smb issues past 8.0.2

I'm new to the forum, but have been using LibreElec and Kodi for a year or two and love it. I have LibreElec on two different Pi3 boxes, and also run Kodi as an Android app on two tablets. I use those four devices to access my audio and video files that are housed on a USB drive attached to my Asus RT-AC56U router as an NAS via an SMB share. The tablets are running Kodi 17.5 and work perfectly with this setup. The two Pi3 boxes running LibreElec can not connect to the share if I update past LibreElec 8.0.2/Kodi 17.3. When 17.4 came out a while ago and I saw that the tablets had updated to it, I upated to the two Pi boxes manually and went through hell; they would NOT connect to the share. Messages appeared telling me the media files were missing and asking if I wanted to remove them from the library. I tried everything; removing and adding back the smb share path, passwords, and anything I could think of, but nothing worked. Restoring previous backups only rolled back my library to earlier states, so I manually installed an older version of LibreElec and Kodi 17.3, and got my functionality back. At the time, I read a bunch of posts and blogs about smb difficulties in that build of Kodi/LibreElec, so I figured I'd just wait until the next release. Well, 8.2/17.5 is here, and I just went through the same headache, ending with a reinstall of 8.0.2/17.3. I tried the different smb client settings in this new version of Kodi, but none of them worked (1.0, 2.0, 3.0, "none"). I can "browse" to the share, but it won't connect and won't accept my password. I know the password is right because I checked it on the tablets which work fine. AND.. it's the same password, username, and path I use when rolled back to 8.0.2/17.3.

Any ideas what's causing this, and why my tablets don't have any trouble seeing the smb share using Kodi 17.4 and now 17.5?

Thanks in advance for any help. This is driving me crazy..

Thanks for the reply. Since posting but before seeing your reply, I've downloaded and installed OSMC's most recent OS for the Pi3, which comes packed w/ Kodi 17.4. Same exact issue there, so it must not be a LibreElec thing, but rather a Kodi/Pi issue. Running the update to 17.5 now to see what will happen. If (OK, when) that doesn't work, I'll give your idea a try.

Edit: I tried the "wait for network" setting in OSMC's version... no dice.

An update... Using information gleaned from the official Kodi community forums, the issue seems to be between the smb implementation of some Asus routers w/ attached usb drives and Pi's running Kodi. Great. In any case, I found the fix, but it entailed ssh'ing into Libreelec and adding a user .conf file.

The entire thread can be found here..

Can Not Access SMB Shares after 17.4 Update

Here's an excerpt from one of the posts..

Milhouse Wrote: The strange thing is that the properties which need to be added in order to make the current smb.conf work with these Asus routers, ie.:

Code:
client use spnego = no
client ntlmv2 auth = no

were never included in previous versions of Kodi, so I'm not sure how or why they are needed now.

The only possibly contentious property that has been removed (ie. disabled) is "client lanman auth" but this is for working with absolutely ancient Win95-era Samba servers (even my FreeNAS 8.3 server with Samba 3.6 will work without lanman).

We were patching Kodi's creation of smb.conf to include these two lines. We noticed this became a necessity at some point
in January for some networks; presumably because of Samba security changes in Debian.

We probably need to re-add this patch.

Quote from milhouse

Nope - it was OSMC that included those options as as distro specific patch. LibreELEC has never included these options, and will not be including them in the future as while they may help your devices to interoperate they also weaken your overall network security. If you want/need to add them, you do so at your own risk.

I would strongly advise that you demand a firmware update from your hardware vendor rather than continue to use an outdated and insecure Samba server in your router which puts your entire network at risk. As more major clients (ie. Windows etc.) drop support for SMB1 and insecure authentication you will find that your Samba server becomes less and less useful to you, and will ultimately just remain a gateway for exploitation.

If you are unable to obtain an update for this insecure Samba server then my advice would be to disable it completely and find a more secure solution for file sharing - as an example, LibreELEC includes a secure Samba server.

Thanks for the reply. The quote you attributed to me was actually from a developer on another website that I had quoted. In any case, some followup questions if you don't mind..

1. I've combed the internet and the menu structures of my router, and can't find any information regarding the smb protocol used by my Asus RT-AC56u router. It is running the most current stock firmware. Do you know for sure what it uses?

2. I used Putty to add the two lines of code listed in my previous post in a newly-created smb.conf file using nano. This file was placed on the Raspberry Pi/Kodi box in question, and not on my router. How is this risking network security? There's nothing on the Kodi natively, and the only thing the Kodi can access are the media files on the HDD attached to my router. I'm not being snarky.. it's an honest question.

I'm all for security, and I confess I don't really understand what those two lines of code did. I've read virtually all of the posts here and on the kodi site about the smb problems when upgrading from 8.0.2 to 8.2, but the only thing that worked for me was adding that code. It didn't ask me for passwords when accessing the media files which was strange, since the shares are configured at the router/hdd to require passwords. Also, I can't find the smb.conf file I created on the Kodi/Pi by browsing using a networked Win7 file manager, although I can see folders and files. Where is it?

I know... lots of questions. I know enough about this stuff to function, but I'm not a hobbyist or professional code writer. If anyone can help out, I'd appreciate it. Step by step procedural instructions are GREATLY appreciated. Hey, I finally understand the words ssh, nano, putty, and a few others... I'm getting better!

Thanks again.

I'm sorry to revive this old thread, but I'd like learn a bit more about this issue. After updating one of my Pi3 boxes to LibreElec 8.2.3 (and the firmware on my Asus RT-AC56u to 3.0.0.4.382_50010, hoping it would help with whatever SMB issues I've been having since kodi 17.3), I hit the usual problem with endless password/login loops when trying to access my smb shares on the usb HD attached to my router. The smb share showed up fine and I could browse to it, but it wouldn't accept my login information for access. As before, I had to "solve" the problem by creating /storage/.kodi/.smb/user.conf with the two lines of code referenced earlier in this thread; changing the SMB1/SMB2/SMB3 settings via the GUI accomplished nothing.

After adding the spnego and ntlmv2 lines, everything works fine, except it no longer asks for my password and connects without it.. ?!? How is that possible since I have the share password protected at the router? How does code on a client box bypass a request from a server for a password?

Thanks to the instructions from Yogensha a few posts back, I've checked and verified that this new firmware from Asus is still using Samba 3.0.33.

Kodi 17.6 running on my Android tablet has no issues at all connecting to the server, and it does require and accept my login credentials. Why is that, in light of the fact that Kodi 17.6 via Libreelec on a Pi3 (actually, I have it on two of them, and am about to update the second one from 17.3 to 17.6....) won't without those two lines of code. Is the issue within Kodi, or is it within the differences in the Android and Libreelec OS?

From a security standpoint on the Pi3 boxes, am I better off with 17.3, which at least requires and accepts my login credentials for share access, or 17.6 and those two lines of code? Even better, is there a way to patch Samba 3.0.33 up to 4.7.5? If there is, is it doable by someone who shares some of superlink's and blueribb's (past) frustrations? I'm learning as I go and enjoy it, but don't know enough to fully understand all of the stuff I'm reading in the blogs and forums. Made a couple leaps forward today, and am getting more comfortable with basic SSH commands, directory navigation, and nano. Haven't done much at that level since the old DOS/pre-windows days. Back then, I kind of knew what I was doing.

Speaking of SSH.. I can't figure out how to change the default root/libreelec user/password combo, and I KNOW I should. Googling was NOT my friend on that, and I'm shocked.

Anyway, thanks for any help and specifics anyone is willing to share. I'm strongly considering switching over to Merlin for the router as most have suggested, but the process intimidates me.. reconfiguring the whole network again, all the mac filters, static IPs for 15 devices, possibility of bricking my router.. shudder...

Best to all...

Milhouse,

Thanks a bunch for your reply. I deleted my user.conf file, and then followed your suggestion which worked; after selecting SMBv1 as maximum protocol under Services, "Use legacy security" was no longer greyed out and was now available.

I have also contacted Asus via their chat support, got an "inquiry number," and asked them pointed questions about why they're still using Samba 3.0.33 from Nov 2008, and when we can expect something a bit more recent and secure. The chat rep was not.. umm.. real informed. He made ME seem like I know what I'm doing...

They're supposed to get back to me w/in 48 business hours. I'm not holding my breath.

In any case, thanks for the help and the prod to hassle Asus. Anyone else reading this thread, please contact Asus, too.