Win 11 and SMB2 for NSA325v2 - Firmware NSA325_4.81(AAAJ.1)
Hello,
I got my Win 11 laptop (do not ask if I wanted it)
Win 11 needs SMB2 support from NSA325v2 which I had since ages.
Is there up-to-date (2023-2024) step-by-step instructions how to get SMB2 support on NSA325v2 with firmware NSA325_4.81(AAAJ.1)?
I searched some similar questions, but the threads there included many links which do not work anymore.
Any recent experiences and instructions for dummies (I know ssh but mostly that is it)?
Thank you and happy holidays.
-A
Best Answers
-
1
-
The installation of zyxel-samba-replacement will automatically pull the needed packages, which is samba-server.
An you don't need to backup the firmware files, as they are not removed. Basically the firmware's samba start script is hotpatched to start the Entware samba server instead. It's config file (/opt/etc/samba/smb.conf) includes the firmware config file to adopt it's shares. If you disable zyxel-samba-replacement and reboot, everything is like it was.
0
All Replies
-
1
-
Hello Mijzelf,
thank you million times for the links above. Kudos!
I did install the Metarepo package and as well installed the Entware-ng package.
I read your thread here: [HOWTO] Install samba 3.6.25 on a ZyXEL fw4 nas - Zyxel Forum - Herzlich Willkommen!
and I am a bit unsure of the next steps.
After enabling Entware-ng package I see the following list under <server>/pkg/Entware-ng/pkgcgi.cgi?chapter=Packages
Name
Version
Section
Description
python-smbus
3.1.2-1
lang
This package contain the python bindings for Linux SMBus access through i2c-dev.
samba36-client
3.6.25-9
net
Samba 3.6 SMB/CIFS client
samba36-net
3.6.25-9
net
Samba 3.6 SMB/CIFS net commands
samba36-server
3.6.25-9
net
The Samba software suite is a collection of programs that implements the SMB protocol for UNIX systems, allowing you to serve files and printers to Wi
Should I execute the script from you thread already? Or should I first install any of the packages above? If yes, which one and how exactly?
—
su
opkg update
opkg install zyxel-samba-replacement # will automatically pull the samba server
# disable the Entware-ng samba server and script
/opt/etc/init.d/S08samba stop
chmod a-x /opt/etc/init.d/S08samba
# enable and start the replacement script
chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
/opt/etc/init.d/S09ZyXELSambaReplacement start—-
And one more thing - how can I make a backup of my current SMB config and files, so I can roll back to it in case I screw something over? Would be a copy of "/etc/samba/smb.conf" enough?
Thanks, and regards, -A
0 -
The installation of zyxel-samba-replacement will automatically pull the needed packages, which is samba-server.
An you don't need to backup the firmware files, as they are not removed. Basically the firmware's samba start script is hotpatched to start the Entware samba server instead. It's config file (/opt/etc/samba/smb.conf) includes the firmware config file to adopt it's shares. If you disable zyxel-samba-replacement and reboot, everything is like it was.
0 -
Hello Mijzelf,
thank you so much for your feedback and guidance.
I followed the step you described and everythign went Ok until here:
<Server name> login: admin
Password:BusyBox v1.17.2 (2017-06-21 16:20:33 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.~ $ su
Password:BusyBox v1.17.2 (2017-06-21 16:20:33 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.~ # opkg update
Downloading http://pkg.entware.net/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/packages
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/Mijzelf
~ # opkg install zyxel-samba-replacement
Installing zyxel-samba-replacement (3.6.25) to root...
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/zyxel-samba-replacement_3.6.25_all.ipk
Installing samba36-server (3.6.25-9) to root...
Downloading http://pkg.entware.net/binaries/armv5/samba36-server_3.6.25-9_armv5soft.ipk
Configuring samba36-server.
Configuring zyxel-samba-replacement.
~ # /opt/etc/init.d/S08samba stop
~ # chmod a-x /opt/etc/init.d/S08samba
~ # chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory
~ #Is it a problem?
How can I check the version of Samba running?Or if it all it is running?
PS Just in case if it helps to find an issue
~ $ echo $PATH
/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/zyxel/sbin:/usr/local/zy-pkgs/bin:/zyxel/htp
~ $ su
Password:BusyBox v1.17.2 (2017-06-21 16:20:33 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.~ # echo $PATH
/opt/bin:/opt/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/zyxel/sbin:/usr/local/zy-pkgs/bin:/zyxel/htp
~ #0 -
I think it worked.
~ $ smbstatus -V
Version 3.6.25
~ $And I was able to mount a network drive on Win 11 to my good old NSA325v2
Even after tha NSA restart the mount was working, so I think I am good for some time.
Thank you, Mijzelf!
0 -
mv: can't rename '/opt/var/lock/*': No such file or directory
~ #
Is it a problem?Maybe. /opt/var/lock should be a symlink to /var/lock. If it isn't, samba will keep the disks awake. You can check that with
ls -l /opt/var
If /opt/var/lock is a directory (the line containing lock starts with drw) the mv error kept the install script from creating the symlink.
0 -
please excuse my stupidity
this is an output of ssh after the restart of nsa325
~ $ ls -l /opt/var
lrwxrwxrwx 1 root root 9 Dec 19 20:40 lock -> /var/lock
drwxr-xr-x 2 root root 4096 Dec 19 21:01 log
drwxr-xr-x 2 root root 4096 Dec 19 21:01 nmbd
drwxr-xr-x 2 root root 4096 Dec 19 20:39 opkg-lists
drwxr-xr-x 2 root root 4096 Dec 19 21:01 run
~ $should I re-run the initial installation script?
or how can I ensure to have a clean smb 2 setup with Samba not keeping disks awake?
Thank you!
0 -
lrwxrwxrwx 1 root root 9 Dec 19 20:40 lock -> /var/lock
It's fine. lock is a symlink to /var/lock
0 -
I would like to come back with some clarifications (year 2024) for those who want to stop having problems with samba in windows 10. This post is based on Mijzelf's tutorials (Thank you). So let's start:
disable the Entware-ng samba server and script
Install samba 3.6.25 on a ZyXEL fw4 nas (Tested on zyxel nsa325 with latest firmware)
https://zyxel.diskstation.eu/forum/viewtopic.php?f=4&t=24
In the web interface of nsa325 in packages install and enable the Entware-ng package
ATTENTION!!! Also from the interface, disable Recycle Been from all created shares
It will be installed in /opt
su
cd /opt/bin
./opkg update
./opkg install zyxel-samba-replacement # will automatically pull the samba server/opt/etc/init.d/S08samba stop
enable and start the replacement script
chmod a -x /opt/etc/init.d/S08sambachmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
/opt/etc/init.d/S09ZyXELSambaReplacement startThat's it. It can be confusing that by executing '/opt/etc/init.d/S09ZyXELSambaReplacement start' you see samba stopping, and with '/opt/etc/init.d/S09ZyXELSambaReplacement stop' you see it starting. That's the samba firmware. The replacement script always stops one, and starts the other.
To definitively solve the problem with the shares, including creating new shares:Copy /etc/smb.conf to /opt/etc/samba: cp /etc/smb.conf /opt/etc/samba
Modify the ZyXELSambaReplacement.conf file as follows:[Global]
#client max protocol = SMB2
max protocol = SMB2#include = /etc/samba/smb.conf
include = /opt/etc/samba/smb.confAttention!!! This will completely bypass the samba conf from the original firmware. I recommend this because the original configuration comes with very old settings and with major security problems, in the following I will also give an example of a .conf that works perfectly with windows 10.
[global]
workgroup = Whatever
domain master = no
local master = no
preferred master = no
os level = 100
server string = NSA325
netbios name = NSA
dos charset = UTF8
display charset = UTF8
unix charset = UTF8
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
guest account = pc-guest
map to guest = Bad User
write ok = yes
force create mode = 777
force directory mode = 777
force security mode = 777
force directory security mode = 777
auth methods = guest sam_ignoredomain
max log size = 50
host msdfs = yes
; lanman auth = yes
;Permit authentification NTLMv2 for clients.
client ntlm auth = yes
;Allow NTLMv1 and higher authentication, allowing Windows to start with a less secure protocol and negotiate at a higher level
ntlm auth = yes
kernel oplocks = no
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=131072 SO_RCVBUF=131072
use mmap = yes
max xmit = 131072
min receivefile size = 128k
unix extensions = no
wide links = Yes
oplocks = yes
level2 oplocks = no
max smbd processes = 128
printing = cups
printcap = /etc/printcap
load printers = yes
use sendfile = yes
passdb backend = smbpasswd
veto files = /.grive*/This is the [global] section; I disabled lanman authentication because it is old and insecure and i enable NTLMv1 and v2.
Now you can restart smb or just reboot the machine. And with that linux part is over, now just make sure windows 10 use NTLMv2 (It should be default but don't risk it)
Windows 10 settings
Modify the Local Security Policy as follows:- press the windows key and R
- secpol.msc
- Navigate to Local Policy - Security Options
- Double Click on Network security: LAN Manager authentication level
- Select: Send LM & NTLM - use NTLMv2 session security if negotiated
- Apply then OK
- Reboot then wait a bit as it takes until it takes.
That's all folks.
These settings will allow you to see the NAS in the Windows 10 network, to map network disks and most importantly to create and modify the shares as you wish (Attention !!! I only put the [global] section in the conf.. .I didn't put the section with the shares that remain as you configured them in the original conf). This example does not change the behavior of Android phones in any way.0 -
Attention !!!
In
[global]
workgroup = Whateverjust use your workgroup name :)
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 145 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 239 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight