Re: Update on problem mounting NFS share

[David Christensen <dpchrist@holgerdanske.com>]

On 10/3/23 12:03, Steve Matzura wrote:
> I gave up on the NFS business and went back to good old buggy but 
> reliable SAMBA (LOL), which is what I was using when I was on Debian 8, 
> and which worked fine. Except for one thing, everything's great.
>
>
> In /etc/fstab, I have:
>
>
> //192.168.1.156/BigVol1 /mnt/bigvol1 civs 
> vers=2.0,credentials=/root/smbcreds,ro
>
>
> That should work, right? Well, it does, but only sometimes. If I boot 
> the system, the remote share isn't there. If I unmount everything with 
> 'umount -a', wait a few seconds, then remount everything with 'mount 
> -a', I sometimes have to do it twice. Sometimes, the first time I get a 
> message from mount about error -95, but if I wait the space of a couple 
> heartbeats and try 'mount -a' again, the share mounts. If I look through 
> /var/kern.log for errors, I don't find anything that stands out as 
> erroneous, but would be glad to supply extracts here that might help me 
> to trace this down and fix it.


Using Samba to share files over the network requires various steps and 
settings on both the server and on the clients.  I put a lot of effort 
into Samba back in the day, and only went far enough to get basic file 
sharing working.  Since then, I have copied-and-pasted.  But Microsoft 
has not stood still, nor has Samba.


I have attempted to document the current state of Samba on my SOHO, 
below.  But beware -- my Samba setup is insecure and has issues.


My username is "dpchrist" on all computers and on Samba.


My primary group is "dpchrist" on all Unix computers.


My UID and GID are both "12345" (redaction) on all Unix computers.


The server is FreeBSD (I previously used Debian, but switched to get 
native ZFS):

2023-10-03 12:20:58 toor@f3 ~
# freebsd-version -kru
12.4-RELEASE-p5
12.4-RELEASE-p5
12.4-RELEASE-p5


The latest version of Samba seemed to want Kerberos, so I chose an older 
version that does not:

2023-10-03 12:25:25 toor@samba ~
# pkg version | grep samba
samba413-4.13.17_5                 =


I configured Samba to share files:

2023-10-03 14:49:00 toor@samba ~
# cat /usr/local/etc/smb4.conf
[global]
	local master = Yes
	netbios name = SAMBA
	ntlm auth = ntlmv1-permitted
	passdb backend = tdbsam
	preferred master = Yes
	security = USER
	server string = Samba Server Version %v
	wins support = Yes
	workgroup = WORKGROUP
<redacted>
[dpchrist]
	force user = dpchrist
	path = /var/local/samba/dpchrist
	read only = No
	valid users = dpchrist
<redacted>


I validate the configuration file with testparm(1):

2023-10-03 13:37:31 toor@samba ~
# testparm
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
	ntlm auth = ntlmv1-permitted
	preferred master = Yes
	security = USER
	server string = Samba Server Version %v
	wins support = Yes
	idmap config * : backend = tdb
<redacted>
[dpchrist]
	force user = dpchrist
	path = /var/local/samba/dpchrist
	read only = No
	valid users = dpchrist
<redacted>


I created a Samba user account:

root@samba:~ # pdbedit -a dpchrist
new password:
retype new password:


Whenever I change anything related to Samba on the server, I reboot and 
verify before I attempt to connect from a client.


On Debian clients:

2023-10-03 12:44:39 root@taz ~
# cat /etc/debian_version ; uname -a
11.7
Linux taz 5.10.0-25-amd64 #1 SMP Debian 5.10.191-1 (2023-08-16) x86_64 
GNU/Linux


I installed the Samba client file sharing package:

2023-10-03 12:55:06 root@taz ~
# dpkg-query -W cifs-utils
cifs-utils	2:6.11-3.1+deb11u1


I created a mount point for the incoming share:

2023-10-03 12:58:13 root@taz ~
# ls -ld /samba/dpchrist
drwxr-xr-x 2 dpchrist dpchrist 0 Jun 18 14:31 /samba/dpchrist


I created an /etc/fstab entry for the incoming share:

2023-10-03 12:59:41 root@taz ~
# grep samba\/dpchrist /etc/fstab
//samba/dpchrist					/samba/dpchrist		cifs	 
noauto,vers=3.0,user,username=dpchrist		0	0


I mount the incoming share manually:

2023-10-03 13:01:07 dpchrist@taz ~
$ mount /samba/dpchrist
Password for dpchrist@//samba/dpchrist:

2023-10-03 13:01:46 dpchrist@taz ~
$ mount | grep samba\/dpchrist
//samba/dpchrist on /samba/dpchrist type cifs 
(rw,nosuid,nodev,relatime,vers=3.0,cache=strict,username=dpchrist,uid=12345,forceuid,gid=12345,forcegid,addr=192.168.5.24,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,user=dpchrist)


Note that there is a maddening issue with Samba on Unix clients -- the 
Unix execute bits vs. MS-DOS System, Hidden, and Archive bits:

https://unix.stackexchange.com/questions/103415/why-are-files-in-a-smbfs-mounted-share-created-with-executable-bit-set


On Windows 7 clients, I needed to change a Registry entry to allow 
Windows to use deprecated file sharing security:

Start
-> Command Prompt
-> Run as administrator
-> C:\Windows\system32>secpol.msc

Security Settings
-> Local Policies
-> Security Options
-> Network Security: LAN Manager authentication level
-> Send LM & NTLM - use NTLMv2 session security if negotiated


Note that there is an issue with Samba on Windows 7 clients -- Windows 
Explorer -> Network does not find or list the Samba server.  The 
work-around is to enter a UNC path in the Windows Explorer address box 
(either IP address, or host name if I have configured such on the DHCP 
server):

\\192.168.1.23\dpchrist


On Windows 7/ Cygwin clients, I map a drive letter to the connected 
Samba share.  The execute bits issue is present.


On macOS clients, there are issues with finding and listing the Samba 
server and with execute bits.  The work-around for the former is to 
enter a URL into Finder -> Go -> Connect to Server:

smb://192.168.1.23/dpchrist


See also:

https://www.samba.org/

https://lists.samba.org/


Comments and suggestions for any of the above are welcome.


HTH,

David