nsa310 and nsa235-V2 admin doesn't have write access to admin share folders

Jason1

so I have tried to install the samba 3 on both nsa310 and nsa235-V2. On both machines I don't seem to have write access to the admin share when logged in as admin.

Using the share browser on the devices built in config page I tried to upload a file to the zy-pkgs folder I get the following error . . .

This File/Folder is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

This is the same on both nas devices. I am able to read the folders and contents.

Here are the instructions I followed

####
su
opkg update
opkg install zyxel-samba-replacement # will automatically pull the samba server

# disable the Entware-ng samba server and script
/opt/etc/init.d/S08samba stop
chmod a-x /opt/etc/init.d/S08samba

# enable and start the replacement script
chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
/opt/etc/init.d/S09ZyXELSambaReplacement start
####

When doing the samba upgrade on the nsa310 this is what happened . . .

~ $ su
Password:

BusyBox v1.17.2 (2016-03-11 17:11:16 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ # opkg update
Downloading http://pkg.entware.net/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/packages
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/Mijzelf
~ # opkg install zyxel-samba-replacement
Installing zyxel-samba-replacement (3.6.25) to root...
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/zyxel-samba-replacement_3.6.25_all.ipk
Installing samba36-server (3.6.25-9) to root...
Downloading http://pkg.entware.net/binaries/armv5/samba36-server_3.6.25-9_armv5soft.ipk
Configuring samba36-server.
Configuring zyxel-samba-replacement.
~ # /opt/etc/init.d/S08samba stop
~ # chmod a-x /opt/etc/init.d/S08samba
~ # chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory

Did I do something wrong?

(Samba 3 does appear to be working as I am able to access the shares from the file explorer on a windows pc)

### edit ### . . . .

Samba is not running. I can see all the shares by typing //nasIPaddress/ in Windows file explorer. But when I double click on one I get the error
Windows cannot access \\nasIPaddress\shareName

I am able to go into the media shares Video, Music, Photos

When I run smbstatus I get
Can't load /opt/etc/samba/smb.conf - run testparm to debug it

Mijzelf

About zy-pkgs, is it possible that you messed with that directory from the command line? This sounds like a credential problem. You can try to take ownership:

chown admin /i-data/md0/admin/zy-pkgs

The install log of zyxel-samba-replacement looks fine to me.

If Windows doesn't ask for credentials when double clicking a share, it is using cached (and presumably incorrect) credentials. So try to log out (reboot?). It's a while ago I used Windows, it used to be possible to logout using one of the net share commands

Jason1

I tried the chown, rebooted both computer, nas and Internet box (acting as dns server) no change

I am using a couple of empty disks to test this all out so I started again with a virgin NAS.
(deleted the internal volume, total hardware reset, created a new volume)

I first did all the backup stuff from my other post . . .
Installed:
- your repository,
- Install dropbear
- backup planner

Then I installed
- entware
- tweaks
- random tools

(The last 2 I installed just because I could. Haven't done anything with them)

Then I fired up PuTTY and connected via SSH

I ran through the samba replacement commands as listed previously. copy and pasted them. Again the same results. admin can't make new folders or upload files into admin share, even using the built in share browser.

You said the install log looks fine. is . . .
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory
Not a problem then?

I ran smbstatus and got . . .
Can't load /opt/etc/samba/smb.conf - run testparm to debug it

And again using the Shares browser built into the NAS drive I checked and was not able to make any folders or upload any files to any of the folders in the admin share.

If I enter the ip address of the NAS in Windows File explorer I get a list of all the shares.

I am able to go into the Public shares that were created by the NAS (video, music, photo, public) and I am able to copy files into those shares

I am not able to go into All the other shares like admin and also shares that I created. I get the message
Windows cannot access \\IP\ShareName

I can see them listed right there but I can't get into them.

I created a new user with admin rights. Logged in with the new username created a share with the new user as owner. I get the same results. I even made the new share public so all the attributes are the same as the other public shares, (music etc). Still can't access the folder. I can see the folder but just can't get into it

Jason1

Its really odd but It's not a train crash if this doesn't get sorted. My main aim was to use it as a backup target and, thanks to you, it is working as such.

Mijzelf

The difference should be visible in either the permissions/owners of the directories

ls -l /i-data/md0/

or the configuration of the shares

cat /etc/samba/smb.conf

Jason1

OK so I started again with a virgin box and created a single internal volume called Backup volume. I used Konsole in Ubuntu. Installed your repo, installed Entware. Nothing else installed.

Created a user with admin rights called Jason

Using the NAS web interface I created a Share called Jason
Share Owner = Jason
Permission Type = Public

I used a pc with Ubuntu. Used Konsole to Telnet to the NSA325-V2

Ran through the SMB upgrade instructions as before

Again got

~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory
~ # ls -l /i-data/md0/

So as you asked . . .

~ # ls -l /i-data/md0/
drwxrwsrwx    3 admin    root     4096 Feb 18 18:45 Jason
drwxrwxrwx    5 root     root        4096 Feb 18 22:06 admin
-rw-------     1 root     root       7168 Feb 18 18:44 aquota.
user
drwxrwsrwx    2 root     root         16384 Feb 18 18:09 lost+fo
und
drwxrwxrwx    2 root     root          4096 Feb 18 18:09 music
drwxrwxrwx    2 root     root          4096 Feb 18 18:09 photo
drwxrwxrwx    2 root     root          4096 Feb 18 18:09 public
drwxrwxrwx    2 root     root          4096 Feb 18 18:09 video

~ # cat /etc/samba/smb.conf
[global]
       workgroup = WORKGROUP
       server string = NSA325 v2
       netbios name = NSA325-v2
       dos charset = UTF8
       display charset = UTF8
       unix charset = UTF8
       security = user
       encrypt passwords = yes
       smb passwd file = /etc/samba/smbpasswd
       guest account = pc-guest
       map to guest = Bad User
       write ok = yes
       force create mode = 777
       force directory mode = 777
       force security mode = 777
       force directory security mode = 777
       auth methods = guest sam_ignoredomain
       max log size = 50
       host msdfs = yes
       lanman auth = yes
       kernel oplocks = no
       socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=13
1072 SO_RCVBUF=131072
       use mmap = yes
       max xmit = 131072
       min receivefile size = 128k
       unix extensions = no
       wide links = Yes  
       oplocks = yes
       level2 oplocks = no
       max smbd processes = 128
       printing = cups
       printcap = /etc/printcap
       load printers = yes
       use sendfile = yes
       passdb backend = smbpasswd
       veto files = /.grive*/

[printers]
       path = /i-data/md0/.media/samba
       public = yes
       guest ok = yes
       browseable = yes
       writable = no
       printable = yes
       use client driver = yes

[public]
       path = /i-data/md0/public
       guest ok = yes
       follow symlinks = yes
       strict allocate = yes
; NO Action-log or Recycle-Bin

[video]
       path = /i-data/md0/video
       guest ok = yes
       follow symlinks = yes
       strict allocate = yes
; NO Action-log or Recycle-Bin

[photo]
       path = /i-data/md0/photo
       guest ok = yes
       follow symlinks = yes
       strict allocate = yes
; NO Action-log or Recycle-Bin

[music]
       path = /i-data/md0/music
       guest ok = yes
       follow symlinks = yes
       strict allocate = yes
; NO Action-log or Recycle-Bin

[admin]
       path = /i-data/md0/admin
       valid users = "admin"
       follow symlinks = yes
       strict allocate = yes
       vfs objects = full_audit
        full_audit:prefix = %S
        full_audit:success = unlink rmdir mkdir rename close
        full_audit:failure = none
        full_audit:priority = notice


[Jason]
       path = /i-data/03728411/Jason
       guest ok = yes
       follow symlinks = yes
       strict allocate = yes
       vfs objects = recycle
        recycle:repository = recycle
        recycle:exclude = .test.permission.file.*
        recycle:directory_mode = 0777
        recycle:subdir_mode = 0777
        recycle:keeptree = yes
        recycle:versions = yes
        recycle:touch = yes
        recycle:touch_mtime = no
        recycle:maxsize = 0

[Backup volume]
       path = /etc/zyxel/storage/sysvol/.system/autoshare_sata/
Backup volume
       valid users = "admin"
       follow symlinks = yes
       strict allocate = yes
; NO Action-log or Recycle-Bin

~ #

Using Dolphin file browser the NAS is not listed under Shared Folders (SMB)

I manually typed in
smb://nasIPaddress

I got this list:
- video
- public
- music
- Jason
- Backup volume
- admin

Note that the "Backup volume" is in the list?
Using Dolphin I was able to go into and created a text file in video, public, photo, and music

Tried to go into Jason and got the error . . .
The file or folder smb://admin@192.168.1.140/Jason does not exist.

Tried to go into admin and got the error . . .
The file or folder smb://admin@192.168.1.140/admin does not exist.

Tried to go into Backup volume
Got login box
Could NOT log in as Jason
I could login as admin
got the list:
- video
- public
- photo
- music
- Jason
- admin

in each of the first 4 shares, I could see the text files I had created

I was now able to go into the Jason and create a test file

I went into the admin share and got the list:
- zyfw
- zy-pkgs
- download

I WAS able to create files and folders in these

I switched to the web interface of the NAS

Using the Shares Browser I was NOT able to create any folders or files in the admin share or the Jason share (access denied)
(I tried it logged on both as admin, and also as Jason using the "Administrator Login" button)

Mijzelf

Hmm. As you can see there are differences between admin and video and the rest in smb.conf. Admin has the lines

  vfs objects = full_audit
        full_audit:prefix = %S
        full_audit:success = unlink rmdir mkdir rename close
        full_audit:failure = none
        full_audit:priority = notice

Don't know what that is supposed to do, but I doubt the replacement samba does vfs objects at all.

For Jason we have

       vfs objects = recycle
        recycle:repository = recycle
        recycle:exclude = .test.permission.file.*
        recycle:directory_mode = 0777
        recycle:subdir_mode = 0777
        recycle:keeptree = yes
        recycle:versions = yes
        recycle:touch = yes
        recycle:touch_mtime = no
        recycle:maxsize = 0

The instructions about ZyXELSambaReplacement on metarepo.tk says

Known issues
The recycle bin doesn't work. So disable it on all shares before installing the replacement.

I think that is the problem here.

About that 'Backup volume' , I think that is something the Backup Planner added. It has a weird path: /etc/zyxel/storage/sysvol/.system/autoshare_sata/. /etc/zyxel/storage/sysvol is a symlink to /i-data/03728411. So the actual subdirectory is /i-data/03728411/.system/autoshare_sata/ . Does that exist?

Jason1

• The Backup volume is actually the RAID volume that I created. That's just the name I chose for it.
• (It was a virgin install and I didn't install Backup Planner on it this time).

So I tried again. Another Virgin install - deleted volume - full Factory reset - created new RAID volume, this time I called it NSA325 for clarity - I did not create any users or shares this time - I checked that no recycle bins were active in any share.

Still the same issue. As for the subdirectory you mentioned. it looks like the subdirectory doesn't exist . . .
/ # ls
bin etc init mnt ram_bin sys var
dev home lib opt root tmp zyxel
e-data i-data linuxrc proc sbin usr
/ # cd i-data
/i-data # ls
0b854565 md0

/i-data # cd 0b854565
/i-data/0b854565 # ls
admin lost+found photo video
aquota.user music public

/i-data/0b854565 # cd ..
/i-data # cd md0
/i-data/0b854565 # ls
admin lost+found photo video
aquota.user music public

I ran
smbstatus . . .
Can't load /opt/etc/samba/smb.conf - run testparm to debug it

It looks like Smb.conf does not exist in the folder . . .
/usr/local/zy-pkgs/opt/etc/samba # ls -l
-rw-r--r-- 1 root root 89 Nov 6 2017 ZyXELSambaReplacement.conf
-rw-r--r-- 1 root root 131072 Jan 4 2018 lowcase.dat
-rw------- 1 root root 24576 Feb 19 18:31 secrets.tdb
-rw-r--r-- 1 root root 768 Jan 4 2018 smb.conf.template
-rw-r--r-- 1 root root 131072 Jan 4 2018 upcase.dat
-rw-r--r-- 1 root root 65536 Jan 4 2018 valid.dat

Maybe the whole samba replacement thing just doesn't work?

Anyway don't waste any time on it. I was just curious about it and I can use it just as a backup device, (which was the original idea anyway)

Mijzelf

Anyway don't waste any time on it.

For me it's not a waste of time. The samba replacement package is used a lot, and people having problemes will be pointer to this thread by Google. So I can spend some time to solve problems (or mark them as known limitations) now, or wait for the same questions in another thread.

smbstatus . . .
Can't load /opt/etc/samba/smb.conf - run testparm to debug it

You are running the Entware smbstatus, which tries to read /opt/etc/samba/smb.conf. That doesn't exist, as the user of sambaserver is supposed to provide it's own. There is a smb.conf.template for convenience. Anyway, the 99SambaReplacement script starts Samba with a custom configuration file, /opt/etc/samba/ZyXELSambaReplacement.conf, which basically only contains an 'include /etc/samba/smb.conf', to let the firmware manage the actual smb.conf.

If you want to run smbstatus, you'll have to specify which configuration file to examine:

smbstatus -s /opt/etc/samba/ZyXELSambaReplacement.conf

As for the subdirectory you mentioned. it looks like the subdirectory doesn't exist . . .

A file or directory starting with a dot is by default hidden in Linux. (That was a bug in the first version of ls, which became a feature). To see them use 'ls -a'