samba does not work with Linux Fedora 34 client, connections are dropped

[lapadura]

I have TrueNas version 12.0-U5.1. I mainly use samba to share resources. Same account after typing in windows \\ 192.168.10.2 shows me the main directory tree at pools-> first_pool. For Linux \ Fedora my connections are rejected for the same login and password that works properly under Windows. I tested this case on 5 computers running Fedora Linux ver 34.
Why is this happening?
I'm afraid to update to version 12.0-U6 for fear of even more problems

 

[Samuel Tai]

Are you using your root dataset as the Samba share? This isn't supported, as it's not possible to change permissions/ACLs on the root dataset.

 

[anodos]

Perhaps auth method is ntlmv1 (or some other auth option is conflicting). You can check more details by running command midclt call smb.status AUTH_LOG | jq.

 

[anodos]

\\server without a share in Windows actually doesn't establish a conventional SMB session. It instead displays the results of an RPC call to an endpoint on the hidden IPC$ share. We disable anonymous IPC access by default in TrueNAS (if that's what Fedora is trying to do).

 

[anodos]

So on Linux you should always directly mount the shares //SERVER/SHARE rather than trying to mount //SERVER

 

[lapadura]

1.
/var/log tail -f samba4/auth_audit.log*
ustAccountSid": null, "passwordType": null, "duration": 175675}}
{"timestamp": "2021-11-02T16:24:09.750326+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.100.2:445", "remoteAddress": "ipv4:192.168.1.179:59012", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "", "workstation": "DESKTOP-O000I3G", "becameAccount": "nobody", "becameDomain": "TRUENAS", "becameSid": "S-1-5-21-556582355-1376368686-2994987557-501", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": null, "duration": 7312}}
{"timestamp": "2021-11-02T16:24:10.680610+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.100.2:445", "remoteAddress": "ipv4:192.168.1.179:59012", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "

2.
midclt call smb.status AUTH_LOG | jq.
I only see windows logins, no fedora logins

3. neither in step 1 nor in step 2 I can not see any traces after trying to login one of my fedor 192.168.1.232, how is this possible?

4. anodos So on Linux you should always directly mount the shares //SERVER/SHARE rather than trying to mount //SERVER
Not true! Most of the users from the same group in TrueNas, after entering the truenas address in fedora, they can see the main directory tree of those to which they have access and those to which there is no internal access

5.anodos "We disable anonymous IPC access by default in TrueNAS"
How do I do to see the directory tree in \? The question concerns the Linux Fedora 34 client because I can see normally under windows.

 

[lapadura]

okay, i found a login trail on 192.168.1.232
local address replaced the actual address with XXX "localAddress": "ipv4: 193.25.XXX.XXX: 139", for fear of hackers

}
},
{
"timestamp": "2021-11-04T17:23:16.579797+0100",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4624,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:193.25.XXX.XXX:139",
"remoteAddress": "ipv4:192.168.1.232:53620",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "SAMBA",
"clientAccount": "ko",
"workstation": "FEDORA",
"becameAccount": "ko",
"becameDomain": "TRUENAS",
"becameSid": "S-1-5-21-556582355-1376368686-2994987557-1156",
"mappedAccount": "ko",
"mappedDomain": "SAMBA",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000
}
}

 

[anodos]

Not true! Most of the users from the same group in TrueNas, after entering the truenas address in fedora, they can see the main directory tree of those to which they have access and those to which there is no internal access

Okay. Let's get more to the point. How are you trying to mount in Fedora mount.cifs or through gvfs? gvfs utilizes libsmclient (userspace) rather than the Linux kernel SMB client, and some of its features require nmbd (the netbios name server) to be running.

 

[lapadura]

FEDORA ASK 139/TCP port - used by smbd for NetBIOS session service
WINDOWS ASK 445/TCP port - used by smbd for Microsoft Active Directory services

Why Fedora doesn't connect to port 445 like windows?

***************************************FEDORA*********************************************
}
},
{
"timestamp": "2021-11-04T17:23:16.579797+0100",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4624,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:193.25.XXX.XXX:139",
"remoteAddress": "ipv4:192.168.1.232:53620",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "SAMBA",
"clientAccount": "ko",
"workstation": "FEDORA",
"becameAccount": "ko",
"becameDomain": "TRUENAS",
"becameSid": "S-1-5-21-556582355-1376368686-2994987557-1156",
"mappedAccount": "ko",
"mappedDomain": "SAMBA",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000
}
}

***************************************WINDOWS*********************************************


{
"timestamp": "2021-11-04T18:04:13.523901+0100",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4624,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:192.168.100.2:445",
"remoteAddress": "ipv4:192.168.1.161:49768",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": ".",
"clientAccount": "ko",
"workstation": "DESKTOP-Q3KD0B9",
"becameAccount": "ko",
"becameDomain": "TRUENAS",
"becameSid": "S-1-5-21-556582355-1376368686-2994987557-1156",
"mappedAccount": "ko",
"mappedDomain": ".",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0

 

[lapadura]

Okay. Let's get more to the point. How are you trying to mount in Fedora mount.cifs or through gvfs? gvfs utilizes libsmclient (userspace) rather than the Linux kernel SMB client, and some of its features require nmbd (the netbios name server) to be running.

anados

I do it the easy way. I have a Mate environment. In Mate there is an applet "connect to the server" where he enters the server smb: //192.168.100.2 I choose the type of connection as "Windows share" directory /, user data SAMBA domain name and fill in the user and password field then press connect

 

[lapadura]

Now I used a trick that I went to the file exploiter in Fedora, then I chose the locations and typed smb: //192.168.100.2/adsources user, abracadabra and the second time Fedora connected on port 445 but you can also see that it did it under localAdress 192.168.100.2 : 445 and not as previously tried to connect to the main directory / to the address "localAddress": "ipv4: 193.25.XXX.XXX: 139",

{
"timestamp": "2021-11-04T18:30:45.024917+0100",
"type": "Authentication",
"Authentication": {
"version": {
"major": 1,
"minor": 2
},
"eventId": 4624,
"logonId": "0",
"logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:192.168.100.2:445",
"remoteAddress": "ipv4:192.168.1.232:40714",
"serviceDescription": "SMB2",
"authDescription": null,
"clientDomain": "SAMBA",
"clientAccount": "ko",
"workstation": "FEDORA",
"becameAccount": "ko",
"becameDomain": "TRUENAS",
"becameSid": "S-1-5-21-556582355-1376368686-2994987557-1156",
"mappedAccount": "ko",
"mappedDomain": "SAMBA",
"netlogonComputer": null,
"netlogonTrustAccount": null,
"netlogonNegotiate

 

[anodos]

I do it the easy way. I have a Mate environment. In Mate there is an applet "connect to the server" where he enters the server smb: //192.168.100.2 I choose the type of connection as "Windows share" directory /, user data SAMBA domain name and fill in the user and password field then press connect

Right, that's using gvfs for the connection and not the linux kernel SMB client. IIRC, there is a dependency on the SMB server being discoverable over netbios. So this means you need to enable the netbios name server on TrueNAS.

 

[lapadura]

1.Why do some of my Fedors show root folder resources like this, and hello not?
2."So this means you need to enable the netbios name server on TrueNAS. " will this solve the problem with displaying the resource tree in Fedora after connecting to TrueNas via smb: //192.168.100.2

 

[lapadura]

What could be the cause that part of Fedor 34 has a problem with connecting to the root directory samba /, and some not?