my PC was trying to send my local user to access the SMB shares (which are set to public) with errors along the lines of:

FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

and that I was trying to use SMBv2

 

In the end, I found the solution in the linked thread to do this:

 

1. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

2. Double-click on AllowInsecureGuestAuth

3. Under "Value data:", change it from 0 to 1 

Can confirm doenst work on a newly fresh install Win 10 Pro

Link to comment

I too cannot get \\tower to work, nor does tower appear in 'network' under windows 10

It was working, but since a reboot of the win10 vm, it stopped. 

The tower is visible in explorer ONLY via the IP\share 

I have followed the TL:DR sticky, except i dont have that setting in regedit!

I have also enabled SMB1/CIFs in windows features.  

 

Anyone know what would cause it to work one day the stop after a reboot?

 

Link to comment
55 minutes ago, Frank1940 said:

The reboot probably installed a WIN 10 update.  

You should probably read this thread:

 

       https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

 

Thanks. 

Now you mention windows update, I do recall that happening when the vm booted back up!!
 

Oddly, after my last post, I realised that sbm1 was turned OFF within unraid, so I disabled that feature within windows anyway. 

 

\\tower, still didn't work, but accessing via IP did ( i already set up windows credentials to match that of unraid user, except I used the IP as the network name instead of Tower)

 

But since I can access via IP, I'm not too fussed that \\tower doesn't work

 

Thanks - I will have a read through the linked doc

Cheers

Link to comment
17 minutes ago, bdydrp said:

\\tower, still didn't work, but accessing via IP did

Read through this paper from MS about how SMB works and pay attention to the times involved in propagating changes through the SMB network.  It is not unusual for it to take several (very long) minutes for things to stabilize.   That is why it is suggested that your Unraid server is setup to be the Master Browser (or Local Master, if you prefer that terminology).

 

       https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc737661(v=ws.10)?redirectedfrom=MSDN

 

By default, any WIN10 computer can become the Master Browser on most Unraid setups.  Things can really get confusing if you have a number of computers being booted up in a short period of time if the Master Browser is not fixed to one server/computer. 

 

(\\tower is resolved by the Master Browser to the IP address of the server.  The IP address does not have to be resolved and thus is always available.)

  • Like 1
Link to comment
  • 2 weeks later...
On 10/30/2020 at 4:22 PM, yogy said:

After 2 hours of searching on the internet I finnaly found 2 solutions. Both worked for me in resolving my issue with unRAID shared folders mapped in Windows 10.

1. If you cannot mount SMB share to windows 10 use NFS share client in Windows. It works great.

  • enable NFS in your unRAID server
  • follow this tutorial on your Windows 10 (only Pro and Enterprise versions) computer

2. I tried and read every single tutorial here and couldn't mount SMB share in my Windows 10 computer. I finnaly realized that I have a special character "€" in my password and that caused SMB shares never worked for me. I change the password in unRAID server and Windows 10 PC and BOOOOOOOOM it worked straight away.

 

Maybe this will help others.

 

Thank you @trurl and @Frank1940 for trying to provide some help.

 

Thanks a lot @yogy, enabling NFS made it all work again.

(i enabled myServers and tweaking the DNS might have had an impact)

Link to comment
  • 2 months later...
On 7/26/2020 at 8:12 AM, DoleWhip said:

 

TL;DR: 

1. If Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons shows "Enabled" but it isn't working, continue

2. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

3. Double-click on AllowInsecureGuestAuth

4. Under "Value data:", change it from 0 to 1 

 

Describing what I did troubleshooting-wise (not that it matters, but maybe it'll help someone):

 

I updated my Windows 10 Education to version 2004 yesterday and was no longer able to access my SMB shares (was working fine before Windows update).

 

I could see them, but double-clicking on my server name in Windows Explorer under Network gave me the generic can't access error. Luckily (because it helped me google my problem) I had pinned some folders in it, and trying to access those gave me the popup pictured in that preview/thread saying:

"You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network."

 

I was confused because my group policy under: 

Computer Configuration > Administrative Templates > Network > Lanman Workstation > Enable insecure guest logons

showed "Enabled". Toggling this back and forth and restarting my PC didn't fix anything.

 

My unRAID server SMB settings had enabled for workgroup, enable NetBIOS to yes, and enable WSD to yes. My workgroup under those SMB settings matched with my PC, I even retyped them in holding down shift to capitalize just in case. Local master was set to yes, and I also downloaded the Dynamix Local Master plugin to check for me and it verified that yes, my unRAID server was indeed the current local master. Still not working.

 

I added:

log level=2

syslog=3

to SMB Extras and saw in my syslog that my PC was trying to send my local user to access the SMB shares (which are set to public) with errors along the lines of:

FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1

and that I was trying to use SMBv2

 

In the end, I found the solution in the linked thread to do this:

 

1. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

2. Double-click on AllowInsecureGuestAuth

3. Under "Value data:", change it from 0 to 1 

Tried this doesnt work. Any other tips? Tried looking for solution, they all always shows the same solution(this one) which doesnt work. Tried on fresh windows install.

 

Link to comment

Scouring various internet sources (which I unfortunately I didn't record, but generally Linux and FreeBSD sites) I managed to get Samba working consistently for multiple flavours of Windows 10 and 11 by setting auth and protocol constraints. This is my full Samba extra config - I have unassigned devices plugin installed, you can skip that section if you do not also have the plugin installed.

#unassigned_devices_start
#Unassigned devices share includes
   include = /tmp/unassigned.devices/smb-settings.conf
#unassigned_devices_end

#smb local master configuration
[global]
domain master = yes
preferred master = yes
os level = 255

ntlm auth = yes
client ntlmv2 auth = yes

#Uncomment for per-host logging
#log file = /var/log/samba/%m.log
#max log size = 10000
#log level = 4

#max SMB2 ensures Win10 can connect by preventing upgrade to unsupported SM3.x version
client min protocol = SMB2
client max protocol = SMB2

#exclude_Apple_DS_files
veto files = /._*/.DS_Store/

 

Note that adding "ntlm auth" enables NTLMv1 password authentication. This has a vulnerability and should be avoided, but it does provide a fallback if you have some device that doesnt support NTLMv2. To ensure your Windows machine is using NLTMv2, check for the existence of "LmCompatibilityLevel" under "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" . If it is present, it will force windows to use NTLMv1. You should delete this entry, then reboot, and Windows will then revert to using the default NTLMv2.  

Constraining max protocol to SMB2 prevents Unraid trying to use versions of SMB3 that Windows doesn't support very well - Windows will drop upgrade requests from SMB2 to SMB3.1.1 connections even though it announces them as being supported. 

Link to comment
  • 4 months later...
43 minutes ago, jaisegyi said:

I really think this type of documentation would be very useful but it seems overwhelming (to me) for one person starting from scratch. 

Then start by reading the PDF file in the first post of this thread:

      https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/

It provides step-by-step instructions to get SMB and Windows to work together smoothly.  

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.