nsa310 and nsa235-V2 admin doesn't have write access to admin share folders
so I have tried to install the samba 3 on both nsa310 and nsa235-V2. On both machines I don't seem to have write access to the admin share when logged in as admin.
Using the share browser on the devices built in config page I tried to upload a file to the zy-pkgs folder I get the following error . . .
This File/Folder is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
This is the same on both nas devices. I am able to read the folders and contents.
Here are the instructions I followed
####
su
opkg update
opkg install zyxel-samba-replacement # will automatically pull the samba server
# disable the Entware-ng samba server and script
/opt/etc/init.d/S08samba stop
chmod a-x /opt/etc/init.d/S08samba
# enable and start the replacement script
chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
/opt/etc/init.d/S09ZyXELSambaReplacement start
####
When doing the samba upgrade on the nsa310 this is what happened . . .
~ $ su
Password:
BusyBox v1.17.2 (2016-03-11 17:11:16 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
~ # opkg update
Downloading http://pkg.entware.net/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/packages
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/Mijzelf
~ # opkg install zyxel-samba-replacement
Installing zyxel-samba-replacement (3.6.25) to root...
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/zyxel-samba-replacement_3.6.25_all.ipk
Installing samba36-server (3.6.25-9) to root...
Downloading http://pkg.entware.net/binaries/armv5/samba36-server_3.6.25-9_armv5soft.ipk
Configuring samba36-server.
Configuring zyxel-samba-replacement.
~ # /opt/etc/init.d/S08samba stop
~ # chmod a-x /opt/etc/init.d/S08samba
~ # chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory
Did I do something wrong?
(Samba 3 does appear to be working as I am able to access the shares from the file explorer on a windows pc)
### edit ### . . . .
Samba is not running. I can see all the shares by typing //nasIPaddress/ in Windows file explorer. But when I double click on one I get the error
Windows cannot access \\nasIPaddress\shareName
I am able to go into the media shares Video, Music, Photos
When I run smbstatus I get
Can't load /opt/etc/samba/smb.conf - run testparm to debug it
All Replies
-
About zy-pkgs, is it possible that you messed with that directory from the command line? This sounds like a credential problem. You can try to take ownership:
chown admin /i-data/md0/admin/zy-pkgs
The install log of zyxel-samba-replacement looks fine to me.
If Windows doesn't ask for credentials when double clicking a share, it is using cached (and presumably incorrect) credentials. So try to log out (reboot?). It's a while ago I used Windows, it used to be possible to logout using one of the
net share
commands0 -
I tried the chown, rebooted both computer, nas and Internet box (acting as dns server) no change
I am using a couple of empty disks to test this all out so I started again with a virgin NAS.
(deleted the internal volume, total hardware reset, created a new volume)I first did all the backup stuff from my other post . . .
Installed:
- your repository,
- Install dropbear
- backup plannerThen I installed
- entware
- tweaks
- random tools(The last 2 I installed just because I could. Haven't done anything with them)
Then I fired up PuTTY and connected via SSH
I ran through the samba replacement commands as listed previously. copy and pasted them. Again the same results. admin can't make new folders or upload files into admin share, even using the built in share browser.
You said the install log looks fine. is . . .
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory
Not a problem then?
I ran smbstatus and got . . .
Can't load /opt/etc/samba/smb.conf - run testparm to debug itAnd again using the Shares browser built into the NAS drive I checked and was not able to make any folders or upload any files to any of the folders in the admin share.
If I enter the ip address of the NAS in Windows File explorer I get a list of all the shares.
I am able to go into the Public shares that were created by the NAS (video, music, photo, public) and I am able to copy files into those shares
I am not able to go into All the other shares like admin and also shares that I created. I get the message
Windows cannot access \\IP\ShareNameI can see them listed right there but I can't get into them.
I created a new user with admin rights. Logged in with the new username created a share with the new user as owner. I get the same results. I even made the new share public so all the attributes are the same as the other public shares, (music etc). Still can't access the folder. I can see the folder but just can't get into it
0 -
Its really odd but It's not a train crash if this doesn't get sorted. My main aim was to use it as a backup target and, thanks to you, it is working as such.
0 -
The difference should be visible in either the permissions/owners of the directories
ls -l /i-data/md0/
or the configuration of the shares
cat /etc/samba/smb.conf
0 -
OK so I started again with a virgin box and created a single internal volume called Backup volume. I used Konsole in Ubuntu. Installed your repo, installed Entware. Nothing else installed.
Created a user with admin rights called Jason
Using the NAS web interface I created a Share called Jason
Share Owner = Jason
Permission Type = PublicI used a pc with Ubuntu. Used Konsole to Telnet to the NSA325-V2
Ran through the SMB upgrade instructions as before
Again got
~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory
~ # ls -l /i-data/md0/
So as you asked . . .~ # ls -l /i-data/md0/
drwxrwsrwx 3 admin root 4096 Feb 18 18:45 Jason
drwxrwxrwx 5 root root 4096 Feb 18 22:06 admin
-rw------- 1 root root 7168 Feb 18 18:44 aquota.
user
drwxrwsrwx 2 root root 16384 Feb 18 18:09 lost+fo
und
drwxrwxrwx 2 root root 4096 Feb 18 18:09 music
drwxrwxrwx 2 root root 4096 Feb 18 18:09 photo
drwxrwxrwx 2 root root 4096 Feb 18 18:09 public
drwxrwxrwx 2 root root 4096 Feb 18 18:09 video
~ # cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = NSA325 v2
netbios name = NSA325-v2
dos charset = UTF8
display charset = UTF8
unix charset = UTF8
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
guest account = pc-guest
map to guest = Bad User
write ok = yes
force create mode = 777
force directory mode = 777
force security mode = 777
force directory security mode = 777
auth methods = guest sam_ignoredomain
max log size = 50
host msdfs = yes
lanman auth = yes
kernel oplocks = no
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=13
1072 SO_RCVBUF=131072
use mmap = yes
max xmit = 131072
min receivefile size = 128k
unix extensions = no
wide links = Yes
oplocks = yes
level2 oplocks = no
max smbd processes = 128
printing = cups
printcap = /etc/printcap
load printers = yes
use sendfile = yes
passdb backend = smbpasswd
veto files = /.grive*/
[printers]
path = /i-data/md0/.media/samba
public = yes
guest ok = yes
browseable = yes
writable = no
printable = yes
use client driver = yes
[public]
path = /i-data/md0/public
guest ok = yes
follow symlinks = yes
strict allocate = yes
; NO Action-log or Recycle-Bin
[video]
path = /i-data/md0/video
guest ok = yes
follow symlinks = yes
strict allocate = yes
; NO Action-log or Recycle-Bin
[photo]
path = /i-data/md0/photo
guest ok = yes
follow symlinks = yes
strict allocate = yes
; NO Action-log or Recycle-Bin
[music]
path = /i-data/md0/music
guest ok = yes
follow symlinks = yes
strict allocate = yes
; NO Action-log or Recycle-Bin
[admin]
path = /i-data/md0/admin
valid users = "admin"
follow symlinks = yes
strict allocate = yes
vfs objects = full_audit
full_audit:prefix = %S
full_audit:success = unlink rmdir mkdir rename close
full_audit:failure = none
full_audit:priority = notice
[Jason]
path = /i-data/03728411/Jason
guest ok = yes
follow symlinks = yes
strict allocate = yes
vfs objects = recycle
recycle:repository = recycle
recycle:exclude = .test.permission.file.*
recycle:directory_mode = 0777
recycle:subdir_mode = 0777
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:touch_mtime = no
recycle:maxsize = 0
[Backup volume]
path = /etc/zyxel/storage/sysvol/.system/autoshare_sata/
Backup volume
valid users = "admin"
follow symlinks = yes
strict allocate = yes
; NO Action-log or Recycle-Bin
~ #
Using Dolphin file browser the NAS is not listed under Shared Folders (SMB)I manually typed in
smb://nasIPaddressI got this list:
- video
- public
- music
- Jason
- Backup volume
- adminNote that the "Backup volume" is in the list?
Using Dolphin I was able to go into and created a text file in video, public, photo, and musicTried to go into Jason and got the error . . .
The file or folder smb://admin@192.168.1.140/Jason does not exist.Tried to go into admin and got the error . . .
The file or folder smb://admin@192.168.1.140/admin does not exist.Tried to go into Backup volume
Got login box
Could NOT log in as Jason
I could login as admin
got the list:
- video
- public
- photo
- music
- Jason
- adminin each of the first 4 shares, I could see the text files I had created
I was now able to go into the Jason and create a test file
I went into the admin share and got the list:
- zyfw
- zy-pkgs
- downloadI WAS able to create files and folders in these
I switched to the web interface of the NAS
Using the Shares Browser I was NOT able to create any folders or files in the admin share or the Jason share (access denied)
(I tried it logged on both as admin, and also as Jason using the "Administrator Login" button)0 -
Hmm. As you can see there are differences between admin and video and the rest in smb.conf. Admin has the lines
vfs objects = full_audit
full_audit:prefix = %S
full_audit:success = unlink rmdir mkdir rename close
full_audit:failure = none
full_audit:priority = noticeDon't know what that is supposed to do, but I doubt the replacement samba does vfs objects at all.
For Jason we have
vfs objects = recycle
recycle:repository = recycle
recycle:exclude = .test.permission.file.*
recycle:directory_mode = 0777
recycle:subdir_mode = 0777
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:touch_mtime = no
recycle:maxsize = 0The instructions about ZyXELSambaReplacement on metarepo.tk says
Known issues
The recycle bin doesn't work. So disable it on all shares before installing the replacement.I think that is the problem here.
About that 'Backup volume' , I think that is something the Backup Planner added. It has a weird path: /etc/zyxel/storage/sysvol/.system/autoshare_sata/. /etc/zyxel/storage/sysvol is a symlink to /i-data/03728411. So the actual subdirectory is /i-data/03728411/.system/autoshare_sata/ . Does that exist?
0 -
- The Backup volume is actually the RAID volume that I created. That's just the name I chose for it.
- (It was a virgin install and I didn't install Backup Planner on it this time).
So I tried again. Another Virgin install - deleted volume - full Factory reset - created new RAID volume, this time I called it NSA325 for clarity - I did not create any users or shares this time - I checked that no recycle bins were active in any share.
Still the same issue. As for the subdirectory you mentioned. it looks like the subdirectory doesn't exist . . .
/ # ls
bin etc init mnt ram_bin sys var
dev home lib opt root tmp zyxel
e-data i-data linuxrc proc sbin usr
/ # cd i-data
/i-data # ls
0b854565 md0/i-data # cd 0b854565
/i-data/0b854565 # ls
admin lost+found photo video
aquota.user music public/i-data/0b854565 # cd ..
/i-data # cd md0
/i-data/0b854565 # ls
admin lost+found photo video
aquota.user music publicI ran
smbstatus . . .
Can't load /opt/etc/samba/smb.conf - run testparm to debug itIt looks like Smb.conf does not exist in the folder . . .
/usr/local/zy-pkgs/opt/etc/samba # ls -l
-rw-r--r-- 1 root root 89 Nov 6 2017 ZyXELSambaReplacement.conf
-rw-r--r-- 1 root root 131072 Jan 4 2018 lowcase.dat
-rw------- 1 root root 24576 Feb 19 18:31 secrets.tdb
-rw-r--r-- 1 root root 768 Jan 4 2018 smb.conf.template
-rw-r--r-- 1 root root 131072 Jan 4 2018 upcase.dat
-rw-r--r-- 1 root root 65536 Jan 4 2018 valid.datMaybe the whole samba replacement thing just doesn't work?
Anyway don't waste any time on it. I was just curious about it and I can use it just as a backup device, (which was the original idea anyway)
0 -
Anyway don't waste any time on it.
For me it's not a waste of time. The samba replacement package is used a lot, and people having problemes will be pointer to this thread by Google. So I can spend some time to solve problems (or mark them as known limitations) now, or wait for the same questions in another thread.
smbstatus . . .
Can't load /opt/etc/samba/smb.conf - run testparm to debug itYou are running the Entware smbstatus, which tries to read /opt/etc/samba/smb.conf. That doesn't exist, as the user of sambaserver is supposed to provide it's own. There is a smb.conf.template for convenience. Anyway, the 99SambaReplacement script starts Samba with a custom configuration file, /opt/etc/samba/ZyXELSambaReplacement.conf, which basically only contains an 'include /etc/samba/smb.conf', to let the firmware manage the actual smb.conf.
If you want to run smbstatus, you'll have to specify which configuration file to examine:
smbstatus -s /opt/etc/samba/ZyXELSambaReplacement.conf
As for the subdirectory you mentioned. it looks like the subdirectory doesn't exist . . .
A file or directory starting with a dot is by default hidden in Linux. (That was a bug in the first version of ls, which became a feature). To see them use 'ls -a'
0 -
Hi Mijzelf, i have been using the samba replacement for a while now but all of the sudden it stopped working with this error:
root@NSA310S:/usr/local/zy-pkgs/opt/etc/samba# smbstatus -s /opt/etc/samba/ZyXELSambaReplacement.conf
ERROR: invalid DOS charset: 'dos charset' must not be UTF8, using (default value) ASCII instead.
Can't open sessionid.tdbany idea what could be the issue?
0 -
Did you edit /opt/etc/samba/ZyXELSambaReplacement.conf or /etc/samba/smb.conf? The most obvious reason for this error is that the file contains UTF8 encoding, of course.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight