Samba extra configuration


Recommended Posts

Hi followed Spaceinvader One online video for "How to use rclone in unRAID Copy sync and encrypt files to the cloud. Even stream media". It works fantastically well. I'm having an issue mounting it to be accessible on the local network via SMB. I used this script:

 

[secure-cloud] path = /mnt/disks/secure comment = browseable = yes # Public public = yes writeable = yes vfs objects =

 

I don't see "secure-cloud" on my network shares with this. also would like to make this private and only user accessible. any ideas what's wrong?? I restarted the server to refresh samba but no go. 

 

Thank you!

Link to comment

Have you considered using the Samba extra feature built into the latest versions of unRAID?    'Settings'   >>>  'SMB'   >>>  'SMB Extra'   That feature was added to allow the unRAID user to modify the unRAID provided Samba onfiguration through a relatively easy-to-do interface.  Prior to that feature, you had to write a samba-extra.conf file (in Linux style line endings) and save it in specific folder on the flash drive.  Then as the smb.conf file loaded the contents of that file would be 'folded' into the Samba settings.  This new feature 'hides all of that grunt work and all you have to provide is the samba settings/modification that you want to use.

Link to comment

I was able to access a share without any prompt for UID and password. But now I am getting prompt. 

I tried to get some help on this form previous posts and all those links are dead.

Running UnRaid ver 6.3.3 and my SMB extra config section already has following entries.

[global]
domain master = yes
preferred master = yes
os level = 255

in turn I did wireshark trace of smb2 traffic to my unraid box and learn that in response to session setup request, I get
Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE (See screenshot attached)

Can someone please advice or help me understand what is going wrong here?
 

WireShark.png

Link to comment

Did you google the error message? 

 

I just looked at the Sticky Threads that had links (setup with the old forum software) to a lot of very helpful material on permission issues and potential solutions BUT they are all now broken.  They were working when the board changeover was first made to the new forum software but sometime about six weeks ago, they stopped working.  Myself and several other folks have complained about the situation but there has been no response...

 

But that doesn't help you with your problem!  If googling does get you pointed in the right direction, you are going to have to provide a lot more information about exactly what you are trying to do.  You might even have to modify the Title of this thread.  (short rant follows)9_9

 

(Many People avoid assisting with SMB issues like the plague as they are usually very hairy to solve.  As I have always said, Samba (CIFS) is a Kluge at best and solutions to problems often seem more like witchcraft than engineering!  It started out back in the Window 3.1 (Windows for Workgroups) days as a way to link a small group of computers (think less than a dozen) together so they could share files and printers among themselves without needing a dedicated server.  There was no provision for security as the network was often totally isolated.  I have been told you can still install Windows 3.1 and have it work with a modern Samba network...) 

 

Have you tried to contact the person who put up that video?  Does he have a presence here on this forum as you can send him a private message through the forum?

 

Couple of things.  You have to be very careful about names with samba.  It is a very good idea not to have a computer and a 'user' with the same name.  In other words don't have a computer named Frank and a user named Frank.  Furthermore (as I recall), you can generally only log into a server once from any computer. 

 

I am also a bit confused as to where the issue is presenting itself.  Is the link to the cloud working successfully?  Is the problem in the link between a local computer (device?) and the unRAID server.  You are going to have to provide us with a lot more details about exactly what you are trying to do and what is not working.  Are you using anything but Public access to this share or any other share(s)?  (SMB permission issues are often crosslinked...)  What OS's are involved? 

Link to comment
4 hours ago, wgstarks said:

Spaceinvader one is aka @gridrunner.

Hi @blahblah0385

I think you are putting the smb extra as one line this will not work this way. Please try adding it like this

[secure-cloud]
      path = /mnt/disks/secure
      comment =
      browseable = yes
      # Public
      public = yes
      writeable = yes
      vfs objects =

 

Here is a picture of my smb extra section in the web ui.

The  first part the line with veto please ignore. I use that to veto files created by osx that i dont want.

Then i have the secure-cloud share.

The next share is called rootshare which is a share to the /mnt/user so a can have one share with all my share in so its easy to move files from share to share

from a computer on the network rather than having to login or use krusader etc.

The last line staring with include is added from the unassigned devices plugin for a share created by that.

I dont worry about security as mine is a home network, but you could change it to how you need it.

591b5a7c48898_ScreenShot2017-05-16at20_47_38.thumb.png.1bf23776121ee2702957bec6e36dd028.png

Edited by gridrunner
Link to comment
  • 1 year later...
On 5/16/2017 at 4:09 PM, SpaceInvaderOne said:

Hi @blahblah0385

I think you are putting the smb extra as one line this will not work this way. Please try adding it like this

[secure-cloud]
      path = /mnt/disks/secure
      comment =
      browseable = yes
      # Public
      public = yes
      writeable = yes
      vfs objects =

 

Here is a picture of my smb extra section in the web ui.

The  first part the line with veto please ignore. I use that to veto files created by osx that i dont want.

Then i have the secure-cloud share.

The next share is called rootshare which is a share to the /mnt/user so a can have one share with all my share in so its easy to move files from share to share

from a computer on the network rather than having to login or use krusader etc.

The last line staring with include is added from the unassigned devices plugin for a share created by that.

I dont worry about security as mine is a home network, but you could change it to how you need it.

591b5a7c48898_ScreenShot2017-05-16at20_47_38.thumb.png.1bf23776121ee2702957bec6e36dd028.png

Hi I did this to create a root share by adding

 

path = /mnt/user

comment =

 

But what IF I want the share to be hidden as well. I don't see how to do it. or a wiki with the commands. 

 

Link to comment
  • 1 month later...

I'm following the same tutorial but I want to restrict SMB access to user1 only, my samba extra configuration looks like:

[Dropbox]
      path = /mnt/disks/dropbox
      comment =
      browseable = yes
      # Public
      #public = no
      valid users = user1
      writeable = yes
      vfs objects =

 

Despite restarting samba, all of my clients can still access dropbox on the Unraid.

 

thanks @SpaceInvaderOne

Link to comment

Samba configuration is notoriously counterintuitive.

You need to ensure that the share is both NOT public and also has valid users listed.


[Dropbox]
      path = /mnt/disks/dropbox
      comment =
      browseable = yes
      public = no
      valid users = user1
      writeable = yes
      vfs objects =


Should have the intended behavior.
Note that by having browseable set to yes you will SEE the share with all user accounts, but only be able to explore it when authenticated as user1. Other users, including anonymous (and the smbtree, by proxy) will be able to see the share itself, but not it's contents.
Link to comment
7 hours ago, Xaero said:

Samba configuration is notoriously counterintuitive.

You need to ensure that the share is both NOT public and also has valid users listed.



[Dropbox]
      path = /mnt/disks/dropbox
      comment =
      browseable = yes
      public = no
      valid users = user1
      writeable = yes
      vfs objects =

 

Part of the problem is in the default smb.conf (/etc/samba/smb.conf) that LimeTech provides.  Here are the last four lines of that file:

# hook for user-defined samba config
        include = /boot/config/smb-extra.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf

Notice that the smb-shares.conf  is called after the smb-extra.conf.  This means that the settings in the smb-shares.conf can override the smb-extra.conf.  I noticed this several years ago but never bothered making an issue of it.  I (personally) think that the final users configuration should have precedence on any default settings.  @limetech may have some valid reasons why this should not be the case! 

Edited by Frank1940
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.