× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

saxguy1
Guide

How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

Hello,

 

I have a ReadyNAS DUO (RAIDiator 4.1.16) that needs to have SMB 2 enabled so I can use it to backup (with Windows 10) over the local (home) network.

 

I understand there is a way to SSH into the ReadyNAS to set this flag?

 

Please describe how this can be done.

 

Thank you

Model: RND2210|ReadyNAS Duo 2TB (2 X 1TB)
Message 1 of 36

Accepted Solutions
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

You should be using root as the username, and the NAS admin password.

View solution in original post

Message 8 of 36

All Replies
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

You could also try adding the following lines to the global section in /etc/samba/smb.conf and rebooting the NAS:

min protocol = SMB2
max protocol = SMB2

 

 

 

Message 2 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

I've installed SMB 1 on Windows 10 and can now at least map a drive the ReadyNAS but still need to connect over SSH in order t set those values in smb.conf.

 

Can you advise settings in putty (or other client) to do so?

 

I'm never prompted for a username/pw but get connection refused.

 

thank you

Message 3 of 36
Marc_V
NETGEAR Employee Retired

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

@saxguy1

 

Note though that you may experience issues with since it's experimental.

 

HTH

Message 4 of 36
Sandshark
Sensei

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

If you get connection refused without it offering you a login, then you likely don't have SSH enabled on the NAS.

Message 5 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

I get the offer for first the Username and second the password (which is correct as I am able to login via the broweser) but then the connection closes right away. Tried it with 2 different SSH clients and both with SMB v1 and V2 connections.

Message 6 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

putty log says: padre unknown

Bitvise client says:

SFTP channel open

SFTP channel closed by server

Receieved exit code 0

closed by Server

Message 7 of 36
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

You should be using root as the username, and the NAS admin password.

Message 8 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

Thanks again Stephen,

 

I'm in. As I'm not a Linux admin (I do powershell on Windows), can you advise what I'll need to do in order to:

 

...add the following lines to the global section in /etc/samba/smb.conf a(nd reboot the NAS):

min protocol = SMB2
max protocol = SMB2

...what editor is available to me on this ReadyNAS DUO?

Message 9 of 36
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?


@saxguy1 wrote:

...what editor is available to me on this ReadyNAS DUO?


vi is the only editor that is already installed in the Duo.  There is a guide for it here: https://www.tutorialspoint.com/unix/unix-vi-editor.htm

 

Another option is to copy the file to the data volume.  Then you can edit it on a Windows PC, using notepad++ (which is freeware).  There is an option in notepad++ in "edit" for EOL conversion.  You need to set that to Unix (LF).  Note the EOL conversion you are currently using is the one that is grayed out.  When done, just copy the file back.

 

Either way, it's prudent to start by copying the file to something like smb.conf.orig, just to make sure that the original is preserved no matter what.

Message 10 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

I'd like to do the copy to Windows and edit in Notepad ++ route but the vi tutorial doesn't describe two things:

 

  • how to navigate to the path /etc/samba/
  • how to save that file as a different name
  • how to copy that file to the data volume on the Linux NAS

for the second item, I wouldn't want to take a chance and:

:f filename

Renames the current file to filename

 

If you can point to these items, I believe I'll be good with Notepad ++ and the EOL Conversion to Unix

 

 

Message 11 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

I do see this after running:

 

~# ls -la
total 112
drwx------ 4 root root 16384 Oct 5 14:54 .
drwxr-xr-x 22 root root 16384 Oct 5 04:02 ..
-rw------- 1 root root 31 Oct 5 22:03 .bash_history
-rw-r--r-- 1 root root 410 Sep 6 1998 .bashrc
drwxr-xr-x 2 root root 16384 Jun 3 2018 .ncftp
-rw-r--r-- 1 root root 202 Dec 20 1999 .profile
drwx------ 2 root root 16384 Jun 4 2018 .ssh

Message 12 of 36
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

Copying to windows avoids using vi altogether.

 

You'd copy the file using the linux cp command to a share on the data volume.  Then edit in notepad++, and use cp to copy the changed file back.  Similarly you'd use cp to make a copy of the original file.

 

Navigation uses the cd command (cd /etc/samba in this case).

 

We can't really teach folks how to use linux here.  You might want to do your own googling, and find some on-line tutorials on the basic commands for navigating folders, copying files, etc.  There are similar commands in powershell (though the windows cmd interface is closer), though the options are different (and you will need to adjust to using / instead of \).

Message 13 of 36
Sandshark
Sensei

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

To be honest, if you don't even know these basics of using the Linux command prompt, even enabling SSH on your NAS is risky.

Message 14 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

Got the file copied to a temp share on the NAS. I don't have permission to copy it to Windows, however.

 

I've enabled read/write and guest access but NAS security has that copied conf locked down.

 

I can reboot the NAS amd re-copy the conf since setting those permissions.

 

Message 15 of 36
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

Go to the advanced option on the share, and reset the permissions there.

Message 16 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

thanks that worked. I was able to make a backup, edit the copy, add the lines in the Global section, converted to EOL Unix, save, copy back, reboot the NAS.

 

I removed SMB 1 from Windows 10, logged into the readyNAS UI, created a new share, set permissions in Advanced (as seen in screenshot).

 

I try to access the share in Windows Explorer using UNC path and at first was greeted with a generic No Network Name found but then I do get prompted for a UAC type prompt, however I tried:

 

[NAS credentials]

Username: Admin (also tried 'root')

pw: my ReadyNAS pw

 

and after two tries, it fails access.

 

...So maybe this really is not going to work with Windows version of SMB 2?

 

My only remediation is revert back out the two lines in smb.conf and re-add the Widnows Feature SMB 1

 

I appreciate you getting me this far. Seems a permission issue. Not sure it's a protocol issue at this point.

 

Message 17 of 36
schumaku
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?


@saxguy1 wrote:

I removed SMB 1 from Windows 10,...

I try to access the share in Windows Explorer using UNC path and at first was greeted with a generic No Network Name found ...


Here again, I assume you talk of the Windows SMB 1.0/CIFS client feature. Removing it does not only remove the SMB 1.0 transport, but also the NetBIOS discovery and name resoluton. That's why there is no name resolution for your NAS anymore. 

 

Funny how people are keen on getting rid of the Windows SMB 1.0/CIFS client feature while keeping the (highly vulnerable as unpatched!!) SMB 1.0 transport. Should you get the SMB 2.0 transport workable - Windows will negotiate to the highest SMB transport version available (easy to see based on the IP port in use in netstat!) - you should consider to disable the SMB 1.0 transport on the NAS instead.

 

Even the still maintained Windows versions Windows SMB 1.0/CIFS server feature has all the vulnerabilities patched. Your legacy ReadyNAS pre-OS6 version does not!

 


@saxguy1 wrote:

[NAS credentials]

Username: Admin (also tried 'root')

pw: my ReadyNAS pw


Isn't it admin (all lower case) on the older ReadyNAS, before OS6, too?

 

 

Message 18 of 36
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?


@schumaku wrote:
you should consider to disable the SMB 1.0 transport on the NAS instead.

The edit I suggested did that (setting the min protocol to SMB 2).

 


@schumaku wrote:


@saxguy1 wrote:

[NAS credentials]

Username: Admin (also tried 'root')

pw: my ReadyNAS pw


Isn't it admin (all lower case) on the older ReadyNAS, before OS6, too?

 


Yes, and that could be the problem.  Though it might have also been a good idea to reboot the PC.  FWIW, you don't want to use root for this.

 

@saxguy1 : I don't know why you created a new share to test this, as the patch would also apply to existing shares.

 

Netbios discovery and hostname resolution could be part of the puzzle on access, but there are ways to work around that.  The simplest is to just use the IP address.  You can also reserve an IP address for the NAS, and add an entry for it in the Windows hosts file.

 

Try rebooting the PC, and entering \\nas-ip-address in the file explorer address bar.  If you get the password prompt, use "admin" for the username, and not "Admin".  And of course use the NAS admin password.

 

If that fails, try opening CMD and enter

net use * /delete /y
net use t: \\nas-ip-address\c /user:admin nas-admin-password

and let us know if that behaves differently.  (If it works, the NAS data volume will be mounted as drive letter c).

Message 19 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

I have tried all the below suggestions. So here's where I'm at:

  • smb.conf has the (2) lines suggested re SMB2
  • SMB v1 Feature has been removed from Windows 10
    • rebooted
  • Attempting access by NetBIOS name in Windows Explorer fails after 2 attempts
    • first prompted with User creds
      • using lowercase admin and confimred working password
  • Attempting access by IP Address in Windows Explorer fails after 2 attempts
    • first prompted with User creds
      • using lowercase admin and confimred working password
  • At elevated CMD prompt:
    • tried mapping a drive using IP address per creds above
    • Error: 

      System error 1244 has occurred.

      The operation being requested was not performed because the user has not been authenticated.

  • I can SSH connect to ReadyNAS using putty and only using SMB2
    • as expected and requested
  • I can connect to ReadyNAS Duo over http using above creds

Thinking this is a share permission issue. Let me know if you want me to create a new SHARE and what permissions it need to allow access from Windows using SMB 2

 

Thanks all

 

Message 20 of 36
schumaku
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

For a migration, I would keep SMB1 in /etc/samba/smb.conf - check the smb.conf using the # testparm on the NAS if the command is available (followed by rebooting the NAS) ...

min protocol = SMB1
max protocol = SMB2

...and enable the SMB 1.0/CIFS feature on the Windows 10 system again - mainly to regain the NetBIOS discovery and name resolution. There is no need to remove it to use SMB 2.0 (and up on decent NAS or Windows servers).

 

Check if SMB 2.0 service is listening:

 

# netstat -an | grep 445
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::445 :::* LISTEN

 

Check if the SMB 1.0 stuff is up:

/# netstat -an | grep 137
udp 0 0 10.10.1.255:137 0.0.0.0:*  << with your RN LAN IP
udp 0 0 10.10.1.105:137 0.0.0.0:*  << with your RN LAN IP
udp 0 0 0.0.0.0:137 0.0.0.0:*

 

At this point you can try to browse the old NAS in Windows Explorer, see all the shared folders, and access shared folders and files using either the admin credentials or a dedicated user (or group with some users, that's the preferred way to manage anyway) - of course, this requires that the user(s) and/or group(s) have granted the access rights to the shared folders.

 

If this does work, figure out if it's using SMB1 (IP port 137) or SMB2 (IP port 443) - C:\> netstat is your friend, or  # smbstatus if it exists on these legacy devices. If both transports are available, the Windows 10 client will use the highest version available (and workable). Should the connection go over SMB 1.0 something is borked.

 

If it exists on the legacy NAS, check if e.g. /var/log/samba/log.smbd does exist - couldbe in a different location -  this might provide useful information of more borked issues.

 

If browsing and accessing the shared folders does not work at all ... there must be even more borked. Typical cause can be an existing authentication session still active using a different user* (or a guest [non-auth] access**). *Newer Windows builds will inform you. **Newer WIndows 10 builds don't allow the risky non-authenticated access.

 

The shared folders itself do not require a special configuration to be workable over SMB 2.0 - so previously existing and newly created shared folders must be accessible.

Message 21 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

made the changes to smb.conf and rebooted RN

 max protocol = SMB2
 min protocol = SMB1

(does order matter)

 

...re-installed Windows Feature for SMB v1 and rebooted Win10

 

Netstat output from Windows:

PS C:\> netstat -an | Select-String "445"

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    [::]:445               [::]:0                 LISTENING

PS C:\> netstat -an | Select-String "137"

  TCP    10.0.0.XX:49875        40.XX.XXX.XX:443      ESTABLISHED
  UDP    10.0.0.XX:137          *:*

..and from SSH 2 putty session:

MyNAS:~# netstat -an | grep 445
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp        0      0 10.0.0.XXX:445          10.0.0.X:49912         ESTABLISHED
MyNAS:~# netstat -an | grep 137
udp        0      0 10.0.0.255:137          0.0.0.0:*
udp        0      0 10.0.0.X:137          0.0.0.0:*
udp        0      0 0.0.0.0:137             0.0.0.0:*

...I ca Ping by NetBIOS name AND RN now shows up in Network Neighborhood but I cannot access share(s) with admin/pw. Same error (screenshot)

 

Message 22 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

added back SMB v1 in smb.conf

 

 max protocol = SMB2
 min protocol = SMB1

Does the order matter?

 

Here's my netstat output:

from windows 10

netstat -an | Select-String "445"

  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    [::]:445               [::]:0                 LISTENING

PS C:\> netstat -an | Select-String "137"

  TCP    10.0.0.XX:50892        52.XX.XX.XX:443       ESTABLISHED
  TCP    10.0.0.XX:50893        52.XX.XX.XX:443       ESTABLISHED
  TCP    10.0.0.XX:50894        52.XX.XX.XX:443       ESTABLISHED
  UDP    10.0.0.XX:137          *:*

on RN:

myNAS:~# netstat -an | grep 445
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN

myNAS:~# netstat -an | grep 137
udp        0      0 10.0.0.255:137          0.0.0.0:*
udp        0      0 10.0.0.<NASIP>:137          0.0.0.0:*
udp        0      0 0.0.0.0:137             0.0.0.0:*

I can also ping the RN by NetBIOS name now and the ReadyNAS shows up in Network Neighborhood.

I still cannot access any Share, however (admin/NAS pw)

 

 

 

Message 23 of 36
saxguy1
Guide

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?

[I've replied twice today to this thread with results but do not see them here. Are replies needing approval first before showing up? I don't intend to be redundant.]

 

Here's the permissions on that share I created and copied smb.conf to

 

myNAS:/temp# ls -l smb.conf
-rwxrwxrwx    1 nobody   nogroup      1431 Oct  7 16:19 smb.conf
Message 24 of 36
StephenB
Guru

Re: How do I enable (experimental) SMB2 support on my ReadyNAS DUO?


@saxguy1 wrote:

[I've replied twice today to this thread with results but do not see them here. Are replies needing approval first before showing up? I don't intend to be redundant.]

There is an automated spam filter that sometimes kicks in.  Mods are supposed to check it, and release the non-spam, but they can get behind (sometimes there is just too much for manual review to be practical).

 

I can also access the quarantine and release things, so if you see this again you can also send me a PM.

 


@saxguy1 wrote:

 

Here's the permissions on that share I created and copied smb.conf to

 

myNAS:/temp# ls -l smb.conf
-rwxrwxrwx    1 nobody   nogroup      1431 Oct  7 16:19 smb.conf

When you copied the file back to /etc/samba, did you change the ownership back to what it should be?  I don't own a v2, but on my legacy NAS OS 4.2 the ownership is admin/admin.

 

PRO:/etc/samba# ls -al
total 96
drwxr-xr-x  2 root  root   4096 Feb 20  2019 .
drwxr-xr-x 68 root  root   4096 Oct  9 06:10 ..
-rw-------  1 root  root  36864 Feb 20  2019 passdb.tdb
-rw-------  1 root  root  45056 Sep 30  2011 secrets.tdb
-rw-------  1 admin admin  1426 Oct  9 06:10 smb.conf
-rw-------  1 root  root   2884 Feb 20  2019 smbpasswd
PRO:/etc/samba#

If your permissions and ownership don't match what I'm seeing then you should change them back.

 

You can change the account ownership with chown admin /etc/samba/smb.conf, and the group ownership with chgrp admin /etc/samba/smb.conf.

 

You can also reset the permissions to the normal values with chmod 600 /etc/samba/smb.conf. But your current permissions shouldn't be a problem (though changed ownership/group might be).

 

Note this particular file might be rebuilt by the NAS when it reboots.  If that is the case with the v2, then the change would have been lost.  So also check for that. cat /etc/samba/smb.conf | grep -i protocol should show you the two protocol lines you added. If it doesn't, then the file must have been re-written (which would explain your issue).

 

The "cat" command lists the file; "grep" does a pattern match on the cat output, and only outputs lines that have protocol in them.  The -i makes the pattern match case insensitive. 

 

If the NAS does rewrite the conf file, there another place you can make this same edit, that should survive reboots.

Message 25 of 36
Top Contributors
Discussion stats
  • 35 replies
  • 7622 views
  • 0 kudos
  • 5 in conversation
Announcements