Kodi and SMBv1


#9

Thanks for the help Tom.

I’ve successfully modified the file, but Kodi doesn’t appear to respect it.

With SMB v1 disabled on my server, Kodi cannot access the shares.
If I re-enable SMB v1 on my server, Kodi can access the shares, which it shouldn’t be able to given I have client min protocol = SMB2 set.

Do I need to modify the global smb.conf file also?


#10

Hi,

I’m not familiar with this as I should be, I use NFS for my shares. Any changes made ~/.smb/smb.conf, should be respected without making changes to the global version. Did you restart OSMC after making changes?

Also it may be worth posting ~/.smb/smb.conf, also debugging logs may give us more of an Idea of whats going on.

Thanks Tom.


#11

Yes I restarted OSMC after making changes.

The entire contents of my ~/.smb/smb.conf file:

[global]
preferred master = no
local master = no
domain master = no
client lanman auth = yes
lanman auth = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
lock directory = /home/osmc/.smb/
client use spnego = no
client ntlmv2 auth = yes
name resolve order = bcast host
client min protocol = SMB2
client max protocol = SMB3_11

All I added was the last 2 lines, and I changed the Auth from No to Yes.

I’m not sure where the debugging logs are but I can share them.


#12

Did this help?
If not – try a debug log.

Will make these changes default in the next update


#13

It’s still not working. How do I get a debug log?


#14

https://osmc.tv/wiki/general/how-to-submit-a-useful-support-request/


#15

I think I did it right.

https://paste.osmc.tv/royozexeku


#16

Well not directly related but you have an issue on your samba packages. you might want to purge all of them and then just reinstall via app-store (if you use the samba server on OSMC at all).

Job for smbd.service failed. See 'systemctl status smbd.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript smbd, action "start" failed.
dpkg: error processing package samba (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for libc-bin (2.19-18+deb8u10) ...
Processing triggers for systemd (215-17+deb8u7) ...
Errors were encountered while processing:
 samba
Log ended: 2017-07-03  15:09:08

The next strange thing is this error which might point to a wrong client version unless there is a typo I don’t see

Jul 03 20:00:29 pi mediacenter[338]: WARNING: Ignoring invalid value 'SMB3_11' for parameter 'client max protocol'

Lastely this error, Connection timed out might have other reasons so I first would check the server side and also server side log.

20:00:45.586 T:1715225584   ERROR: SMBDirectory->GetDirectory: Unable to open directory : 'smb://USERNAME:PASSWORD@BIGBLACKBOX/Videos/Movies'
                                            unix_err:'6e' error : 'Connection timed out'

#17

I tried to install Samba to get the command to show SMB status. Install failed. I don’t need SMB server though, only client.

This is a giant error: This is probably related to my problem.
Jul 03 20:00:29 pi mediacenter[338]: WARNING: Ignoring invalid value ‘SMB3_11’ for parameter ‘client max protocol’

Server works fine if I enable SMB v1 on it. But once I block it, the timeout is instantaneous.


#18

Hi,

Try changing:

client max protocol = SMB3_11

to

client max protocol = SMB3

Just a guess as its being reported as invalid.

Also may help if you could advise on the device with samba shares on i.e pc, nas or server?

Thanks Tom.


#19

Sorry guys for providing a faulty parameter.
SMB3_11 is not a valid option for every samba configuration. SMB3 should be working for most installations. I changed it in the post.

smbstatus is a command run on a samba server. For a Windows server you can do the same with PowerShell. Use:
Get-SmbSession | Select-Object -Property SessionId,ClientComputerName,ClientUserName,NumOpens,Dialect | Format-Table


#20

Changing:

client max protocol = SMB3_11

to

client max protocol = SMB3

Fixed it!

I’ve confirmed with the power shell command. Yay! Thanks for the help everybody!


#21

Thanks.

So can you confirm what ~/.smb/smb.conf should look like so we can make this change to OSMC?

Cheers,

Sam


#22

Mine looks like this:

But what if somebody wants to use SMB1?

I changed this:
client min protocol = SMB2
to this:
client min protocol = SMB1

And it no longer worked.


#23

It’s probably best to change it to that; as SMBv1 is quite rare now.
Legacy devices can still be accessed via fstab


#24

Okay I did a bunch of testing.

If I leave SMB 1, 2, and 3 all enabled on my server.
If I set my smb.conf file to this:

[quote][global]
preferred master = no
local master = no
domain master = no
client lanman auth = yes
lanman auth = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=6$
lock directory = /home/osmc/.smb/
client use spnego = no
client ntlmv2 auth = no
name resolve order = bcast host
client max protocol = SMB3
[/quote]
(I only added client max protocol = SMB3, left everything else alone)

Then Kodi will use SMB v3.

Without the client max protocol, kodi uses SMB1.
Without the client max protocol, AND with ntlmv2 auth set to yes, SMB1 doesn’t work. Endless password prompts.

So again, the most widely compatible bet is to just add:

The safest/most secure bet would be to add these 3:

[quote] client ntlmv2 auth = yes
client min protocol = SMB2
client max protocol = SMB3[/quote]
(You don’t add client ntlmv2 auth = yes, you change the no to yes)


#25

I can confirm that below config works against samba 4.5.10 server. But it also work if we comment out the “client max protocol = SMB3” I am not sure what advantages it has to limit the max protocol.

[global]
preferred master = no
local master = no
domain master = no
client lanman auth = yes
lanman auth = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
lock directory = /home/osmc/.smb/
client use spnego = no
client use spnego principal = no
client ntlmv2 auth = yes
name resolve order = bcast host
client min protocol = SMB2
client max protocol = SMB3


Windows 10 Update causing problems
#26

Did you try

client ntlmv2 auth = yes
name resolve order = bcast host
client min protocol = SMB2

without “client max protocol = SMB3”


#27

‘client max protocol = default’ used to be ‘NT1’ in many Samba versions.
In Samba 4.3.0 they changed it to ‘SMB3_11’ but we are not on that version yet. By setting the value we are kind of enabling it with our version.

I’m sure that your server negotiatied down to SMB1. Unless ‘server min protocol = SMB2’ is set on your server this still happens.

I’m with bedub1
the most widely compatible bet is to just add:
client max protocol = SMB3
(doesn’t break browsing)

The safest/most secure bet would be to add these 3:
client ntlmv2 auth = yes client min protocol = SMB2 client max protocol = SMB3
(breaks browsing)

name resolve order = bcast ... just tested it, doesn’t bring back browsing when SMB1 is disabled.


#28

I have now made these changes default in Kodi, so hopefully there’s no need for any further tinkering.

Thank you @nAFutro @fzinken @bedub1 @Tom_Doyle. This will help a lot of users :thumbsup:

Sam