R7000: SMB Broken in macOS

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sat Apr 29, 2023 15:20    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
jose_rui_sa wrote:
I've done that tests with an expert guy already.... rebooting router en each test also....

seems something broken/incompatible on firmware as told above, on macOS Ventura specially, as older version works...

There are old complaints about MacOS' SMB implemention... I thought things should have been changed by now. But ... BUT....

DD-WRT's kernel-mode Samba (ksmbd) is different from the full Samba (smbd, nmbd, winbindd). They are programmed by different people. ksmbd, though small, might have bugs and missing things, and the 2 groups of progarmmers might not talk to each other. Smile

If you and your technical guy wanna have fun with the full Samba, install Entware then opkg install samba (the full Samba). You could also use a Linux VM (virtual machine) to setup and test the full Samba against MacOS first.

Anyway, you have public shares working. If everyone in your company could be trusted, hang around with public shares.

Lastly, how about using other methods to do the same? FTP? Using one of the MacOS devices to host the SMB shares?

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
Sponsor
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sat Apr 29, 2023 18:32    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
mwchang wrote:
jose_rui_sa wrote:
I've done that tests with an expert guy already.... rebooting router en each test also....

seems something broken/incompatible on firmware as told above, on macOS Ventura specially, as older version works...

There are old complaints about MacOS' SMB implemention... I thought things should have been changed by now. But ... BUT....

DD-WRT's kernel-mode Samba (ksmbd) is different from the full Samba (smbd, nmbd, winbindd). They are programmed by different people. ksmbd, though small, might have bugs and missing things, and the 2 groups of progarmmers might not talk to each other. Smile

If you and your technical guy wanna have fun with the full Samba, install Entware then opkg install samba (the full Samba). You could also use a Linux VM (virtual machine) to setup and test the full Samba against MacOS first.

Anyway, you have public shares working. If everyone in your company could be trusted, hang around with public shares.

Lastly, how about using other methods to do the same? FTP? Using one of the MacOS devices to host the SMB shares?


I'm also experiencing this and although running Entware's Samba fixes this we can't forget that alternatives aren't an excuse not to fix bugs.

The built-in SMB feature in DD-WRT has been "non-functional" since its initial release. It appears that the developer(s) who created it only focused on Linux compatibility, and didn't take into account that there are, in fact, Windows and macOS users.

A few months ago, I was discussing the necessary fixes to make SMB work with Windows 7+. Now, it would be great if someone could diagnose and address the issues with macOS. Fixing this last bit would finally make the built-in SMB useful for most users.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sun Apr 30, 2023 11:30    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
TCB13 wrote:
I'm also experiencing this and although running Entware's Samba fixes this we can't forget that alternatives aren't an excuse not to fix bugs.

The built-in SMB feature in DD-WRT has been "non-functional" since its initial release. It appears that the developer(s) who created it only focused on Linux compatibility, and didn't take into account that there are, in fact, Windows and macOS users. The same might apply to Mac SMB implementation.

A few months ago, I was discussing the necessary fixes to make SMB work with Windows 7+. Now, it would be great if someone could diagnose and address the issues with macOS. Fixing this last bit would finally make the built-in SMB useful for most users.

I agree. But it's kernel-mode samba, which means ksmbd belongs to the Linux kernel. DD-WRT just makes use of the Linux kernel including ksmbd. In my Asus RT-N18U, the kernel version was "Linux 4.4.302-st38" only, not the latest.

At least public shares are working for both Windows and Mac devices. Smile

A few suggestions for testing ksmbd for MacOS devices:
  • Try directly accessing the shares by, as for example, smb://dd-wrt_ip_addresss/share_name. I don't know the exact method for Mac devices.
  • Do not just hit <Apply Settings> after changing Samba settings. Reboot the router.
    Check that /tmp/smb.conf was changed according to the WEBUI settings correctly.
    Code:
    ksmbd.mountd -c /tmp/smb.conf -u /tmp/smb.db

  • Keep Minimum Protocol Version to NT 1.0 or 2.02 and Encrytion to Required, then test each
    Maximum Protocol Version. If nothing worked, try Encryption=Off.
  • If possible, use a Windows PC to find out which Protocol Version works for
    Access Level = Restricted. Remmeber to clear saved credentials. Use that with MacOS
    devices.

Google Search didn't have results for kernel-mode samba and MacOS.... maybe there were no Mac users? They used real NAS? I dunno....

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sun Apr 30, 2023 12:04    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
mwchang wrote:

At least public shares are working for both Windows and Mac devices. Smile



With an old protocol it might work but that can be slower than optimal.

- https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default

Quote:
In Windows 10, version 1709, (...) no longer allows the following actions:

Guest account access to a remote server


According to them this was done because:

1) "Guest logons do not support standard security features such as signing and encryption." > possibly breaking the SMB3 "standard"
2) "guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network"
3) "A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge" > serious security issues.

- https://www.nodeum.io/howto/guest-access-in-smb2-disabled-by-default-in-windows-10
- https://www.claudiokuenzler.com/blog/879/windows-10-server-2016-access-samba-share-guest-account-analysis-workaround-event-31017

mwchang wrote:

Google Search didn't have results for kernel-mode samba and MacOS.... maybe there were no Mac users? They used real NAS? I dunno....


Or maybe the DD-WRT version isn't the real thing / was slimmed down and has bugs as usual Smile.

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sun Apr 30, 2023 12:43    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
TCB13 wrote:
With an old protocol it might work but that can be slower than optimal.

...
1) "Guest logons do not support standard security features such as signing and encryption." > possibly breaking the SMB3 "standard"
2) "guest logons makes the client vulnerable to man-in-the-middle attacks that can expose sensitive data on the network"
3) "A malicious computer that impersonates a legitimate file server could allow users to connect as guests without their knowledge" > serious security issues.

- https://www.nodeum.io/howto/guest-access-in-smb2-disabled-by-default-in-windows-10
- https://www.claudiokuenzler.com/blog/879/windows-10-server-2016-access-samba-share-guest-account-analysis-workaround-event-31017

DD-WRT did switch from standalone Samba to kernel-mode Samba, since some 4xxxx build. Can't remember exactly.

Access Level = Restriced does work for Windows PCs, but you need to alter the settings. I go the easy way, wanting the public file sharing function instead of extreme security. Smile

I hope owners of Apple personal computers could reply this thread.

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
TCB13
DD-WRT User


Joined: 06 Jun 2010
Posts: 260
Location: Portugal

PostPosted: Sun Apr 30, 2023 12:59    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
mwchang wrote:


Access Level = Restriced does work for Windows PCs, but you need to alter the settings.


Not sure if you remember, but I was the one pushing to have that option in the UI last year Laughing

_________________
1x Netgear R7800 (latest); 3x Netgear R7000 (latest); 2x Asus RT-N16 (v3.0-r47656); 2x Fonera 2100 (v3.0-r45454).
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Sun Apr 30, 2023 14:26    Post subject: Re: R7000: SMB Broken in macOS Reply with quote
TCB13 wrote:
Not sure if you remember, but I was the one pushing to have that option in the UI last year Laughing

I do remember a vigorous discussion about this.... I don't quite remember names. Smile

I am still keeping a few bookmarks related to that discussion:

Changeset 47087 – DD-WRT
https://svn.dd-wrt.com/changeset/47087

DD-WRT :: View topic - Samba Builtin/Entware: Public Shares / Windows 10
https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1253677&sid=e70ece5ec3eca05b762c03591afaa128

GitHub - cifsd-team/ksmbd-tools: ksmbd kernel server userspace utilities
https://github.com/cifsd-team/ksmbd-tools/

And I forgot to mention WSDD2 in this thread... maybe related to the MacOS problem.

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
jose_rui_sa
DD-WRT Novice


Joined: 24 Apr 2012
Posts: 33

PostPosted: Tue May 09, 2023 18:38    Post subject: Reply with quote
Firmware: DD-WRT v3.0-r52459 std (05/08/23)

Keep the same problem...
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Tue May 09, 2023 19:38    Post subject: Reply with quote
Nobody has mentioned mDNS / avahi so far, which was added to some targets because of Apple products...
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Thu May 11, 2023 8:01    Post subject: Reply with quote
dale_gribble39 wrote:
Nobody has mentioned mDNS / avahi so far, which was added to some targets because of Apple products...

At the bottom of Services -> Services tab, there is indeed a box for "mDNS / Avahi". It was disabled in my router, as I have no MacOS devices.

Maybe that box should mention "Apple MacOS"? I suspect even Apple users don't know about mDNS and Avahi? Or maybe the box should be moved to Services->NAS, right under the Samba box? Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu May 11, 2023 8:30    Post subject: Reply with quote
mDNS/ Avahi is for local name resolution and Service discovery and can also be used as a reflector to reflect services between local subnets as those are normally restricted to the broadcast domain e.g. if you want to see your Chromecast between subnets.

See: https://www.avahi.org/

It was added for Linux users and not for Apple users (but as Apple is Linux (actually BSD) based it can also use it)

It can advertise SMB services to Linux users, if mDNS is Enabled the enabling of SMB will add the SMB service and SMB is advertised via mDNS to Linux (and thus to Apple users)

I know because I was the one who added it Smile

But is has nothing to do with the actual SMB service (ksmbd) it only advertises its existence.
See: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=331904

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mwchang
DD-WRT Guru


Joined: 26 Mar 2013
Posts: 1855
Location: Hung Hom, Hong Kong

PostPosted: Thu May 11, 2023 11:35    Post subject: Reply with quote
egc wrote:
mDNS/ Avahi is for local name resolution and Service discovery and can also be used as a reflector to reflect services between local subnets as those are normally restricted to the broadcast domain e.g. if you want to see your Chromecast between subnets.

....

It can advertise SMB services to Linux users, if mDNS is Enabled the enabling of SMB will add the SMB service and SMB is advertised via mDNS to Linux (and thus to Apple users)

Does MacOS also need something like that, if you need to host SMB shares?

BTW, I heard that MacOS was based on Unix if not Linux... NextStep?

It's still better to move the mDNS box closer to the Samba box, since they are related. Maybe the Samba box should acquire and absorb the mDNS box. Anyway, that needs volunteers. Smile

_________________
Router: Asus RT-N18U (rev. A1)

Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!

Facebook: https://www.facebook.com/changmanwai
Website: https://sites.google.com/site/changmw
SETI@Home profile: http://setiathome.berkeley.edu/view_profile.php?userid=211832
GitHub: https://github.com/changmw/changmw
jose_rui_sa
DD-WRT Novice


Joined: 24 Apr 2012
Posts: 33

PostPosted: Fri May 26, 2023 20:27    Post subject: Reply with quote
mwchang wrote:
egc wrote:
mDNS/ Avahi is for local name resolution and Service discovery and can also be used as a reflector to reflect services between local subnets as those are normally restricted to the broadcast domain e.g. if you want to see your Chromecast between subnets.

....

It can advertise SMB services to Linux users, if mDNS is Enabled the enabling of SMB will add the SMB service and SMB is advertised via mDNS to Linux (and thus to Apple users)

Does MacOS also need something like that, if you need to host SMB shares?

BTW, I heard that MacOS was based on Unix if not Linux... NextStep?

It's still better to move the mDNS box closer to the Samba box, since they are related. Maybe the Samba box should acquire and absorb the mDNS box. Anyway, that needs volunteers. Smile




Volunteers ? I can test... Cant do more...

About latest version keep failed connection.... Still Older macOS version Samba Works
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Fri May 26, 2023 23:07    Post subject: Reply with quote
Guess macOS needs 3.4.8 or later no idea if or when.
https://github.com/cifsd-team/ksmbd/releases
https://github.com/cifsd-team/ksmbd-tools/releases

https://github.com/cifsd-team/ksmbd/issues/556
https://github.com/cifsd-team/ksmbd/issues/583
jose_rui_sa
DD-WRT Novice


Joined: 24 Apr 2012
Posts: 33

PostPosted: Mon Jun 12, 2023 13:34    Post subject: Reply with quote
any update?


any fix coming?
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next Display posts from previous:    Page 2 of 7
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum