Jump to content


Photo

Samba 2 / SMB 2 in OpenPLi


  • Please log in to reply
103 replies to this topic

#1 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 26 May 2017 - 09:48

Good morning,

 

Due to the latest security news I have disabled SMB 1 on my NAS. Now my boxes can't reach the NAS through CIFS anymore. I have (temporary) enabled SMB1 again, but would it be possible to disable SMB1 and still let them connect (using SMB2)? If so how can I arrange this?


Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #2 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 26 May 2017 - 11:15

You need to specify the version in the mount options, did you that?

user=username,pass=password,vers=2.1

If that doesn't work, it might be the old version in OpenPLi 4 doesn't support it yet. I've tested the current develop version, and that works fine with SMB version 2.1, so the problem will be addressed soon.

 

And most NAS systems support NFS, so you could switch to that. It will be faster than CIFS as well.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Samba 2 / SMB 2 in OpenPLi #3 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 26 May 2017 - 15:18

I am sure the NAS supports NFS (Synology DS212+ with the DSM firmware released yesterday), but If I select this the option for username and a password disappears in menu->instellingen->systeem->mountbeheer->mountpoints beheer (as there is in CIFS). So changing this from CIFS to NFS means I can no longer reach the destination as it doesn't have credentials to access the NAS (I have a seperate user on the NAS for the Mutants, so they can't reach any other directories then movie directories).


Edited by Dream1975, 26 May 2017 - 15:22.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #4 40H3X

  • Forum Moderator
    PLi® Contributor
  • 5,959 posts

+191
Excellent

Posted 26 May 2017 - 15:45

To the best of my knowledge that one is solved in yesterdays update DSM 6.1.1-15101 Update 4 (CVE-2017-7494).

 

https://www.synology...easeNote/FS3017


Edited by 40H3X, 26 May 2017 - 15:45.

Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K  - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport

---------------------------------------------------------------------------------------------------------------------------------------

Remember: Upvote with the rep_up.png button for any user/post you find to be helpful, informative, or deserving of recognition!

---------------------------------------------------------------------------------------------------------------------------------------

Many answers to your question can be found in our new and improved wiki

Note: I do not provide support via PM !.


Re: Samba 2 / SMB 2 in OpenPLi #5 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 26 May 2017 - 15:53

I have installed that version indeed, but would like to switch of SMB 1 all together on my NAS (it is currently only needed for my OpenPLi STB, as all my computers run new operating systems which all can use SMB 2 or higher). If I can make my mounts work without SMB 1 it is best to switch SMB 1 off so this is a protocol (and therefore a security risk) less. So either I have to get NFS working, or delay switching off SMB 1 when OpenPLi 5 is released (which I have done now for the time being).


Edited by Dream1975, 26 May 2017 - 15:56.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #6 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 26 May 2017 - 16:17

I assume you tried to add "vers=2.1" to the mount options on the box? Otherwise the box will try SMB1, and fail.

 

My Synology has SMB1 disabled (minumum protocol SMB2), but I don't have an OpenPLi 4 handy to test at the moment.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Samba 2 / SMB 2 in OpenPLi #7 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 26 May 2017 - 16:23

I will wait for 5, it has worked for years like this and as 5 is almost out I will test it immediately with that one.

 

Ps. Could it be an idea in OpenPLi 5 to be able to set the to use SMB version in menu->instellingen->systeem->Netwerk->mountbeheer->mountpoints beheer or just in network settings? This way more users can find it and switch to the newer (more secure) version. Might even be better to make SMB2 the default (as I think almost all user based hardware used now does support it).

 

If changing to default is preferred (in light of the security volnurabilities lately in 1) and you would like to do it also in 4 let me know, then I will test


Edited by Dream1975, 26 May 2017 - 16:28.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #8 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 26 May 2017 - 16:37

Ps. If I need to test it, I assume I have to adjust /etc/enigma2/automounts.xml

 

What should te value than be in <options>rw</options>, should it be replaced by <options>rw,vers=2.1</options>?


Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #9 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 26 May 2017 - 21:08

Correct.

 

If you edit the xml directly, make sure you stop enigma first using "init 4".


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Samba 2 / SMB 2 in OpenPLi #10 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 28 May 2017 - 08:57

I have made the change and it works perfectly on OpenPLi 4.

 

What about my idea to be able to set the version in configuration (so more people can find it) and even change the default to SMB2.1 (as almost all hardware now being used can use at least 2 but 3 is also out already).

Even Microsoft asks everyone to stop using it https://blogs.techne...top-using-smb1/

 

Ps. One last question, my NAS also supports SMB3. What version is running on OpenPLi4 (and 5)? I read that samba 3 is included in Sambo 4.0.0 and later, so if PLi has version 4 or later I will test vers=3.02 also (https://wiki.samba.o...php/Samba3/SMB2 and https://wiki.samba.o...inuxCIFSKernel)


Edited by Dream1975, 28 May 2017 - 09:02.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #11 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 28 May 2017 - 10:15

OpenEmbedded uses the cifs kernel driver, which is not related to Samba.

 

Just try, you will know soon enough if it works or not. Adding it as a default in the config of the automounter should be possible. Adding it as default in the driver is above my paygrade, but perhaps it is already patched in OpenEmbedded.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Samba 2 / SMB 2 in OpenPLi #12 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 31 May 2017 - 19:10

Something else. I have the harddisk (\\192.168.1.201\Harddisk) mounted in Windows 10 explorer.

 

In Windows 10 you can disable SMB1.0 (see screenprint), but when I do this the mount isn't available anymore. I have enabled the option again and now the mount does work again. So it seems the box can only be mounted using SMB1. Is there a possibility to use SMB2 here also (or is this possible in the coming OpenPLi 5)?

Attached Files


Edited by Dream1975, 31 May 2017 - 19:12.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #13 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 31 May 2017 - 19:36

Next version will use samba 4.4.5 (at the moment), the current OpenPLi uses an outdated version of Samba 3.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Samba 2 / SMB 2 in OpenPLi #14 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 12 August 2017 - 00:00

I have been playing around a little with the settings. To my NAS vers=3.02 does work (unfortunately vers=3.11 or vers=3.1.1 doesn't, but I think it is not yet supported in the current samba version although the release notes state it does from version 4.3 onwards https://www.samba.or...mba-4.3.0.html)

 

However if I try to use vers=2.0 or higher from the one HD2400 to the other it doesn't work. Both run RC6 with kernel 4.10.12 so I would expect them to also be able to communicate with the newer versions. Any idea why it doesn't?


Edited by Dream1975, 12 August 2017 - 00:03.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #15 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 12 August 2017 - 00:04

I assume that would depend on the CIFS kernel drivers used, i.e. on the kernel version. 


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: Samba 2 / SMB 2 in OpenPLi #16 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 12 August 2017 - 00:09

The kernel is 4.10.12 (april 21st 2017) on both so very new.

Edited by Dream1975, 12 August 2017 - 00:10.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #17 betacentauri

  • PLi® Core member
  • 7,185 posts

+323
Excellent

Posted 12 August 2017 - 00:42

What does not work? Mounting via telnet, via e2,..?
Xtrend ET-9200, ET-8000, ET-10000, OpenPliPC on Ubuntu 12.04

Re: Samba 2 / SMB 2 in OpenPLi #18 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 12 August 2017 - 01:10

The mount between my 2 HD2400's does work. But when I would like a newer SMB version (2 or 3) using vers=xxx it doesn't work. So only SMB1 can be used (while 2 and 3 have performance improvements).

 

As I run Linux kernel 4.10.12 and RC6 has Samba 4.4.5 (or maybe higher) I would expect to be able to use a higher SMB version on the mount between the 2 recievers.

 

I also have a NAS and the mount to the NAS works using SMB 2 or 3. So it seems that the Samba server in OpenPLi doesn't accept SMB2/3 connections (by default)


Edited by Dream1975, 12 August 2017 - 01:11.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 


Re: Samba 2 / SMB 2 in OpenPLi #19 40H3X

  • Forum Moderator
    PLi® Contributor
  • 5,959 posts

+191
Excellent

Posted 12 August 2017 - 11:34

That's sounds strange here (Synology DS215+) I can set SMB range and it is set between smb1 (I use it internally so don't use a VPN) and smb3 and everything works fine?

 

@Dream1975 why did you added the installation of NFS server to the Wiki Mountmanager page?  To the best of my knowledge that one isn't needed as the nfs-utils provides a daemon for kernel nfs server and related tools, as NFS is in the kernel, as it is a file system (that was developed before the time of userspace file systems), but maybe @WanWizard can shed a light on it , I might be wrong ;)


Edited by 40H3X, 12 August 2017 - 11:37.

Hardware: Vu+ Uno 4K SE - Vu+ Duo 4K  - Fuba 78 cm - Tripleblock LNB Quad 19.2/23.5/28.2 - DS918+
Software : OpenPLi - OSCam - Settings van Hans - Autotimer - EPGImport

---------------------------------------------------------------------------------------------------------------------------------------

Remember: Upvote with the rep_up.png button for any user/post you find to be helpful, informative, or deserving of recognition!

---------------------------------------------------------------------------------------------------------------------------------------

Many answers to your question can be found in our new and improved wiki

Note: I do not provide support via PM !.


Re: Samba 2 / SMB 2 in OpenPLi #20 Dream1975

  • Senior Member
  • 1,634 posts

+14
Neutral

Posted 12 August 2017 - 11:56

My Synology is set to use minimum SMB 2, but my mounts now work to my NAS with vers=3.02 so 3 is used

 

@Dream1975 why did you added the installation of NFS server to the Wiki Mountmanager page?  

 

As I want to stop all SMB1 traffic on my network (that's also why I don't allow it on my NAS anymore) I have now setup a NFS share between the 2 HD2400 boxes (as SMB vers=2/3 doesn't work). This was the last step to abandon SMB1 (I deinstalled it everywhere possible).

 

When configuring the NFS share it didn't work so I looked at the forum archive and found this and indeed after installing the NFSserver plugin it worked right away. So I added it to the wiki to prevent others needing to troubleshoot (the plugin might itself not be needed, but even so it did install the necessary dependencies for NFS support, therefore it doesn't hurt to mention it to get it working instead of getting frustrated it doesn't work)


Edited by Dream1975, 12 August 2017 - 12:01.

Mutant HD2400, OpenPLi nightly, 2x DVB-C & 2x DVB-S

Mutant HD51, OpenPLi nightly, 1x DVB-C & 1x DVB-S

Wavefrontier T55 (Astra 1,2,3 en HB)

Smartcards Ziggo (Irdeto) and CDS (Seca) on Oscam

 



6 user(s) are reading this topic

0 members, 6 guests, 0 anonymous users