Simple SMB Question

  • With LibreELEC--->Services--->SMB min/max settings in place, will they simply override Services--->SMB client settings that you find in all versions of Kodi?

    I've usually kept them in sync manually, but now I just have the Kodi SMB settings set to "none" for min/max. Am I right to assume that the LibreELEC settings are king?

  • LE settings (Samba server) completely independent of Kodi (Samba client, aka smbclient) settings. If Kodi min/max is set to none the defaults are effective, which means SMB2 thru 3 can be used by the client. In LE the Samba server also defaults to the same min/max values but that's a deliberate coincidence; client/server are different things.

  • Actually Kodi min/max when set to None means Kodi client will support SMB1 through SMB3. Since having a client that still supports SMB1 (even if the server doesn't) is at risk of man-in-the-middle connection downgrade exploitation the longer term objective (LE9 etc.) should be for the default Kodi client min/max to become SMB2/SMB3 rather than SMB1/SMB3.

  • Thanks guys.

    Chewitt - that makes total sense. Having Kodi installed on other machines running various operating systems - I wasn't thinking about the fact that the OS is of course acting as the server here and Kodi the client.

    Milhouse - You have a great point. I will set my client settings to the same (SMB2/SMB3) as the server settings manually.

    With the newer SMB version(s) being backwards compatible [or so I'm told] - is it safe to say that SMB2 maintains this compatibility while not being subject to the exploits you developers are concerned about with SMB1?

    I tried just setting the min/max to SMB3/SMB3, knowing my Nvidia Shield would lose access, but my Mac running High Sierra also lost access - that I wasn't expecting, so I just went back to SMB2/SMB3.

  • Many clients should by now be compatible with SMB2, and SMB2 is generally considered to be free of the security flaws that blight SMB1.

    It's probably worth pointing out that SMB2 isn't actually a specific protocol, it's (at least in the most recent versions of Samba, as provided by LibreELEC) a synonym/alias for the SMB v2.10 protocol, while "SMB3" is (currently) an alias for SMB v3.11 which is the latest version of SMB (there have been several versions of v3: SMB3_00, SMB3_02, SMB3_10).

    Samba v4.0 introduced SMB2_10 support, and pre-v4.0 Samba servers that only support SMB v2.00 or SMB v2.02 may not be accessible by a LibreELEC Kodi client using "client min protocol=SMB2" as the client will start connecting with SMB2 v2.10, which will fail. In such a case it will be necessary to manually configure "client min protocol=SMB2_02" (or SMB2_00) in /storage/.kodi/.smb/user.conf.

    It's also possible/likely that older versions of Samba (pre-v4.0) may use different values for the SMB2 alias, such as SMB2_00 or SMB2_02, and pre-v4.2 the SMB3 alias will not be supported at all.

    What I'm saying is that the precise "meaning" of "SMB2" and "SMB3" will depend on the version of the Samba client AND the version of the Samba server, as either one could have a different understanding of what each alias means, which could result in an inability to establish a connection. You gotta love Samba, it's such a mess...

    So anyway, just something to be aware of when setting SMB2/SMB3 all around, and you start getting weird results - try manually configuring a specific min/max protocol rather than using a potentially ambiguous alias.

    Also, don't be surprised if Mac OS gives you problems - the Samba server provided by Apple is known to have several issues.

  • Thanks for your insight!

    I wasn't aware that I had the ability to manually set an alternate parameter specifically for SMB in user.conf - thanks for the heads up. It's clear that macOS won't access LibreELEC set to min/max 3/3 without any manual intervention. I've heard over and over again that macOS has had ongoing problems or strange ways of having it implemented, so that doesn't surprise me.

    I'll play with user.conf and see if I can figure out what macOS is actually able to deal with. But since you confirmed that SMB 2 is generally safe, now I know I'm good otherwise to leave it at 2/3. (Makes sense that this setting became the default in 8.2)

    Strangely, on my tvOS (Apple TV 4K) Kodi installation, I can access my Mac where I store my music, but I can't access LibreELEC, where I have my videos stored, ever since I bumped up to SMB2 minimum. (this may also be related to an alias issue) I do have another tvOS video player (Firecore Infuse) that just added SMB3 support in their last update, so it's not like the OS is somehow making it impossible to go above SMB1. But I read somewhere that Memphiz is having trouble spending a lot of time on development all by himself, understandably.

  • Samba is a bitch to cross-compile for different platforms so different versions of Kodi run different samba (smbclient) versions. AFAIK both MacOS and Android are still on 4.1 while Linux (depending on distro) will have newer things available - LE is using current versions and is quite advanced in this respect. Other iOS apps may use different SMB libs and not Samba or OS native functions. macOS uses its own SMB stack not Samba although there are legacy references to conf files. Combined .. it's a mucking fess.

  • Christ - some standardization amongst the OS vendors would make life a lot frickin easier for devs and end users alike. That's just wild chewitt.

    CvH - that, my friend, is the ultimate goal. I was just hired 2 days ago after being unemployed for over a month. And it's the highest paying job I've ever had (though not by a huge margin.)

    Anyway - I have a shiny Synology 4-bay unit picked out (DS418) AND at least so far I have one 8TB WD Red HDD. A few months back I got a WD Easystore external drive when Best Buy had them for $150, and followed a comprehensive serial number list and guide from SlickDeals and Reddit DataHoarders. The result - I ended up with a WD80EFAX w/256MB cache - which you can't even buy anymore. What seems to be it's successor with a 128MB cache sells as an internal drive for $249 at NewEgg.

    Anyway - $750 in (3) more hard drives since I'll be shucking my external, and $369 for the NAS. I can finally free myself from the chains of SMB. Yeahhh!

    Sorry for the long post I'm just excited!

  • Christ - some standardization amongst the OS vendors would make life a lot frickin easier for devs and end users alike. That's just wild chewitt.

    Yes! You get it! :)

    That's why we've tried to signpost the Samba changes in each release as best we could, and have been criticised for providing too much detail ("I don't want to read a wall of text"). We've been asked to post simple instructions but if it were possible to write "To get Samba working you need to do this, this and this, then sit back and relax", we would have. If we posted all the detail relating to Samba, most people would get a very severe headache (assuming they even read it!)

    Once you understand how much of a mess Samba really, truly, is, it's clear that simple configuration instructions *that can work for everyone* are literally impossible to write as what needs to be tweaked within the network depends entirely on the equipment that each user may have in their network.

    There's obviously Windows XP/Vista/7/8/10 and whatever protocol Microsoft are defaulting SMB to this week. There's Samba running on Linux/FreeBSD/Android, NAS and routers, which is often an ancient/insecure version such as Samba 3.6.y with maximum SMB2_02 support (and impossible to upgrade), or possibly 4.0 with SMB2_10, and maybe even 4.2 with SMB3_00. The more popular Linux distributions (eg. Ubuntu) haven't yet disabled SMB1 by default which leads to more interop compatibility issues when other vendors have disabled SMB1, but they should be doing so soon. And then there's whatever Apple call their half-baked Samba-like implementation on MacOS/iOS/tvOS. Getting all of this to work with a single, common protocol is... tricky.

    When *everything* worked with SMB1 life was so simple (but scary)!

    Maybe in a year or two when SMB2 is supported everywhere life will become a little easier (unless you own an Asus router, of course, in which case you should expect to get owned eventually).

  • This thread alone is a learning experience for me.

    I posted on the forum with issues when 8.2 was released, and I'm guilty of not seeing the wall of text on day 1. (I installed the update within LibreELEC - that had quite a bit to do with it.) But after receiving a forum response, I read that wall of text. :) It's not really that much.

    I've always been someone who reads release notes, though - except that time, of course. Even if I only understand 1/3 of the bullet points. I've learned things just from context reading release notes.

    After the read, I resolved some issues that I had by teaching myself (I know - it's simple.) the relevant parameters to edit a copy of the samba.conf.sample file in /storage/.conf/.

    Made some changes to the home items and made my version the live version. Easy.

    Backed the edited version up too.

    By the way, I can understand why (especially mainstream) Linux distros would retain legacy compatibility - Ubuntu wants to make moving from Windows or macOS as pain-free as they can, I'm sure.

    What really bugs me is WHY Apple insists on making this ridiculous, unpredictable system (stack?). I'm serious - I'd like to know why. They TRY to give the impression that their OS is the easy-to-use alternative to Windows....

  • You could rename the thread to "Why there's no such thing as a simple SMB question"... :)

    Same as no free lunch, I suppose.

    I learned a bit too. I knew it was a bad state of affairs. I had no idea how bad. I guess I've been lucky.

  • Haha, that would have been an appropriate title. Honestly I'm having more trouble than most because I have almost every major environment using Kodi. (Some in the same room - I just choose which OS/device I feel like using.)

    I have Kodi on all of these:

    *Nvidia Shield (Android TV)

    *Apple TV 4K / tvOS (Yes, I basically "sideload" Kodi test builds, via X-code on my Mac. And I'm sharing someone's developer account, so it doesn't expire)

    *macOS

    *Windows 10 Pro (dual boot on the Mac)

    *LibreELEC (Linux of course) on my Intel NUC.

    *And at one time I had it on my iPhone (iOS) for 7 days, but I didn't want to pay the developer fee.

    *I had it on my Raspberry Pi at one point also.

    Seven different OS environments! (Only 5 currently.)

    But the ones I actually use for Kodi are LibreELEC & the Android TV. The Apple TV has a paid app called Infuse, and it is a much better experience in tvOS than Kodi.

    So yeah - I tinker too much.