nsa310 and nsa235-V2 admin doesn't have write access to admin share folders

Jason1
Jason1 Posts: 16  Freshman Member
First Comment
edited February 17 in Personal Cloud Storage

so I have tried to install the samba 3 on both nsa310 and nsa235-V2. On both machines I don't seem to have write access to the admin share when logged in as admin.

Using the share browser on the devices built in config page I tried to upload a file to the zy-pkgs folder I get the following error . . .

This File/Folder is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

This is the same on both nas devices. I am able to read the folders and contents.

Here are the instructions I followed

####
su
opkg update
opkg install zyxel-samba-replacement # will automatically pull the samba server

# disable the Entware-ng samba server and script
/opt/etc/init.d/S08samba stop
chmod a-x /opt/etc/init.d/S08samba

# enable and start the replacement script
chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
/opt/etc/init.d/S09ZyXELSambaReplacement start
####

When doing the samba upgrade on the nsa310 this is what happened . . .

~ $ su
Password:

BusyBox v1.17.2 (2016-03-11 17:11:16 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ # opkg update
Downloading http://pkg.entware.net/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/packages
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/Mijzelf
~ # opkg install zyxel-samba-replacement
Installing zyxel-samba-replacement (3.6.25) to root...
Downloading http://zyxel.diskstation.eu/Users/Mijzelf/Entware-ng/binaries/armv5/zyxel-samba-replacement_3.6.25_all.ipk
Installing samba36-server (3.6.25-9) to root...
Downloading http://pkg.entware.net/binaries/armv5/samba36-server_3.6.25-9_armv5soft.ipk
Configuring samba36-server.
Configuring zyxel-samba-replacement.
~ # /opt/etc/init.d/S08samba stop
~ # chmod a-x /opt/etc/init.d/S08samba
~ # chmod a+x /opt/etc/init.d/S09ZyXELSambaReplacement
~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
Stopping Samba daemons: nmbd smbd.
mv: can't rename '/opt/var/lock/*': No such file or directory

Did I do something wrong?

(Samba 3 does appear to be working as I am able to access the shares from the file explorer on a windows pc)

### edit ### . . . .

Samba is not running. I can see all the shares by typing //nasIPaddress/ in Windows file explorer. But when I double click on one I get the error
Windows cannot access \\nasIPaddress\shareName

I am able to go into the media shares Video, Music, Photos

When I run smbstatus I get
Can't load /opt/etc/samba/smb.conf - run testparm to debug it

«13

All Replies

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    About zy-pkgs, is it possible that you messed with that directory from the command line? This sounds like a credential problem. You can try to take ownership:

    chown admin /i-data/md0/admin/zy-pkgs

    The install log of zyxel-samba-replacement looks fine to me.

    If Windows doesn't ask for credentials when double clicking a share, it is using cached (and presumably incorrect) credentials. So try to log out (reboot?). It's a while ago I used Windows, it used to be possible to logout using one of the net share commands

  • Jason1
    Jason1 Posts: 16  Freshman Member
    First Comment
    edited February 17

    I tried the chown, rebooted both computer, nas and Internet box (acting as dns server) no change


    I am using a couple of empty disks to test this all out so I started again with a virgin NAS.
    (deleted the internal volume, total hardware reset, created a new volume)

    I first did all the backup stuff from my other post . . .
    Installed:
    - your repository,
    - Install dropbear
    - backup planner

    Then I installed
    - entware
    - tweaks
    - random tools

    (The last 2 I installed just because I could. Haven't done anything with them)

    Then I fired up PuTTY and connected via SSH

    I ran through the samba replacement commands as listed previously. copy and pasted them. Again the same results. admin can't make new folders or upload files into admin share, even using the built in share browser.

    You said the install log looks fine. is . . .
    Stopping Samba daemons: nmbd smbd.
    mv: can't rename '/opt/var/lock/*': No such file or directory
    Not a problem then?


    I ran smbstatus and got . . .
    Can't load /opt/etc/samba/smb.conf - run testparm to debug it

    And again using the Shares browser built into the NAS drive I checked and was not able to make any folders or upload any files to any of the folders in the admin share.

    If I enter the ip address of the NAS in Windows File explorer I get a list of all the shares.

    I am able to go into the Public shares that were created by the NAS (video, music, photo, public) and I am able to copy files into those shares

    I am not able to go into All the other shares like admin and also shares that I created. I get the message
    Windows cannot access \\IP\ShareName

    I can see them listed right there but I can't get into them.

    I created a new user with admin rights. Logged in with the new username created a share with the new user as owner. I get the same results. I even made the new share public so all the attributes are the same as the other public shares, (music etc). Still can't access the folder. I can see the folder but just can't get into it

  • Jason1
    Jason1 Posts: 16  Freshman Member
    First Comment

    Its really odd but It's not a train crash if this doesn't get sorted. My main aim was to use it as a backup target and, thanks to you, it is working as such.

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    The difference should be visible in either the permissions/owners of the directories

    ls -l /i-data/md0/

    or the configuration of the shares

    cat /etc/samba/smb.conf

  • Jason1
    Jason1 Posts: 16  Freshman Member
    First Comment

    OK so I started again with a virgin box and created a single internal volume called Backup volume. I used Konsole in Ubuntu. Installed your repo, installed Entware. Nothing else installed.

    Created a user with admin rights called Jason

    Using the NAS web interface I created a Share called Jason
    Share Owner = Jason
    Permission Type = Public

    I used a pc with Ubuntu. Used Konsole to Telnet to the NSA325-V2

    Ran through the SMB upgrade instructions as before

    Again got

    ~ # /opt/etc/init.d/S09ZyXELSambaReplacement start
    Stopping Samba daemons: nmbd smbd.
    mv: can't rename '/opt/var/lock/*': No such file or directory
    ~ # ls -l /i-data/md0/


    So as you asked . . .

    ~ # ls -l /i-data/md0/
    drwxrwsrwx    3 admin    root     4096 Feb 18 18:45 Jason
    drwxrwxrwx    5 root     root        4096 Feb 18 22:06 admin
    -rw-------     1 root     root       7168 Feb 18 18:44 aquota.
    user
    drwxrwsrwx    2 root     root         16384 Feb 18 18:09 lost+fo
    und
    drwxrwxrwx    2 root     root          4096 Feb 18 18:09 music
    drwxrwxrwx    2 root     root          4096 Feb 18 18:09 photo
    drwxrwxrwx    2 root     root          4096 Feb 18 18:09 public
    drwxrwxrwx    2 root     root          4096 Feb 18 18:09 video

    ~ # cat /etc/samba/smb.conf
    [global]
           workgroup = WORKGROUP
           server string = NSA325 v2
           netbios name = NSA325-v2
           dos charset = UTF8
           display charset = UTF8
           unix charset = UTF8
           security = user
           encrypt passwords = yes
           smb passwd file = /etc/samba/smbpasswd
           guest account = pc-guest
           map to guest = Bad User
           write ok = yes
           force create mode = 777
           force directory mode = 777
           force security mode = 777
           force directory security mode = 777
           auth methods = guest sam_ignoredomain
           max log size = 50
           host msdfs = yes
           lanman auth = yes
           kernel oplocks = no
           socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=13
    1072 SO_RCVBUF=131072
           use mmap = yes
           max xmit = 131072
           min receivefile size = 128k
           unix extensions = no
           wide links = Yes  
           oplocks = yes
           level2 oplocks = no
           max smbd processes = 128
           printing = cups
           printcap = /etc/printcap
           load printers = yes
           use sendfile = yes
           passdb backend = smbpasswd
           veto files = /.grive*/

    [printers]
           path = /i-data/md0/.media/samba
           public = yes
           guest ok = yes
           browseable = yes
           writable = no
           printable = yes
           use client driver = yes

    [public]
           path = /i-data/md0/public
           guest ok = yes
           follow symlinks = yes
           strict allocate = yes
    ; NO Action-log or Recycle-Bin

    [video]
           path = /i-data/md0/video
           guest ok = yes
           follow symlinks = yes
           strict allocate = yes
    ; NO Action-log or Recycle-Bin

    [photo]
           path = /i-data/md0/photo
           guest ok = yes
           follow symlinks = yes
           strict allocate = yes
    ; NO Action-log or Recycle-Bin

    [music]
           path = /i-data/md0/music
           guest ok = yes
           follow symlinks = yes
           strict allocate = yes
    ; NO Action-log or Recycle-Bin

    [admin]
           path = /i-data/md0/admin
           valid users = "admin"
           follow symlinks = yes
           strict allocate = yes
           vfs objects = full_audit
            full_audit:prefix = %S
            full_audit:success = unlink rmdir mkdir rename close
            full_audit:failure = none
            full_audit:priority = notice


    [Jason]
           path = /i-data/03728411/Jason
           guest ok = yes
           follow symlinks = yes
           strict allocate = yes
           vfs objects = recycle
            recycle:repository = recycle
            recycle:exclude = .test.permission.file.*
            recycle:directory_mode = 0777
            recycle:subdir_mode = 0777
            recycle:keeptree = yes
            recycle:versions = yes
            recycle:touch = yes
            recycle:touch_mtime = no
            recycle:maxsize = 0

    [Backup volume]
           path = /etc/zyxel/storage/sysvol/.system/autoshare_sata/
    Backup volume
           valid users = "admin"
           follow symlinks = yes
           strict allocate = yes
    ; NO Action-log or Recycle-Bin

    ~ #

    Using Dolphin file browser the NAS is not listed under Shared Folders (SMB)

    I manually typed in
    smb://nasIPaddress

    I got this list:
    - video
    - public
    - music
    - Jason
    - Backup volume
    - admin

    Note that the "Backup volume" is in the list?
    Using Dolphin I was able to go into and created a text file in video, public, photo, and music

    Tried to go into Jason and got the error . . .
    The file or folder smb://admin@192.168.1.140/Jason does not exist.

    Tried to go into admin and got the error . . .
    The file or folder smb://admin@192.168.1.140/admin does not exist.

    Tried to go into Backup volume
    Got login box
    Could NOT log in as Jason
    I could login as admin
    got the list:
    - video
    - public
    - photo
    - music
    - Jason
    - admin

    in each of the first 4 shares, I could see the text files I had created

    I was now able to go into the Jason and create a test file

    I went into the admin share and got the list:
    - zyfw
    - zy-pkgs
    - download

    I WAS able to create files and folders in these

    I switched to the web interface of the NAS

    Using the Shares Browser I was NOT able to create any folders or files in the admin share or the Jason share (access denied)
    (I tried it logged on both as admin, and also as Jason using the "Administrator Login" button)

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited February 18

    Hmm. As you can see there are differences between admin and video and the rest in smb.conf. Admin has the lines

      vfs objects = full_audit
            full_audit:prefix = %S
            full_audit:success = unlink rmdir mkdir rename close
            full_audit:failure = none
            full_audit:priority = notice

    Don't know what that is supposed to do, but I doubt the replacement samba does vfs objects at all.

    For Jason we have

           vfs objects = recycle
            recycle:repository = recycle
            recycle:exclude = .test.permission.file.*
            recycle:directory_mode = 0777
            recycle:subdir_mode = 0777
            recycle:keeptree = yes
            recycle:versions = yes
            recycle:touch = yes
            recycle:touch_mtime = no
            recycle:maxsize = 0

    The instructions about ZyXELSambaReplacement on metarepo.tk says

    Known issues
    The recycle bin doesn't work. So disable it on all shares before installing the replacement.

    I think that is the problem here.

    About that 'Backup volume' , I think that is something the Backup Planner added. It has a weird path: /etc/zyxel/storage/sysvol/.system/autoshare_sata/. /etc/zyxel/storage/sysvol is a symlink to /i-data/03728411. So the actual subdirectory is /i-data/03728411/.system/autoshare_sata/ . Does that exist?

  • Jason1
    Jason1 Posts: 16  Freshman Member
    First Comment
    • The Backup volume is actually the RAID volume that I created. That's just the name I chose for it.
    • (It was a virgin install and I didn't install Backup Planner on it this time).

    So I tried again. Another Virgin install - deleted volume - full Factory reset - created new RAID volume, this time I called it NSA325 for clarity - I did not create any users or shares this time - I checked that no recycle bins were active in any share.

    Still the same issue. As for the subdirectory you mentioned. it looks like the subdirectory doesn't exist . . .
    / # ls
    bin etc init mnt ram_bin sys var
    dev home lib opt root tmp zyxel
    e-data i-data linuxrc proc sbin usr
    / # cd i-data
    /i-data # ls
    0b854565 md0

    /i-data # cd 0b854565
    /i-data/0b854565 # ls
    admin lost+found photo video
    aquota.user music public

    /i-data/0b854565 # cd ..
    /i-data # cd md0
    /i-data/0b854565 # ls
    admin lost+found photo video
    aquota.user music public

    I ran
    smbstatus
    . . .
    Can't load /opt/etc/samba/smb.conf - run testparm to debug it

    It looks like Smb.conf does not exist in the folder . . .
    /usr/local/zy-pkgs/opt/etc/samba # ls -l
    -rw-r--r-- 1 root root 89 Nov 6 2017 ZyXELSambaReplacement.conf
    -rw-r--r-- 1 root root 131072 Jan 4 2018 lowcase.dat
    -rw------- 1 root root 24576 Feb 19 18:31 secrets.tdb
    -rw-r--r-- 1 root root 768 Jan 4 2018 smb.conf.template
    -rw-r--r-- 1 root root 131072 Jan 4 2018 upcase.dat
    -rw-r--r-- 1 root root 65536 Jan 4 2018 valid.dat

    Maybe the whole samba replacement thing just doesn't work?

    Anyway don't waste any time on it. I was just curious about it and I can use it just as a backup device, (which was the original idea anyway)

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    Anyway don't waste any time on it.

    For me it's not a waste of time. The samba replacement package is used a lot, and people having problemes will be pointer to this thread by Google. So I can spend some time to solve problems (or mark them as known limitations) now, or wait for the same questions in another thread.

    smbstatus . . .
    Can't load /opt/etc/samba/smb.conf - run testparm to debug it

    You are running the Entware smbstatus, which tries to read /opt/etc/samba/smb.conf. That doesn't exist, as the user of sambaserver is supposed to provide it's own. There is a smb.conf.template for convenience. Anyway, the 99SambaReplacement script starts Samba with a custom configuration file, /opt/etc/samba/ZyXELSambaReplacement.conf, which basically only contains an 'include /etc/samba/smb.conf', to let the firmware manage the actual smb.conf.

    If you want to run smbstatus, you'll have to specify which configuration file to examine:

    smbstatus -s /opt/etc/samba/ZyXELSambaReplacement.conf

    As for the subdirectory you mentioned. it looks like the subdirectory doesn't exist . . .

    A file or directory starting with a dot is by default hidden in Linux. (That was a bug in the first version of ls, which became a feature). To see them use 'ls -a'

  • DominikLOL
    DominikLOL Posts: 23  Freshman Member
    First Comment Friend Collector

    Hi Mijzelf, i have been using the samba replacement for a while now but all of the sudden it stopped working with this error:

    root@NSA310S:/usr/local/zy-pkgs/opt/etc/samba# smbstatus -s /opt/etc/samba/ZyXELSambaReplacement.conf
    ERROR: invalid DOS charset: 'dos charset' must not be UTF8, using (default value) ASCII instead.
    Can't open sessionid.tdb

    any idea what could be the issue?

  • Mijzelf
    Mijzelf Posts: 2,790  Guru Member
    250 Answers 2500 Comments Friend Collector Seventh Anniversary

    Did you edit /opt/etc/samba/ZyXELSambaReplacement.conf or /etc/samba/smb.conf? The most obvious reason for this error is that the file contains UTF8 encoding, of course.

Consumer Product Help Center