[Quick Fix] Problem accessing legacy and guest samba shares after SMB security update on April 14th

Help and Support
1

Hi All,

as there are a couple of threads on this topic I would like to try to summaries the current status which might help some of you. I was not able to test this quick fixes myself as I can not reproduce the issues but there are reports that they work. All what is described here are only quick fixes and you do all of them on your own risk.

Situation:
On April 14th Sam released a news (OSMC Security Update for OSMC 2016.04-1 and earlier) that there were several security vulnerabilities in the samba implementation that have been fixed by the upstream team in the debian samba packages and in the news he suggested an upgrade to avoid such security vulnerabilities.
As indicated these security updates came from debian and therefore other OS’s also have the same issues (e.g. Ubuntu after latest upgrade)
This security update didn’t had any negative impact for many users but two categories of users where not anymore able to access their shares from OSMC/Kodi these were:

Impacted Users

  1. Users that where accessing their samba shares passwordless with the guest account
  2. Users that where accessing their samba shares on older (legacy) samba devices that are using an older smb protocol and could not be upgraded (e.g. NAS, Routers, Timecapsule,…)

Quick Fixes

  1. For users that have the issue with passwordless shares still my suggested quick fix is creating an account on the server. If you don’t want to see the account on the server here is an information how to hide it
    OSMC Security Update for OSMC 2016.04-1 and earlier - #10 by maker3
    One other method that seems to have successful being used is to mount the samba share via fstab instead of dynamically within Kodi. These are the steps to do so (everything within the <> you would need to adapt to your setup:

  2. Create local directory sudo mkdir /mnt/<NAME OF FOLDER YOU LIKE>

  3. Edit fstab sudo nano /etc/fstab

  4. Add at the end //<YOUR SERVER NAME OR IP>/<NAME OF THE SHARE ON THE SERVER> /mnt/<NAME OF FOLDER YOU LIKE> cifs noauto,guest,x-systemd.automount,rw 0 0

  5. Save and Exit Ctrl-O Ctrl-X

  6. Try to mount with sudo mount /mnt/<NAME OF FOLDER YOU LIKE>

  7. For users that want to access shares on older samba servers (e.g. NAS, Routers, Timecapsule,…) accessing the shares from within OSMC/Kodi (not fstab based mounts) there is a solution by adding this two files to /home/osmc/.smb/smb.conf as described in this post, please be aware that the .smb/smb.conf might be overwritten so you may have to repeat this.
    OSMC Security Update for OSMC 2016.04-1 and earlier - #23 by fzinken
    To summarise this solution here the steps to do after you ssh into OSMC

sudo systemctl stop mediacenter
nano /home/osmc/.smb/smb.conf
Add these two lines to the end (within the [GLOBAL] section
client use spnego = no
client ntlmv2 auth = no
sudo systemctl start mediacenter

Hope that summary helps some of you.