I’m trying to configure OSMC (on RPi4) to use a secure (encrypted) connection to a local Samba server.
However it appears SMB encryption is not supported even though SMB 3.xx is supported.
I have been able to successfully configure OMSC and access media following the instructions here File sharing with a NAS, media server, windows share or other device - General - OSMC
/etc/fstab configuration
/dev/mmcblk0p1 /boot vfat defaults,noatime,noauto,x-systemd.automount 0 0
# rootfs is not mounted in fstab as we do it via initramfs. Uncomment for remount (slower boot)
#/dev/mmcblk0p2 / ext4 defaults,noatime 0 0
//server/media1 /mnt/storage/media1 cifs x-systemd.automount,noauto,vers=3.11,iocharset=utf8,credentials=/home/osmc/.credentials,uid=osmc,gid=osmc,file_mode=0700,dir_mode=0700 0 0
The Samba configuration (smb.conf) is default with following additions:
ntlm auth = no
lanman auth = no
server min protocol = SMB3_11
server smb3 encryption algorithms = AES-256-GC
Using smbstatus I can see the OSMC connection and the latest smb protocol version 3.11 is used however Encryption and Signing values are not populated.
root@down:~# smbstatus
Samba version 4.17.12-Debian
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
1928 nobody nogroup xx.xx.xx.xx (ipv4:xx.xx.xx.xx:56992) SMB3_11 - -
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
media1 1928 xx.xx.xx.xx Thu Jan 9 15:41:58 2025 NZDT - -
IPC$ 1928 xx.xx.xx.xx Thu Jan 9 15:41:58 2025 NZDT - -
Locked files:
Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
1928 65534 DENY_NONE 0x120089 RDONLY LEASE(RWH) /mnt/storage/media1 video.mp4 Thu Jan 9 15:52:27 2025
However if I add either of the below to smb.conf (and restart smbd) OSMC connections fail.
server smb encrypt = required
server smb3 signing algorithms = AES-128-GMAC
The error shown in OSMC cli is:
osmc@osmc:/mnt$ ls
ls: cannot access 'media1': Invalid argument
I’m confident the Samba configuration is correct as a laptop (Linux Mint) is able to connect using the same credentials as shown by smbstatus.
Note that Encryption and Signing values are populated when connecting via the laptop.
root@server:~# smbstatus
Samba version 4.17.12-Debian
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
8118 osmc osmc laptop (ipv4:xx.xx.xx.xx:52568) SMB3_11 AES-256-GCM partial(AES-128-GMAC)
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
IPC$ 8118 laptop Thu Jan 9 15:59:36 2025 NZDT ??? AES-128-GMAC
So it looks like OSMC on RPi4 doesn’t support Samba encryption.
Which surprises me as I (naively) expected it to have sufficiently recently samba libraries to support this like SMBv3.11
Am I missing something?
Environment
- OSMC running Kodi 21.1 installed from OSMC_TGT_rbp4_20240825.img.gz
- Samba version 4.17.12 running on Debian 12.7 (Proxmox container)
- OSMC uses the credentials “osmc” for smb access
- All updates applied to OSMC and Samber server via apt update && apt full-upgrade