Posts by milhouse

Quote from mxlance

So why the need to use smb1 in order to connect.

The LibreELEC Samba server supports SMB1, SMB2 and SMB3. By default the LibreELEC Samba server is configured to accept only SMB2 and SMB3 connections.

Assuming Kubuntu 17.10 is using a version of Samba older than 4.7.0 (Ubuntu 17.10 is using 4.6.7), then Kubuntu 17.10 may not be configured to negotiate better than SMB1, which is why you cannot connect to the LibreELEC Samba server with default configuration.

On your Kubuntu laptop, edit /etc/samba/smb.conf and add the following lines if not already present:

client min protocol = SMB2
client max protocol = SMB3

Now Kubuntu will be able to negotiate connections as high as SMB3_11.

It will not be able to negotiate SMB1 connections - leaving SMB1 enabled is a security risk even if you never use SMB1 connections.

There is a known bug in Samba 4.7.0 which will cause problems - a "File exists" error - if you enable authentication in the LibreELEC Samba server and then try to connect. This issue will be fixed in the next LibreELEC 8.2 release, so for now you will need to disable user authentication in the LibreELEC Samba server.

Samba 3.0.33 released 27 Nov 2008, and it has no support for SMB2 or better. It will also be riddled with security bugs that are being actively exploited by current malware. ASUS need to get a serious grip if they're still shipping this turd in current products, there really is no excuse for it.

Assuming an update isn't available with a modern Samba server your best bet would be to disable the ASUS Samba server _completely_ so that it no longer starts, and use something else that is more secure.

MuseChaser:

1. I've no idea what server the ASUS uses, all I know is that for it to work with a secure client much of the security in the client needs to be disabled which suggests a) ASUS is using a really old and insecure implementation of Samba server (if it even is Samba) and/or b) the ASUS server has been configured with a bias to support obsolete insecure clients from the turn of the century (Windows 98 etc.).

You really should contact ASUS and ask them to get their sh1t together as the world has woken up to the insecurity of SMB and is doing something about it, so why aren't they?

2) It risks security because SMB1 when enabled on the client (which is what negotiates the initial connection) puts the client at risk of man-in-the-middle attacks. Sure, the risk for you is low, but that may not be the case for everyone who may not appreciate all of the data on their network being encrypted and held to ransom because they continued to use SMB1 on a media centre.

Quote from Superlink

I guess some of us will have to move to other platforms if need be. Unfortunately.

Pretty much every platform (apart from ASUS?) is heading in the "more secure SMB" direction, led mainly by Microsoft who have been saying for years that users should stop using SMB1, and in fact SMB1 (and anonymous account access) is now disabled by default on all current Microsoft operating systems.

So this change is just something you'll need to accept, that using SMB now requires you to do sane things like setup a sharing user account on Windows, and stop using SMB1 on clients as it is a vector for exploitation (and most servers will no longer support it in future, anyway). If you really must continue using SMB1 because of an outfit like ASUS that doesn't take your security seriously then at least you will do so knowing all of the risks.

Complaining to us really is not the solution - talk to ASUS and demand a firmware update with a modern and secure Samba server.

1) CIFS != Samba.

2) The default LibreELEC Samba server doesn't support CIFS vers=2.0 because the server min protocol is SMB2 which is an alias for SMB2_10, so vers=2.1 will work but not vers=2.0.

3) The following should work:

mkdir /media/pismb
sudo mount -t cifs //192.168.0.18/Videos /media/pismb -o vers=3.0,guest

192.168.0.18 is an RPi3 running LibreELEC, and Videos is one of the default shares. Samba authentication is not enabled so "guest" (or user=,pass=) can be used. Note the "-o" which is missing from @chewitts post #2.

4) In terms of your fstab settings, I think the following should work for you:

//10.19.64.3/Movies  /media/OpenelecMovies  cifs  vers=3.0,guest,uid=1000,users  0  0
//10.19.64.3/TV\040Shows  /media/OpenelecTVShows  cifs vers=3.0,guest,uid=1000,users  0  0

5) The kernel in Ubuntu 16.04 will by default connect with CIFS vers=1.0 (aka SMB1) which is no longer supported by default by the LibreELEC Samba server (default: minimum protocol is SMB2 aka SMB2_10, and max protocol is SMB3 aka SMB3_11). So when using CIFS you need to include a minimum of vers=2.1, but vers=3.0 and vers=3.02 will also work and give better performance (and security).

vers=3.11 will not work as the kernel does not support the SMB3_11 protocol.

Note that with kernel 4.13.y (eg. Ubuntu 17.10) the default version for CIFS is now vers=3.0, however with kernel 4.14.y the default CIFS version will be dropped to vers=2.1 to ensure increased out-of-the-box compatibility with most Samba servers.

escalade: Try this PR: Texturepacker: exception fix by MilhouseVH · Pull Request #13015 · xbmc/xbmc · GitHub

Quote from cw-kid

Hi

On the last few versions of LibreElec I have been having issues with my TV screen going totally black for a few seconds and then the display comes back again.

When does this occur, at the start of playback (do you have "Adjust display refresh rate" enabled?) or does it happen after video playback has started (which would be unusual/unexpected)?

As for the crash it is not audio passthrough related - it looks like the crash occurred while processing a database request for a video thumbnail. Hard to say what caused this, but access to the EPG (PVR) database has been extensively updated in Kodi 18 to ensure thread-safety and avoid random crashes.

Quote from stoic74

1. Based on my experience with Windows, Mac, and Linux machines it is not good to shutdown with the power switch (one should exit via a shutdown window). So is this harming the LibreElec OS or its configuration on the Intel NUC?

The shutdown function in Kodi which is being initiated by your remote performs a clean OS shutdown, so nothing to worry about.

You can run:

iwlist wlan0 frequency

to list the available channels and frequencies for your WiFi client.

This would be my guess:

LibreELEC.tv/linux.arm.conf at libreelec-8.2 · kszaq/LibreELEC.tv · GitHub

Your build has no regulatory database installed, so specifying GB is meaningless as the kernel has no way of knowing what frequencies are permitted for that domain. Once the internal wireless regulatory database is enabled (this will need a new build) you should be able to configure a non-World domain.

Note that "iw reg set GB" may not work even with a reg db, but the modprobe method should work (once the kernel has access to a reg db).

That said, the World (00) domain should work with most access points so there's still a chance you're barking up the wrong tree, unless your AP is configured to use domain-specific bands/channels.

Quote from lightman

how do determine wich driver version is loaded?

Kodi > Settings > System Information > Video > OpenGL - it should report "NVIDIA 340.104" for legacy, otherwise "NVIDIA 384.90".

Or "dmesg | grep NVIDIA"

Quote from lightman

and how to switch between native an legacy?

See post #3.

You can test the #1012 build which included RTL8812AU 5.1.5, but I've reverted back to the original repository because the person that requested the new driver disappeared and provided zero feedback. I have no further plans to change this repository so if it's not working for you then check your WiFi environment.

Quote from pwiggy

milhouse, thanks. I've done as you've suggested, however I have to manually remove and add all of my sources (entering the username/password) in order for it to work. I'm never prompted to enter a username/password when I attempt to play a video or music file. Once I've manually recreated a source it seems to work, but this is a lot of work.

This is what passwords.xml is for, which is automatically created when Kodi saves your passwords.

If you're not being prompted (which is odd) then you should manually add your username/password in /storage/.kodi/userdata/passwords.xml.

If you don't have a passwords.xml then you should create it so it looks like this:

<passwords>
    <path>
        <from pathversion="1">smb://192.168.1.102/Usenet/</from>
        <to pathversion="1">smb://YOURUSERNAME:[email protected]/Usenet/</to>
    </path>
</passwords>

Replace YOURUSERNAME and YOURPASSWORD with your username and password

Quote from pwiggy

Where can you set the max protocol to "none"? In the LibreElec settings it only gives you the options of SMB1, SMB2 and SMB3.

In Kodi go to Settings, make sure your settings level is Advanced or Expert, then go to Services -> SMB Client where you should see "Maximum Protocol version". "None" is the default option so you don't need to change this.

I've realised now that when you said you were setting min/max protocol you were in fact fiddling about with the Samba Server settings, which is completely unrelated to your issue and not something you need to change.

Quote from pwiggy

I'll have to play around with this a bit more but it's looking a bit tricky...

You might have saved yourself a lot of time by reading the announcement.

Can you try the latest RPi2 test build from this thread: LibreELEC Testbuilds for RaspberryPi (Kodi 18.0)

These test builds are based on LE9.0/Kodi 18, and builds #1030 and #1029 (at the time of writing) include a connman enhancement which may help you.

It would be interesting to know the outcome.

After testing if you want to go back to LE 8.2.0.1, simply drop the 8.2.0.1 tar file into the Upgrade folder and reboot.

Have you read the section in the announcement on SMB?

If you were using anonymous/guest access for your Windows 10 shares, this is no longer supported - you'll need to add a username/password to your Windows 10 machine and assign this to your share, enable password protected sharing for the share on Windows 10, and finally enter the username/password into Kodi when prompted.

Leave the max protocol as "None" when the server is Windows 10 - this will mean it uses SMB3 when connecting to your Windows 10 machine.

Quote from MuseChaser

We probably need to re-add this patch.

Nope - it was OSMC that included those options as as distro specific patch. LibreELEC has never included these options, and will not be including them in the future as while they may help your devices to interoperate they also weaken your overall network security. If you want/need to add them, you do so at your own risk.

I would strongly advise that you demand a firmware update from your hardware vendor rather than continue to use an outdated and insecure Samba server in your router which puts your entire network at risk. As more major clients (ie. Windows etc.) drop support for SMB1 and insecure authentication you will find that your Samba server becomes less and less useful to you, and will ultimately just remain a gateway for exploitation.

If you are unable to obtain an update for this insecure Samba server then my advice would be to disable it completely and find a more secure solution for file sharing - as an example, LibreELEC includes a secure Samba server.

Eventually, but Coffee Lake launched too late for LibreELEC 8.2.

For now you probably need to test with a nightly of LE9.0/Kodi 18: LibreELEC Testbuilds for x86_64 (Kodi 18.0)

Can you try the LibreELEC 8.1.2 beta and confirm if that had the same issue? You can download it from the following link and copy the tar into your Update folder:

LibreELEC-RPi2.arm-8.1.2.tar

Looks like you may be using Berryboot, which is not supported - you'll need to contact Berryboot for your support.

Edit: We don't support Berryboot precisely because it fscks up the OpenELEC/LibreELEC update process in the way you describe, and the version of LibreELEC distributed for use with Berryboot is a gutted and unofficial version of LibreELEC which we do not approve, so please contact Berryboot for your support. Or remove Berryboot from your system and install an official version of LibreELEC downloaded from LibreELEC.tv. If you need a multi-boot system then use NOOBS, which LibreELEC does support.