[Bug 1199973] New: Regression: samba update to 4.15.7+git.376 broke Nautilus share access for NT1 protocol
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 Bug ID: 1199973 Summary: Regression: samba update to 4.15.7+git.376 broke Nautilus share access for NT1 protocol Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Samba Assignee: samba-maintainers@SuSE.de Reporter: martin.wilck@suse.com QA Contact: samba-maintainers@SuSE.de Found By: --- Blocker: --- We've got an old NAS server that requires the "NT1" protocol. We can connect using "client min protocol = NT1" in /etc/samba/smb.conf. This used to work also with Nautilus and it's smb:// URI scheme, until the last update of samba-client. Since the update to samba-client 4.15.7+git.376.dd43aca9ab2, accessing shares via nautilus doesn't work any more. Nautilus opens a pop-up showing "invalid argument". In the previous version 4.15.4+git.324.8332acf1a63, Nautilus would show a password prompt and connect successfully with the right password. The password prompt is never shown with 4.15.7+git.376. But I can still connect via command line: # smbclient -d5 //nasobem.local/josefine -U josefine lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" doing parameter workgroup = MITTAGSTUNDE doing parameter passdb backend = tdbsam doing parameter printing = cups doing parameter printcap name = cups doing parameter printcap cache time = 750 doing parameter cups options = raw doing parameter map to guest = Bad User doing parameter logon path = \\%L\profiles\.msprofile doing parameter logon home = \\%L\%U\.9xprofile doing parameter logon drive = P: doing parameter usershare allow guests = No doing parameter client min protocol = NT1 pm_process() returned Yes added interface wlan0 ip=fd00::5430:8914:8532:921b bcast= netmask=ffff:ffff:ffff:ffff:: added interface wlan0 ip=fd00::a395:90ab:5502:d78a bcast= netmask=ffff:ffff:ffff:ffff:: added interface wlan0 ip=192.168.1.36 bcast=192.168.1.255 netmask=255.255.255.0 Password for [MITTAGSTUNDE\josefine]: Client started (version 4.15.7-git.376.dd43aca9ab2150300.3.32.1-SUSE-oS15.0-x86_64). Opening cache file at /var/lib/samba/lock/gencache.tdb sitename_fetch: No stored sitename for realm '' namecache_fetch: name nasobem.local#20 found. Connecting to 192.168.1.169 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 session request ok negotiated dialect[NT1] against server[nasobem.local] cli_session_creds_prepare_krb5: Doing kinit for josefine@MITTAGSTUNDE to access nasobem.local Kinit for josefine@MITTAGSTUNDE to access nasobem.local failed: Cannot find KDC for requested realm cli_session_setup_spnego_send: Connect to nasobem.local as josefine@MITTAGSTUNDE using SPNEGO GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego gensec_spnego_client_negTokenInit_start: Server claims it's principal name is NONE Starting GENSEC submechanism gse_krb5 smb_gss_krb5_import_cred ccache[MEMORY:cliconnect] failed with [Es wurden keine Anmeldedaten �bergeben oder die Anmeldedaten waren nicht verf�gbar bzw. ein Zugriff darauf nicht m�glich.: kein Anmeldedatenzwischenspeicher gefunden] -the caller may retry after a kinit. Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_SERVER NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH session setup ok tconx ok Try "help" to get a list of possible commands. smb: \> -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c1 John Serock <john.serock@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |john.serock@gmail.com --- Comment #1 from John Serock <john.serock@gmail.com> --- I was also getting the "Invalid argument" message in Nautilus. However, I don't have "NT1" in my /etc/samba/smb.conf. I'm working around the issue by downgrading Samba from 4.15.7 to 4.15.4. The https://dheinemann.com/posts/2022-05-02-working-around-broken-smb-shares-fed... page says that the solution is to upgrade gvfs to 1.50.1, which is in Tumbleweed, but is not yet available for Leap. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c3 Andrei Borzenkov <arvidjaar@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arvidjaar@gmail.com --- Comment #3 from Andrei Borzenkov <arvidjaar@gmail.com> --- (In reply to Martin Wilck from comment #0)
Since the update to samba-client 4.15.7+git.376.dd43aca9ab2, accessing shares via nautilus doesn't work any more. Nautilus opens a pop-up showing "invalid argument". In the previous version 4.15.4+git.324.8332acf1a63, Nautilus would show a password prompt and connect successfully with the right password. The password prompt is never shown with 4.15.7+git.376.
Likely this SAMBA commit commit 9b6e8ae65e24788c82022e761bfb2c78b59260d9 Author: Elia Geretto <elia.f.geretto@gmail.com> Date: Fri Mar 11 19:32:30 2022 +0100 s3:libsmb: Fix errno for failed authentication in SMBC_server_internal() In SMBC_server_internal(), when authentication fails, the errno value is currently hard-coded to EPERM, while it should be EACCES instead. Use the NT_STATUS map to set the appropriate value. which was fixed in gvfs https://gitlab.gnome.org/GNOME/gvfs/-/issues/611 should be safe to backport I guess. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c4 --- Comment #4 from Andrei Borzenkov <arvidjaar@gmail.com> --- (In reply to Andrei Borzenkov from comment #3)
Sorry, the actual PR https://gitlab.gnome.org/GNOME/gvfs/-/merge_requests/138 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 jolz j <jolz@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jolz@gmx.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c6 S. B. <sb56637@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sb56637@gmail.com --- Comment #6 from S. B. <sb56637@gmail.com> --- Confirming this issue for me with Leap 15.4. I have an unmodified /etc/samba/smb.conf and the server is running Debian 11 / OpenMediaVault with whatever its defaults are, specifically `server min protocol` and `client min protocol` are not defined. The workaround for now is to downgrade to the original samba-* packages shipped in the Leap 15.4 release repo. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c7 --- Comment #7 from John Serock <john.serock@gmail.com> --- After installing the gvfs-1.48.1-150400.4.3.1 update on Leap 15.4, I upgraded Samba to 4.15.8+git.500.d5910280cc7-150400.3.11.1. I am now able to connect to my NAS again with the latest version Samba. Looking at https://bugzilla.opensuse.org/show_bug.cgi?id=1198718#c8, it appears that this bug might also be fixed on Leap 15.3 with the gvfs-1.42.2-150200.6.3.1 update. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c11 S. B. <sb56637@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #11 from S. B. <sb56637@gmail.com> --- Hi there, with all of my samba* packages at 4.15.8+git.500.d5910280cc7-150400.3.11.1 and gvfs at 1.48.1-150400.4.3.1 this bug still persists. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c14 --- Comment #14 from Stephen Rose <sjr.apd@shaw.ca> --- I think I may be able to shed some light on the update working for some and not for others. (Originally I reported https://bugzilla.opensuse.org/show_bug.cgi?id=1201486) With the new 4.15.8+git.500.d5910280cc7 it restored the ability for me to login to SMB shares that required a username and password. However it still doesn't allow login to Anonymous shares. I get the same Invalid Argument issue. GUI Error reported in Nautilus is: "Failed to mount Windows share ; Invalid Argument" Connecting to a shares Anonymously does work with 4.15.5 Cheers -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c15 --- Comment #15 from John Serock <john.serock@gmail.com> --- (In reply to Stephen Rose from comment #14) I was able to reproduce the anonymous login issue. It looks like a patch to gvfs may be needed: https://gitlab.gnome.org/GNOME/gvfs/-/merge_requests/143 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1199973 http://bugzilla.opensuse.org/show_bug.cgi?id=1199973#c16 Stephen Rose <sjr.apd@shaw.ca> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED --- Comment #16 from Stephen Rose <sjr.apd@shaw.ca> --- (In reply to John Serock from comment #15)
(In reply to Stephen Rose from comment #14)
I was able to reproduce the anonymous login issue. It looks like a patch to gvfs may be needed:
This now appears resolved. I updated to latest available samba 4.15.12 packages and gvfs is at 1.48.2-150400.4.6.1 I can now log in to anonymous shares without any issues. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com