I used to use SAMBA quite a lot - Linux servers
in a mostly-Win office environment. It was easy
to set up, offered fine-grained control options.
Point smb.conf entries at most any folder and
it would share it without issues.

BUT, starting with some Bullseye and esp now
in Bookworm, what Used To Work just DOESN'T
seem to work anymore.

I set up an SMB user, set the password. Set the
target folder permissions kind of, sometimes
VERY, liberally.

Would-be clients can see the server. Can see
the shares. However trying to ACCESS the shares
by 'mount cifs' or any other means always
results in either a blank, or usually some
species of 'permission denied'.

OK, what the hell changed so radically ???
Have perused many online tutorials, no luck.
This is not just one machine ... both PIs
and AMD64s are both reluctant.

CAN do NoFileSecurity shares OK - but SAMBA
offers a lot more nuance. All my boxes are
Linux.

Today's need is to mount an external multi-disk
usb drive. Bookworm does NOT seem to automount
those on reboot. DID find a code snippet that
resets the bus, and the external drives mount
at /media/user/xxxx as expected. I'd LIKE to
point SAMBA at those - ez-peazy. However I
could mount the /dev/sdx somewhere else after
boot by direct command, create symlinks or
whatever.

Oh wow ... this is an actual LINUX question :-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 17 Feb 2025 23:58:51 -0500, c186282 wrote:

Would-be clients can see the server. Can see the shares. However
trying to ACCESS the shares by 'mount cifs' or any other means
always results in either a blank, or usually some species of
'permission denied'.

Turn on some more of the server-side logging options, to see if that gives
some clues.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/18/25 1:06 AM, Lawrence D'Oliveiro wrote:

On Mon, 17 Feb 2025 23:58:51 -0500, c186282 wrote:

Would-be clients can see the server. Can see the shares. However
trying to ACCESS the shares by 'mount cifs' or any other means
always results in either a blank, or usually some species of
'permission denied'.

Turn on some more of the server-side logging options, to see if that gives some clues.

Worth a try.

However those logs tend to be SO detailed that
the needed Truth gets buried.

But I'll give it a shot.

Anyway, this issue appeared late in Bullseye
and is now endemic in Bookworm. SOMETHING
changed. Required group memberships ???

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/18/25 2:43 AM, Lawrence D'Oliveiro wrote:

On Tue, 18 Feb 2025 01:44:13 -0500, c186282 wrote:

On 2/18/25 1:06 AM, Lawrence D'Oliveiro wrote:

Turn on some more of the server-side logging options, to see if that
gives some clues.

Worth a try.

Another tip: get better names for your log files with something like this:

log file = /var/log/samba/log.%I-%R

That puts the client IP address and the protocol version they’re using
into the log file name. I have found this useful for spotting patterns in which clients are having trouble.

Noted.

There are of course other fields you can include in the name.

The typical problem with logs is TOO MANY fields.
Can't sort the wheat from the chaff.

SAMBA isn't anything NEW - it SHOULDN'T be this
difficult. High success a few years ago, now crap.
SOMETHING changed but I can't pin it down yet.
PROBABLY some "security enhancement", poorly
documented. It ought to Just Work.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 18 Feb 2025 01:44:13 -0500, c186282 wrote:

On 2/18/25 1:06 AM, Lawrence D'Oliveiro wrote:

Turn on some more of the server-side logging options, to see if that
gives some clues.

Worth a try.

Another tip: get better names for your log files with something like this:

log file = /var/log/samba/log.%I-%R

That puts the client IP address and the protocol version they’re using
into the log file name. I have found this useful for spotting patterns in
which clients are having trouble.

There are of course other fields you can include in the name.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is the samba version problem.

It moved from 2 to 3, and as of some distribution, default is 3 and not 2.
They are not compatible.

You need to specify samba version in some config-file to match what you
are running on the server and all will be will.

Hope it works! =)

On Mon, 17 Feb 2025, c186282 wrote:

I used to use SAMBA quite a lot - Linux servers
in a mostly-Win office environment. It was easy
to set up, offered fine-grained control options.
Point smb.conf entries at most any folder and
it would share it without issues.

BUT, starting with some Bullseye and esp now
in Bookworm, what Used To Work just DOESN'T
seem to work anymore.

I set up an SMB user, set the password. Set the
target folder permissions kind of, sometimes
VERY, liberally.

Would-be clients can see the server. Can see
the shares. However trying to ACCESS the shares
by 'mount cifs' or any other means always
results in either a blank, or usually some
species of 'permission denied'.

OK, what the hell changed so radically ???
Have perused many online tutorials, no luck.
This is not just one machine ... both PIs
and AMD64s are both reluctant.

CAN do NoFileSecurity shares OK - but SAMBA
offers a lot more nuance. All my boxes are
Linux.

Today's need is to mount an external multi-disk
usb drive. Bookworm does NOT seem to automount
those on reboot. DID find a code snippet that
resets the bus, and the external drives mount
at /media/user/xxxx as expected. I'd LIKE to
point SAMBA at those - ez-peazy. However I
could mount the /dev/sdx somewhere else after
boot by direct command, create symlinks or
whatever.

Oh wow ... this is an actual LINUX question :-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18/02/2025 04:58, c186282 wrote:

Today's need is to mount an external multi-disk
usb drive. Bookworm does NOT seem to automount
those on reboot. DID find a code snippet that
resets the bus, and the external drives mount
at /media/user/xxxx as expected. I'd LIKE to
point SAMBA at those - ez-peazy. However I
could mount the /dev/sdx somewhere else after
boot by direct command, create symlinks or
whatever.

Oh wow ... this is an actual LINUX question 🙂

1. The entity actually accessing shared drives is the samba daemon that
is probably running as root, so linux permissions are not the issue.
2. If the USB drive is 'permanent' give it an entry in /etc/fstab.
Using partition UUID to uniquely ID it. This will screw up booting it
the drive is unplugged - up to a couple of minutes to time out maybe.
dont know.
This is an entry for a permanently USB connected SSD drive partition PARTUUID=778a9e44-03 /backup ext4 defaults,noatime 0 1
Note that the partition ends up mounted exactly where you want it.
Use lsblk -f or blkid to determine UUID or PARTUUID on a mounted drive
3. Its a long time since I used SAMBA but Microsoft even then was doing
'clever shit' that you needed to circumvent to get it to work - even
with other microsoft shit. By default sharing was turned off.

So I don't have the definitive answer to the permissions problem - just
where not to look, and permanently assigning a USB mounted partition to
a fixed point in the file system is trivial.


--
"Fanaticism consists in redoubling your effort when you have
forgotten your aim."

George Santayana

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18/02/2025 06:44, c186282 wrote:

On 2/18/25 1:06 AM, Lawrence D'Oliveiro wrote:

On Mon, 17 Feb 2025 23:58:51 -0500, c186282 wrote:

Would-be clients can see the server. Can see the shares. However
trying to ACCESS the shares by 'mount cifs' or any other means
always results in either a blank, or usually some species of
'permission denied'.

Turn on some more of the server-side logging options, to see if that
gives
some clues.

  Worth a try.

  However those logs tend to be SO detailed that
  the needed Truth gets buried.

  But I'll give it a shot.

  Anyway, this issue appeared late in Bullseye
  and is now endemic in Bookworm. SOMETHING
  changed. Required group memberships ???

It may be that samba daemon is running with restricted permissions and
cannot access a user mounted drive system

One user reports:

apt-get install samba-vfs-modules

fixes this issue

It seems the default config may require bits not installed by default.


--
Canada is all right really, though not for the whole weekend.

"Saki"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18/02/2025 07:59, c186282 wrote:

On 2/18/25 2:43 AM, Lawrence D'Oliveiro wrote:

On Tue, 18 Feb 2025 01:44:13 -0500, c186282 wrote:

On 2/18/25 1:06 AM, Lawrence D'Oliveiro wrote:

Turn on some more of the server-side logging options, to see if that
gives some clues.

Worth a try.

Another tip: get better names for your log files with something like
this:

     log file = /var/log/samba/log.%I-%R

That puts the client IP address and the protocol version they’re using
into the log file name. I have found this useful for spotting patterns in
which clients are having trouble.

  Noted.

There are of course other fields you can include in the name.

  The typical problem with logs is TOO MANY fields.
  Can't sort the wheat from the chaff.

  SAMBA isn't anything NEW - it SHOULDN'T be this
  difficult. High success a few years ago, now crap.
  SOMETHING changed but I can't pin it down yet.
  PROBABLY some "security enhancement", poorly
  documented. It ought to Just Work.

Indeed. I think it is probably a trivial configuration issue that has
slipped through.
But it is FOSS., Suck it up and delve deep or install M$hit
--
“Those who can make you believe absurdities, can make you commit atrocities.”

― Voltaire, Questions sur les Miracles à M. Claparede, Professeur de Théologie à Genève, par un Proposant: Ou Extrait de Diverses Lettres de
M. de Voltaire

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

D <[email protected]> wrote:

This is the samba version problem.

It moved from 2 to 3, and as of some distribution, default is 3 and not 2. >They are not compatible.

Samba version (4.21 at the moment), or SMB Protocol version? Both
beasts are different.

Greetings
Marc
--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 18/02/2025 11:24, Marc Haber wrote:

D <[email protected]> wrote:

This is the samba version problem.

It moved from 2 to 3, and as of some distribution, default is 3 and not 2. >> They are not compatible.

Samba version (4.21 at the moment), or SMB Protocol version? Both
beasts are different.

Obviously SMB version.
Idiot

Greetings
Marc

--
Truth welcomes investigation because truth knows investigation will lead
to converts. It is deception that uses all the other techniques.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

The Natural Philosopher <[email protected]d> wrote:

Idiot

Pleased to meet you. I'm Marc.

--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 18 Feb 2025, Marc Haber wrote:

D <[email protected]> wrote:

This is the samba version problem.

It moved from 2 to 3, and as of some distribution, default is 3 and not 2. >> They are not compatible.

Samba version (4.21 at the moment), or SMB Protocol version? Both
beasts are different.

Greetings
Marc

Not the software version, the protocol version. You can change that in the config somewhere.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 18 Feb 2025 16:49:35 +0000, The Natural Philosopher wrote:

Idiot

This is what Free Software contributors have to put up with.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 18 Feb 2025 02:59:35 -0500, c186282 wrote:

SAMBA isn't anything NEW - it SHOULDN'T be this difficult.

It isn’t. I find when I test things with smbclient, they usually work.

It’s invariably the Windows clients that cause problems.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/18/25 8:49 PM, Lawrence D'Oliveiro wrote:

On Tue, 18 Feb 2025 02:59:35 -0500, c186282 wrote:

SAMBA isn't anything NEW - it SHOULDN'T be this difficult.

It isn’t. I find when I test things with smbclient, they usually work.

It’s invariably the Windows clients that cause problems.

In this exact case, it's Linux clients.

Tried and tries, checked smb,conf against recent
examples, checked /etc/groups, checked permissions
and ownership. Just WON'T work.

As said, I used SAMBA in a mixed environment for
many many years. Then, decidedly by bookworm,
SOMETHING nasty changed. This is terrible.

Did NFS shares instead. Don't love NFS, SAMBA
offers much more fine-grained options and
more nuanced security. If this was a work
environment I'd be even more upset - but
this is a 'home' system now that I've retired
and Vlad probably ain't looking.

Anyway, a root @reboot runs a script that mounts
the /dev/sdx USBs. They DO show up where they
are supposed to be. Liberal permissions. SAMBA
just CAN'T share them properly, nothing but
permission errors on the client no matter how I
set things - and I've used Linux since 'X' was
introduced (no fun setting mouse/keyboard/mon
back then) on floppies.

Dunno WHAT the hell they changed, but it's not
documented worth a damn.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/19/25 1:27 AM, c186282 wrote:

On 2/18/25 8:49 PM, Lawrence D'Oliveiro wrote:

On Tue, 18 Feb 2025 02:59:35 -0500, c186282 wrote:

SAMBA isn't anything NEW - it SHOULDN'T be this difficult.

It isn’t. I find when I test things with smbclient, they usually work.

It’s invariably the Windows clients that cause problems.

  In this exact case, it's Linux clients.

  Tried and tries, checked smb,conf against recent
  examples, checked /etc/groups, checked permissions
  and ownership. Just WON'T work.

  As said, I used SAMBA in a mixed environment for
  many many years. Then, decidedly by bookworm,
  SOMETHING nasty changed. This is terrible.

  Did NFS shares instead. Don't love NFS, SAMBA
  offers much more fine-grained options and
  more nuanced security. If this was a work
  environment I'd be even more upset - but
  this is a 'home' system now that I've retired
  and Vlad probably ain't looking.

  Anyway, a root @reboot runs a script that mounts
  the /dev/sdx USBs. They DO show up where they
  are supposed to be. Liberal permissions. SAMBA
  just CAN'T share them properly, nothing but
  permission errors on the client no matter how I
  set things - and I've used Linux since 'X' was
  introduced (no fun setting mouse/keyboard/mon
  back then) on floppies.

  Dunno WHAT the hell they changed, but it's not
  documented worth a damn.

followup :

DID have to do it all with NFS alas.

Root crontab @reboot, after a safe delay, mounts
the USB drives into local subdirs.

@reboot sleep 100 && /root/scripts/mountUSB.sh &

#!/bin/bash
# mount the external USBs
sleep 10
mount -t ext4 /dev/sdb1 -o defaults /home/nas/share/MyShare1
mount -t ext4 /dev/sdc1 -o defaults /home/nas/share/MyShare2

/etc/exports has the proper NFS share defs. Note
that the syntax can be fiddly.

/home/nas/share/MyShare1 192.168.0.0/24(rw)
/home/nas/share/MyShare2 192.168.0.0/24(rw)

All clients have the proper /etc/fstab mount defs.

192.168.0.123:/home/nas/share/MyShare1 /mnt/shar1 nfs defaults,timeo=900,retrans=5,_netdev 0 0

192.168.0.123:/home/nas/share/MyShare2 /mnt/shar2 nfs defaults,timeo=900,retrans=5,_netdev 0 0

Root crontab runs a backup bash script twice a day.
The USB drives all have a tag file - "USB-Mounted" -
on them. The script makes sure it's there. If so
then it's "rsync -a --delete <whatever>/ <wherever>".
Pretty quick. Appends the datetime and 'ok' to a
log file. If the tag file is NOT found then it
appends the datetime with "fail" to the log.

5 6,18 * * * /root/scripts/dupSDB1.sh

#!/bin/bash

# use rsync to copy sdb1 (samsung ssd) to sdc (wd black)

# when run, it will do rsync and append 'backups.log'
# with either the success datetime OR the datetime
# with 'fail' afterwards.

# our test file - if not there then usb
# is not properly mounted

FILE=/home/nas/share/MyShare1/USB-Mounted

if test -f $FILE ; then
rsync -a --delete /home/nas/share/MyShare1/ /home/nas/share/MyShare2
echo "backup done"
dt=$(date)
dt2=${dt}" ok"
touch /home/nas/backups.log
echo $dt2 >> /home/nas/backups.log
else
dt=$(date)
dt2=${dt}" fail"
touch /home/nas/backups.log
echo $dt2 >> /home/nas/backups.log
fi


Early morning, root crontab reboots the whole box.

0 1 * * * /sbin/shutdown -r +1

It works, it's easy, not even any Python or 'C'.

Quick improvement, test for the "USB-Mounted" on
the proposed mirror drive as well, to be sure.

Client NFS connections SEEM to hold thru a reboot
of the NAS - at least if it's not TOO lengthy.
Auto-backups MIGHT want to run a 'mount -a' though
just to be sure.

Set the usb SSD as the prime backup point since
it's a bit faster. For now the mirror is a WD
Black magnetic. Decided against softRAID.

This NAS runs on the latest MX Linux. You'll
rarely go wrong with MX.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2/21/25 1:57 AM, c186282 wrote:

On 2/19/25 1:27 AM, c186282 wrote:

On 2/18/25 8:49 PM, Lawrence D'Oliveiro wrote:

On Tue, 18 Feb 2025 02:59:35 -0500, c186282 wrote:

SAMBA isn't anything NEW - it SHOULDN'T be this difficult.

It isn’t. I find when I test things with smbclient, they usually work. >>>
It’s invariably the Windows clients that cause problems.

   In this exact case, it's Linux clients.

   Tried and tries, checked smb,conf against recent
   examples, checked /etc/groups, checked permissions
   and ownership. Just WON'T work.

   As said, I used SAMBA in a mixed environment for
   many many years. Then, decidedly by bookworm,
   SOMETHING nasty changed. This is terrible.

   Did NFS shares instead. Don't love NFS, SAMBA
   offers much more fine-grained options and
   more nuanced security. If this was a work
   environment I'd be even more upset - but
   this is a 'home' system now that I've retired
   and Vlad probably ain't looking.

   Anyway, a root @reboot runs a script that mounts
   the /dev/sdx USBs. They DO show up where they
   are supposed to be. Liberal permissions. SAMBA
   just CAN'T share them properly, nothing but
   permission errors on the client no matter how I
   set things - and I've used Linux since 'X' was
   introduced (no fun setting mouse/keyboard/mon
   back then) on floppies.

   Dunno WHAT the hell they changed, but it's not
   documented worth a damn.

followup :

  DID have to do it all with NFS alas.

  Root crontab @reboot, after a safe delay, mounts
  the USB drives into local subdirs.

  @reboot sleep 100 && /root/scripts/mountUSB.sh &

    #!/bin/bash
    # mount the external USBs
    sleep 10
    mount -t ext4 /dev/sdb1 -o defaults /home/nas/share/MyShare1
    mount -t ext4 /dev/sdc1 -o defaults /home/nas/share/MyShare2

  /etc/exports has the proper NFS share defs. Note
  that the syntax can be fiddly.

    /home/nas/share/MyShare1 192.168.0.0/24(rw)
    /home/nas/share/MyShare2 192.168.0.0/24(rw)

  All clients have the proper /etc/fstab mount defs.

    192.168.0.123:/home/nas/share/MyShare1 /mnt/shar1 nfs defaults,timeo=900,retrans=5,_netdev 0 0

    192.168.0.123:/home/nas/share/MyShare2 /mnt/shar2 nfs defaults,timeo=900,retrans=5,_netdev 0 0

  Root crontab runs a backup bash script twice a day.
  The USB drives all have a tag file - "USB-Mounted" -
  on them. The script makes sure it's there. If so
  then it's "rsync -a --delete <whatever>/ <wherever>".
  Pretty quick. Appends the datetime and 'ok' to a
  log file. If the tag file is NOT found then it
  appends the datetime with "fail" to the log.

    5 6,18 * * * /root/scripts/dupSDB1.sh

    #!/bin/bash

    # use rsync to copy sdb1 (samsung ssd) to sdc (wd black)

    # when run, it will do rsync and append 'backups.log'
    # with either the success datetime OR the datetime
    # with 'fail' afterwards.

    # our test file - if not there then usb
    # is not properly mounted

    FILE=/home/nas/share/MyShare1/USB-Mounted

    if test -f $FILE ; then
      rsync -a --delete /home/nas/share/MyShare1/ /home/nas/share/MyShare2
      echo "backup done"
      dt=$(date)
      dt2=${dt}" ok"
      touch /home/nas/backups.log
      echo $dt2 >> /home/nas/backups.log
    else
      dt=$(date)
      dt2=${dt}" fail"
      touch /home/nas/backups.log
      echo $dt2 >> /home/nas/backups.log
    fi

  Early morning, root crontab reboots the whole box.

    0 1 * * * /sbin/shutdown -r +1

  It works, it's easy, not even any Python or 'C'.

  Quick improvement, test for the "USB-Mounted" on
  the proposed mirror drive as well, to be sure.

  Client NFS connections SEEM to hold thru a reboot
  of the NAS - at least if it's not TOO lengthy.
  Auto-backups MIGHT want to run a 'mount -a' though
  just to be sure.

  Set the usb SSD as the prime backup point since
  it's a bit faster. For now the mirror is a WD
  Black magnetic. Decided against softRAID.

  This NAS runs on the latest MX Linux. You'll
  rarely go wrong with MX.

Final followup - the revised/improved backup script :

. . .

#!/bin/bash

# v0.2
# we now test for both source and dest in /proc/mounts
# as solid confirmation.

# using rsync to copy sdb1 (samsung ssd) to sdc1 (wd black)

# when run, it will do rsync and append /home/nas/share/qshar1/backups.log
# with either datetime with 'ok' OR the datetime with 'fail'

mount -a # (re)mount all
OKFLG="NO" # a flag
dt=$(date) # guess
PM=$(</proc/mounts) # load all current mounts

# check for mountpoints - if found then proceed
if [[ $PM == *"/dev/sdb1"* ]]; then
if [[ $PM == *"/dev/sdc1"* ]]; then
rsync -a --delete /home/nas/shar/MyShare1/ /home/nas/shar/MyShare2
echo "backup done"
dt=${dt}" ok"
touch /home/nas/share/MyShare1/backups.log
echo $dt >> /home/nas//share/MyShare1/backups.log
OKFLG="YES"
fi
fi

# mountpoints NOT found - fail
if [ "$OKFLG" != "YES" ] ; then
echo "backup failed"
dt=${dt}" fail"
touch /home/nas/share/MyShare1/backups.log
echo $dt >> /home/nas/share/MyShare1/backups.log
fi


. . .

It seemed 'more certain' to actually look in /proc/mounts
to see if the USB drives were still mounted than to rely
on a 'tag file' on them.

Clearly we've loaded the contents of /proc/mounts into a var
and then did pattern searchs for the relevant /dev/sdX? in there.
The log file was moved to the primary share so it'd be easy
to view from any unit making use of the NAS capability.

'touch'-ing ensures the backup file IS there before we try
to append anything to it. Straight "echo >>" might create
the file if not there on most systems, but why risk ?

Decided to go with the success/fail FLAG var because it'll
be easy to mod for more info about issues if needed.

In any case, this is all straight-up bash. Could have done
it in Python, maybe a little more clearly, but I like KISS.
The primary NAS share is duplicated to the other disk twice
a day by root crontab. Any probs, don't do anything but WARN.

COULD add e-mail or whatever, but as this is a small 'home'
system, well, just not needed. Still two drive slots in
my Sabrient external USB unit ... and the structure of
the backup script is easy to add too as so to deal with
whatever I wanna do with them.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)