Reply
christopher2
Aspirant

Need help w/ReadyNAS SAMBA configuration

A change Netgear made as they upgraded RAIDiator 4.2.20 to 4.2.22 (for Intel) and 4.1.8 to 4.1.10 (on Sparc) was to change the SAMBA configuration in a way that stops older CIFS clients from accessing ReadyNAS CIFS shares. This is impacting me because I have two very old WinCE-based MP3 players (TurtleBeach Audiotron) and there is no newer firmware available for them that would update their CIFS clients to support NTLMv2.

I have had two separate rounds of interaction with Netgear support on this issue, and Netgear’s position is that shutting out older CIFS clients closes a security hole that they do not want to open (even as an option); nor will they tell me how to reconfigure SAMBA myself (using ssh access).

So, I am posting here to ask if someone can help me with reconfiguring SAMBA to re-enable support for NTLMv1 logins. I’ve looked at editing the /etc/samba/smb.conf file; but, the comment at the top of the file says, “# This file is auto-generated. Do not modify!” This leads me to conclude that there must be some other place where the configuration changes should be made.
Message 1 of 7
StephenB
Guru

Re: Need help w/ReadyNAS SAMBA configuration

One workaround is to simply downgrade the firmware back to 4.2.20, 4.1.8
Message 2 of 7
christopher2
Aspirant

Re: Need help w/ReadyNAS SAMBA configuration

The Pro6 is 3 weeks old and was purchased to replace a six year old NV. To downgrade the Pro6 to 4.2.20 defeats the purpose of upgrading to new hardward so that I can keep curernt with the software versions (and features). The NV was no longer able to cope with RAIDiator upgrades (loading 4.1.10 bricked the device and forced me to downgrade back to 4.1.8).

SAMBA is configurable and I don't see any no reason I shouldn't be able to configure it to handle NTLMv1 clients.
Message 3 of 7
siigna
NETGEAR Expert

Re: Need help w/ReadyNAS SAMBA configuration

Samba configuration in the newer firmwares defaults to forcing NTLMv2 authentication.

You can edit /etc/smb/smb.conf but it will be regenerated anytime you make a change to CIFS in Frontview (and on reboot as well, I believe).

Best option is to find out what architecture the MP3 players are reporting themselves to Samba as and edit the appropriate /etc/frontview/samba/smb.conf.<arch> file. Since the CE build isn't based on NT and I think Windows for Workgroups is shooting a bit too old, it's probably going to be Win95 or UNKNOWN.

I think you'll need to add:

client ntlmv2 auth = no

and possibly:

client lanman auth = yes

Support won't recommend this because it's out of the scope of support, they can't be expected to support custom configurations and even recommending a custom configuration would lead to them having to support it. I don't have any Pre-NT machines to test this out with, so not entirely sure this will work, but it's easy enough to revert and try something else.
Message 4 of 7
christopher2
Aspirant

Re: Need help w/ReadyNAS SAMBA configuration

Thank you for your thoughtful and detailed reply. I will give that a try over the next few days and let you know how I make out.
Message 5 of 7
chirpa
Luminary

Re: Need help w/ReadyNAS SAMBA configuration

If you crank up verbose logging in smb.conf, you can see what the client identifies itself as, to help make a smb.conf.ARCH file.
Jedi Council Alumni | See my profile About page for my ReadyNAS history (2004-2012) |
https://twitter.com/chirpah/status/852389882764840960/photo/1
Message 6 of 7
christopher2
Aspirant

Re: Need help w/ReadyNAS SAMBA configuration

OK. I've set log level to 10, but I don't see the ARCH identified in the log messages. Here are the entries from /var/log/samba/log.smbd. Is someone able to point me at the ARCH value?


[2012/12/14 17:34:43.742020, 2] smbd/reply.c:554(reply_special)
netbios connect: name1=DATA 0x20 name2=ATRON001E7E 0x0
[2012/12/14 17:34:43.742188, 2] smbd/reply.c:565(reply_special)
netbios connect: local=data remote=atron001e7e, name type = 0
[2012/12/14 17:34:43.748302, 2] param/loadparm.c:7951(do_section)
Processing section "[printers]"
[2012/12/14 17:34:43.748753, 2] param/loadparm.c:7951(do_section)
Processing section "[Negatives]"
[2012/12/14 17:34:43.748839, 2] param/loadparm.c:6937(service_ok)
Enabling strict allocate on service Negatives
[2012/12/14 17:34:43.748859, 2] param/loadparm.c:6941(service_ok)
Setting allocation roundup size to 100MB on service Negatives
[2012/12/14 17:34:43.748876, 2] param/loadparm.c:7951(do_section)
Processing section "[PC_Setup]"
[2012/12/14 17:34:43.748961, 2] param/loadparm.c:6937(service_ok)
Enabling strict allocate on service PC_Setup
[2012/12/14 17:34:43.748980, 2] param/loadparm.c:6941(service_ok)
Setting allocation roundup size to 100MB on service PC_Setup
[2012/12/14 17:34:43.748997, 2] param/loadparm.c:7951(do_section)
Processing section "[TPI_Archive]"
[2012/12/14 17:34:43.749132, 2] param/loadparm.c:6937(service_ok)
Enabling strict allocate on service TPI_Archive
[2012/12/14 17:34:43.749152, 2] param/loadparm.c:6941(service_ok)
Setting allocation roundup size to 100MB on service TPI_Archive
[2012/12/14 17:34:43.749170, 2] param/loadparm.c:7951(do_section)
Processing section "[backup]"
[2012/12/14 17:34:43.749253, 2] param/loadparm.c:6937(service_ok)
Enabling strict allocate on service backup
[2012/12/14 17:34:43.749272, 2] param/loadparm.c:6941(service_ok)
Setting allocation roundup size to 100MB on service backup
[2012/12/14 17:34:43.749289, 2] param/loadparm.c:7951(do_section)
Processing section "[media]"
[2012/12/14 17:34:43.749390, 2] param/loadparm.c:7388(handle_include)
Can't find include file /etc/frontview/samba/Shares.conf.
[2012/12/14 17:34:43.749436, 2] param/loadparm.c:6937(service_ok)
Enabling strict allocate on service media
[2012/12/14 17:34:43.749454, 2] param/loadparm.c:6941(service_ok)
Setting allocation roundup size to 100MB on service media
[2012/12/14 17:34:43.749472, 2] param/loadparm.c:7951(do_section)
Processing section "[homes]"
[2012/12/14 17:34:43.751407, 2] lib/interface.c:340(add_interface)
added interface LeafNets ip=fe80::f4d9:31ff:febd:c27f%LeafNets bcast=fe80::ffff:ffff:ffff:ffff%LeafNets netmask=ffff:ffff:ffff:ffff::
[2012/12/14 17:34:43.751466, 2] lib/interface.c:340(add_interface)
added interface LeafNets ip=5.177.191.20 bcast=5.255.255.255 netmask=255.0.0.0
[2012/12/14 17:34:43.751490, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=10.10.1.8 bcast=10.10.1.255 netmask=255.255.255.0
[2012/12/14 17:34:43.765250, 2] smbd/sesssetup.c:1417(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/12/14 17:34:43.766127, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [atron] -> [atron] FAILED with error NT_STATUS_WRONG_PASSWORD
[2012/12/14 17:34:43.782783, 2] smbd/sesssetup.c:1417(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2012/12/14 17:34:43.783301, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [atron] -> [atron] FAILED with error NT_STATUS_WRONG_PASSWORD
Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 2534 views
  • 0 kudos
  • 4 in conversation
Announcements