LE optimal samba conf

  • Thanks trogggy i did it.

    And seems min protocol SMB1 helps.

    Last LE questions is command smbstatus ?

    And why android 17.6 KODI dont use smb2 protocol maybe other forum?

  • Hi all from Portugal,

    I have a similar problem.

    Maybe because I've got very limited Linux skills I haven't yet succeeded accessing LibreElec's SMB server other than SMB1.

    Here's my setup:

    - Libreelec running latest version in Android box. Want to use this as a Samba Server.

    - NAS (QNAP), which I want to use as a Samba Client.

    Using QNAP's file station 5 tool to create remote connection to a LibreeElec shared folder works flawlessly if, in LibreELEC's options, I configure minimum samba server version as SMB1.

    However, I read that this ancient samba version is not recommended due to security issues.

    If I change minimum server version to SMB2 or SMB3, the samba client on QNAP does not find LibreElec.

    Client supports SMB1, SMB2 and SMB3.

    My samba.conf file looks like the correct version.

    Any help? I've tryed so many times it's a little frustrating that it works so easily with SMB1 server and does not work at all with SMB2 or SMB3.

    Thanks, have a great 2018!

  • When you have NAS i dont understand revert usage. NAS primary act as server .

    But as mine android trouble, only one solution is enable smb1.

    Security for local private network isnt big issue, SMB1 is used more as 20years...

  • Security for local private network isnt big issue, SMB1 is used more as 20years...

    People who experienced the WannaCry ransomware attack might disagree with your bad advice.

    zx-9r Samba versions from 4.1 > 4.6 will always attempt to connect at SMB1 unless smb.conf forces SMB2 via "client min protocol" and I'd guess the Samba version in the QNAP falls in that range. If LE samba is set for SMB1-3 it connects at SMB1 and things work. If LE is set for SMB2-3 the client still attempts to connect at SMB1 and things fail. From Samba 4.7 onwards the connection default is SMB3_11 and the client auto-negotiates lower versions if required.

  • Tim_Taylor I have a 64 gb SD CARD in my LibreELEC device. If I have lots of big sized video files in the cloud or in my NAS, I'd like to just copy them to LE device and not having to leave PC on. The copying process continues becaused it's managed by the NAS.

    chewitt Thanks for the explanation. So I should edit QNAP's smb.conf and add the settings:

    client min protocol = SMB2

    client max protocol = SMB3


    Or should I edit LibreELEC smb.conf and add these settings?

  • LE use access without password when SMB2-3 then say anything around security is bad advice...

    For time to QNAP correct negotiate proper protocol you can use smb1 with or without WannaCry ..:idea:

    When you need special security add host access permision for only QNAP IP to LE server config...

    [global]

    # Networking configuration options

    hosts allow = 192.168.220. 134.213.233.

    hosts deny = 192.168.220.102

  • Tim_Taylor I have a 64 gb SD CARD in my LibreELEC device. If I have lots of big sized video files in the cloud or in my NAS, I'd like to just copy them to LE device and not having to leave PC on.


    I also have a lot files stored on my NAS(4-bay/16Tb storage) - and not having to leave pc on

    But, it´s Your decision :)

  • mmax I'll try that, adding the setting

    hosts allow = IP_ADRESS_QNAP

    to LE's smb.conf file.

    Tim_Taylor, how do you copy large files from your NAS to your LE device without leaving PC on during copy?

    --

    "client min protocol = SMB2" as chewitt recommended should be added to QNAP's smb.conf or to LE smb.conf?

    Thanks!

  • If only a hosts allow option is defined for a share, only the hosts listed will be allowed to use the share. All others will be denied.

    Too i as Tim not recommend use SD CARD as big file one time storage. SD CARD have only limited write cycles...

    and yes when qnap have smb.conf client min protocol write to it, but maybe after this qnap lost ability to scan network and show server names, you then directly enter it. Then better choice for client is smb1 and allow deny plus password or firewall security.

    Edited once, last by mmax (December 29, 2017 at 4:44 PM).

  • Tim_Taylor for example, downloading vídeo files directly to LibreELEC SD without writing to my NAS's HDD's where importante information exists. Not stressing these HDD's and direct incoming downloads directly to LibreELEC SD. I used for 2 or 3 years a Raspberry Pi2 with a Samsung SD, lots of constant use, and no problems as of today.

  • Still no success with "client min protocol = SMB2" in QNAP's smb.conf

    Must be some problem with QNAP's samba version - smbd (samba daemon) Version 4.4.16


    --

    Here's my QNAP's smb.conf (obtained with testparm)

    # Global parameters

    [global]

    server string = NAS Server

    local master = No

    preferred master = No

    smb2 leases = Yes

    max log size = 10

    cache directory = /share/CACHEDEV2_DATA/.samba/cache

    lock directory = /share/CACHEDEV2_DATA/.samba/lock

    pid directory = /var/lock

    state directory = /share/CACHEDEV2_DATA/.samba/state

    printcap cache time = 0

    printcap name = /etc/printcap

    show add printer wizard = No

    client min protocol = SMB2

    min receivefile size = 256

    name resolve order = host bcast

    unix extensions = No

    enhance acl v1 = Yes

    guest account = guest

    map to guest = Bad User

    null passwords = Yes

    passdb backend = smbpasswd

    security = USER

    server signing = No

    smb passwd file = /etc/config/smbpasswd

    username map = /etc/config/smbusers

    deadtime = 10

    socket options = TCP_NODELAY SO_KEEPALIVE

    template homedir = /share/homes/DOMAIN=%D/%U

    winbind enum groups = Yes

    winbind enum users = Yes

    winbind expand groups = 1

    dns proxy = No

    fruit:veto_appledouble = no

    fruit:nfs_aces = no

    streams_depot:check_valid = no

    streams_depot:delete_lost = yes

    idmap config * : backend = tdb

    delete veto files = Yes

    map archive = No

    map readonly = no

    store dos attributes = Yes

    veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/.@__qini/.Qsync/.@upload_cache/.qsync/.qsync_sn/.@qsys/.streams/.digest/

    kernel share modes = No

    posix locking = No

    wide links = Yes

    acl allow execute always = Yes

    create mask = 0777

    directory mask = 0777

    force unknown acl user = Yes

    use sendfile = Yes

    vfs objects = shadow_copy2 catia fruit qnap_macea streams_depot

    --

    any other setting that might not be correct?

    Thanks!