External Storages - FreeNAS 11.1-U6 disabled SMB1 - Can no longer mount SMB share via the External Storages plugin

oRAirwolf · August 25, 2018, 2:05am

Yep, they disabled SMB1 in FreeNAS:

Known Impacts

SMB1 has been disabled by default for security reasons. If legacy clients are no longer able to connect, type this command in the Shell, then restart the SMB service: ``

sysctl freenas.services.smb.config.server_min_protocol=NT1

If that resolves the issue, you can make that setting permanent by going to System → Tunables →Add Tunable and creating a Tunable with these settings:

Variable: freenas.services.smb.config.server_min_protocol

Value: NT1

Type: Sysctl

oRAirwolf · August 25, 2018, 11:28am

I was not able to get the FreeNAS SMB share to mount in Nextcloud, even with FreeNAS set to allow SMB1. It is still giving me an error. I ended up switching to NFS for the mount. I hope somebody can modify the External Storages plugin to use SMB2 or allow you to choose the SMB protocol, as using SMB1 is pretty insecure.

tflidd · August 25, 2018, 9:28pm

ModSecurity: JSON parser error: parse error: premature EOF\n [hostname "10.10.0.50"] [uri "/apps/files_external/globalstorages"]

Is ModSecurity enabled by default in the vm? @enoch85

I’d try to turn it off temporarily, if that fixes the problem you have to check the ruleset to make it work for the smb connections.

enoch85 · August 25, 2018, 9:42pm

No it’s a up to the user to activate it, nothing that is done by default.

oRAirwolf · August 25, 2018, 10:23pm

@tflidd @enoch85

Thanks for the response. I did select the extra security options when setting up the VM. Do you know what I need to do to turn off ModSecurity on the Tech and Me VM?

enoch85 · August 26, 2018, 9:19am

Here’s the modesecurity script: https://github.com/nextcloud/vm/blob/master/static/modsecurity.sh If that was the one, then undo everything in that.

Raegedoc · August 27, 2018, 2:17am

Hi oRAirwolf,

I was also impacted by this error on Ubuntu 16.04 with Nextcloud 13.0.5. To fix the problem while keeping FreeNAS 11.1-U6 SMB1 disabled, I updated, installed smbclient and modified smb.conf like this:

sudo apt update
sudo apt install smbclient
add in global section smb.conf (/etc/samba/smb.conf):

client min protocol = SMB2
client max protocol = SMB3
reboot

NOTE: The fix doesn’t work on Ubuntu 18.04

oRAirwolf · August 27, 2018, 4:20am

Thank you for the response. I am running the Tech and Me Ubuntu 18.04 VM. That is good to know that it fixed it for Ubuntu 16.04, though.

oRAirwolf · August 27, 2018, 8:02am

@enoch85 I deployed a new instance of Nextcloud with the latest Tech and Me OVA and did not enable any of the security features or extras. It is still not able to mount an SMB share from FreeNAS.

ShaunCurrier · August 28, 2018, 2:18am

This same problem of upgrading FreeNAS to 11.1-U6 affected my Nextcloud’s External Storages app, too.

I cannot use the workaround of installing smbclient as described by Raegedoc above, because of the SMB downloading of large files issue described in this github issue. It seems that the PHP implementation of SMB is preferred by Nextcloud.

I think I’ll downgrade the security of SMB on my FreeNAS server because the PHP implementation of SMB in Nextcloud is not keeping up.

oRAirwolf · August 28, 2018, 2:20am

@ShaunCurrier Please let me know if you are able to get it working with FreeNAS. I tried downgrading my SMB to allow SMB1 and I am still having the same problem.

X4LD1M0 · August 28, 2018, 12:18pm

@oRAirwolf I followed your steps by adding the Tunable to FreeNAS, and after stop/start of SMB service I am now able to access my CIFS shares.

oRAirwolf · August 29, 2018, 3:20am

Are you using the Tech and Me appliance? I tried with mine and I am still getting diddly.

lwc · August 29, 2018, 4:00pm

SMB access has been partially broken for over a year- the last version that completely works is 10. @enoch85 has worked extensively with us on it and verified that it’s a bug.

Not stating that this is the cause of your issue, just that there are certainly some SMB issues with versions 11 and 12.

Raegedoc · August 31, 2018, 1:38am

For you to know, I had to revert to SMB1 since my HP printer scan2folder “feature” stopped working because of SMB2.

I am not in the mood of buying a new printer for now

enoch85 · September 3, 2018, 4:20pm

Yup, SMB has been somewhat broken since 11.0.3, I don’t know if it’s fixed yet, but apparently not since this is still and issue.

Starfish · September 3, 2018, 4:59pm

SMB all over Linux distros have been broken. I had an issue on CentOS and Fedora with Thecus NAS where system would hang with mass rename operations. Nothing pertaining to NC. Reverting and forcing SMB v1 protocol fixed it. So I don’t think this is specifically NC’s fault, the thing is broken everywhere.

Alan_Scott · September 6, 2018, 4:16am

Hey Daniel,

Been trying to get hold of you - what is the best way as I need some help?

enoch85 · September 6, 2018, 6:25pm

Hi Alan, the best way is always to send me an email.

jharm73 · September 14, 2018, 6:45pm

I tried this on my Ubuntu 16.04 and it did not work