Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Sat Apr 29, 2023 15:20 Post subject: Re: R7000: SMB Broken in macOS
jose_rui_sa wrote:
I've done that tests with an expert guy already.... rebooting router en each test also....
seems something broken/incompatible on firmware as told above, on macOS Ventura specially, as older version works...
There are old complaints about MacOS' SMB implemention... I thought things should have been changed by now. But ... BUT....
DD-WRT's kernel-mode Samba (ksmbd) is different from the full Samba (smbd, nmbd, winbindd). They are programmed by different people. ksmbd, though small, might have bugs and missing things, and the 2 groups of progarmmers might not talk to each other.
If you and your technical guy wanna have fun with the full Samba, install Entware then opkg install samba (the full Samba). You could also use a Linux VM (virtual machine) to setup and test the full Samba against MacOS first.
Anyway, you have public shares working. If everyone in your company could be trusted, hang around with public shares.
Lastly, how about using other methods to do the same? FTP? Using one of the MacOS devices to host the SMB shares? _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Posted: Sat Apr 29, 2023 18:32 Post subject: Re: R7000: SMB Broken in macOS
mwchang wrote:
jose_rui_sa wrote:
I've done that tests with an expert guy already.... rebooting router en each test also....
seems something broken/incompatible on firmware as told above, on macOS Ventura specially, as older version works...
There are old complaints about MacOS' SMB implemention... I thought things should have been changed by now. But ... BUT....
DD-WRT's kernel-mode Samba (ksmbd) is different from the full Samba (smbd, nmbd, winbindd). They are programmed by different people. ksmbd, though small, might have bugs and missing things, and the 2 groups of progarmmers might not talk to each other.
If you and your technical guy wanna have fun with the full Samba, install Entware then opkg install samba (the full Samba). You could also use a Linux VM (virtual machine) to setup and test the full Samba against MacOS first.
Anyway, you have public shares working. If everyone in your company could be trusted, hang around with public shares.
Lastly, how about using other methods to do the same? FTP? Using one of the MacOS devices to host the SMB shares?
I'm also experiencing this and although running Entware's Samba fixes this we can't forget that alternatives aren't an excuse not to fix bugs.
The built-in SMB feature in DD-WRT has been "non-functional" since its initial release. It appears that the developer(s) who created it only focused on Linux compatibility, and didn't take into account that there are, in fact, Windows and macOS users.
A few months ago, I was discussing the necessary fixes to make SMB work with Windows 7+. Now, it would be great if someone could diagnose and address the issues with macOS. Fixing this last bit would finally make the built-in SMB useful for most users. _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Sun Apr 30, 2023 11:30 Post subject: Re: R7000: SMB Broken in macOS
TCB13 wrote:
I'm also experiencing this and although running Entware's Samba fixes this we can't forget that alternatives aren't an excuse not to fix bugs.
The built-in SMB feature in DD-WRT has been "non-functional" since its initial release. It appears that the developer(s) who created it only focused on Linux compatibility, and didn't take into account that there are, in fact, Windows and macOS users. The same might apply to Mac SMB implementation.
A few months ago, I was discussing the necessary fixes to make SMB work with Windows 7+. Now, it would be great if someone could diagnose and address the issues with macOS. Fixing this last bit would finally make the built-in SMB useful for most users.
I agree. But it's kernel-mode samba, which means ksmbd belongs to the Linux kernel. DD-WRT just makes use of the Linux kernel including ksmbd. In my Asus RT-N18U, the kernel version was "Linux 4.4.302-st38" only, not the latest.
At least public shares are working for both Windows and Mac devices.
A few suggestions for testing ksmbd for MacOS devices:
Do not just hit <Apply Settings> after changing Samba settings. Reboot the router.
Check that /tmp/smb.conf was changed according to the WEBUI settings correctly.
Code:
ksmbd.mountd -c /tmp/smb.conf -u /tmp/smb.db
Keep Minimum Protocol Version to NT 1.0 or 2.02 and Encrytion to Required, then test each
Maximum Protocol Version. If nothing worked, try Encryption=Off.
If possible, use a Windows PC to find out which Protocol Version works for
Access Level = Restricted. Remmeber to clear saved credentials. Use that with MacOS
devices.
Google Search didn't have results for kernel-mode samba and MacOS.... maybe there were no Mac users? They used real NAS? I dunno....
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
In Windows 10, version 1709, (...) no longer allows the following actions:
Guest account access to a remote server
According to them this was done because:
1) "Guest logons do not support standard security features such as signing and encryption." > possibly breaking the SMB3 "standard"
2) "guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network"
3) "A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge" > serious security issues.
Google Search didn't have results for kernel-mode samba and MacOS.... maybe there were no Mac users? They used real NAS? I dunno....
Or maybe the DD-WRT version isn't the real thing / was slimmed down and has bugs as usual . _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Sun Apr 30, 2023 12:43 Post subject: Re: R7000: SMB Broken in macOS
TCB13 wrote:
With an old protocol it might work but that can be slower than optimal.
...
1) "Guest logons do not support standard security features such as signing and encryption." > possibly breaking the SMB3 "standard"
2) "guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network"
3) "A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge" > serious security issues.
DD-WRT did switch from standalone Samba to kernel-mode Samba, since some 4xxxx build. Can't remember exactly.
Access Level = Restriced does work for Windows PCs, but you need to alter the settings. I go the easy way, wanting the public file sharing function instead of extreme security.
I hope owners of Apple personal computers could reply this thread. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Posted: Sun Apr 30, 2023 12:59 Post subject: Re: R7000: SMB Broken in macOS
mwchang wrote:
Access Level = Restriced does work for Windows PCs, but you need to alter the settings.
Not sure if you remember, but I was the one pushing to have that option in the UI last year _________________ 1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
Nobody has mentioned mDNS / avahi so far, which was added to some targets because of Apple products... _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Thu May 11, 2023 8:01 Post subject:
dale_gribble39 wrote:
Nobody has mentioned mDNS / avahi so far, which was added to some targets because of Apple products...
At the bottom of Services -> Services tab, there is indeed a box for "mDNS / Avahi". It was disabled in my router, as I have no MacOS devices.
Maybe that box should mention "Apple MacOS"? I suspect even Apple users don't know about mDNS and Avahi? Or maybe the box should be moved to Services->NAS, right under the Samba box? _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu May 11, 2023 8:30 Post subject:
mDNS/ Avahi is for local name resolution and Service discovery and can also be used as a reflector to reflect services between local subnets as those are normally restricted to the broadcast domain e.g. if you want to see your Chromecast between subnets.
It was added for Linux users and not for Apple users (but as Apple is Linux (actually BSD) based it can also use it)
It can advertise SMB services to Linux users, if mDNS is Enabled the enabling of SMB will add the SMB service and SMB is advertised via mDNS to Linux (and thus to Apple users)
Joined: 26 Mar 2013 Posts: 1855 Location: Hung Hom, Hong Kong
Posted: Thu May 11, 2023 11:35 Post subject:
egc wrote:
mDNS/ Avahi is for local name resolution and Service discovery and can also be used as a reflector to reflect services between local subnets as those are normally restricted to the broadcast domain e.g. if you want to see your Chromecast between subnets.
....
It can advertise SMB services to Linux users, if mDNS is Enabled the enabling of SMB will add the SMB service and SMB is advertised via mDNS to Linux (and thus to Apple users)
Does MacOS also need something like that, if you need to host SMB shares?
BTW, I heard that MacOS was based on Unix if not Linux... NextStep?
It's still better to move the mDNS box closer to the Samba box, since they are related. Maybe the Samba box should acquire and absorb the mDNS box. Anyway, that needs volunteers. _________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
mDNS/ Avahi is for local name resolution and Service discovery and can also be used as a reflector to reflect services between local subnets as those are normally restricted to the broadcast domain e.g. if you want to see your Chromecast between subnets.
....
It can advertise SMB services to Linux users, if mDNS is Enabled the enabling of SMB will add the SMB service and SMB is advertised via mDNS to Linux (and thus to Apple users)
Does MacOS also need something like that, if you need to host SMB shares?
BTW, I heard that MacOS was based on Unix if not Linux... NextStep?
It's still better to move the mDNS box closer to the Samba box, since they are related. Maybe the Samba box should acquire and absorb the mDNS box. Anyway, that needs volunteers.
Volunteers ? I can test... Cant do more...
About latest version keep failed connection.... Still Older macOS version Samba Works