Author Topic: How to enable SMBv2 on Linkstation LS-WXL systems so it works with modern OSes  (Read 198816 times)

Sergeant_Steve

  • Calf
  • *
  • Posts: 9
OK it failed miserably using the forked acp_commander.jar so I used the one from the same repo as the get_ssh script that was updated 6 years ago, and it seemed like it failed (multiple
Code: [Select]
Changeing IP: ACP_STATE_PASSWORD_ERROR at the end of every block of commands) but then I figured I'd try to login as root via putty and that worked with the same password as admin account.

So now I've followed the instructions posted by mishikal (what to put in smb.sh) and patator (how to edit it for those not as familiar with Linux) and I'm hoping after I reboot my PC to disable SMB v1.0 client/server I'll still be able to access my NAS drive.

Sergeant_Steve

  • Calf
  • *
  • Posts: 9
Ok I removed SMBv1.0 Client from Windows 10 and I've even restarted the LinkStation for good measure and Windows 10 still won't see the LinkStation.

I've modified the correct config file so it's near enough exactly as posted by mishikal in post #1, I even ran the same restart command and still nothing.

Here is what my config file looks like from putty.

Here is what happens when I run the reload command.

Am I doing something wrong somewhere? I've copied and pasted the configs etc so I don't see how I could mistype something.
« Last Edit: March 23, 2020, 06:17:11 PM by Sergeant_Steve »

Sergeant_Steve

  • Calf
  • *
  • Posts: 9
So I ended up having to do another restart due to messing up SSH after trying to restart the service, and I've just noticed that now it seems to have decided to start working with Windows 10 after it previously refusing...

So it seems you need to both run the reload command AND restart the LinkStation (which despite me doing both earlier didn't seem to work). I've also just set the max protocol to SMBv2, I might try setting the minimum to SMBv2 as well in the future and see what happens.

Either way my LinkStation now seems to be allowing SMBv2 on Windows 10.

I assume updating Samba to say version 4.x.x for SMBv3 is nigh on impossible?

1000001101000

  • Debian Wizard
  • Big Bull
  • *****
  • Posts: 1128
  • There's no problem so bad you cannot make it worse
Yes, trying to update Samba within the stock firmware would be nearly impossible.

If you'd like you can replace the stock firmware with Debian Linux. In that case you can easily install modern Samba, though you'll need to configure it yourself.

Installation media and instructions can be found here:
https://github.com/1000001101000/Debian_on_Buffalo

tjsuominen

  • Calf
  • *
  • Posts: 10
Seems ssh is enabled on my LinkStation mini (responds to PuTTy SSH) asking login and password.

Now my challenge is: what is my LS ssh root default passwd...?

For the time being, I have re-enabled SMB1 on my W10...


1000001101000

  • Debian Wizard
  • Big Bull
  • *****
  • Posts: 1128
  • There's no problem so bad you cannot make it worse
Some models have an SSH server running which is used for the SFTP function but is locked down to prevent shell access. The exact way this is accomplished varies somewhat between model/firmware versions.

There have been tools/scripts over the years to automate removing this restriction but they only work for specific versions and will mess up your SSH config if used against an incompatible version. That said I used this one against my LS-QVL a few years ago (but not with the current FW version) and it worked:
https://github.com/rogers0/OpenLinkstation/blob/master/0_get-ssh/get-ssh.sh

When I need a shell on one of these devices I use the "-o" function of ACP Commander to temporarily enable root access over telnet. The primary advantage of this is that it works reliably with all models (except the ls500 series).
https://github.com/1000001101000/acp-commander

For either method you'll want to set a strong root password afterwards since it will enable root logins on the device and set a blank password (or change it to your admin password). In the case of the telnet option the telnet service will only be active until you reboot the device.

tjsuominen

  • Calf
  • *
  • Posts: 10
Thx!

Seems pretty likely that I'll be able to break something while trying, seems likely I'll stick with the SMB1 enabled on my W10.

Just wondering why not buffalotech release one more firmware update so you could this (to enable SMB2/3) from the Web admin console...


davo

  • Really Big Bull
  • VIP
  • *
  • Posts: 6149
Just wondering why not buffalotech release one more firmware update so you could this (to enable SMB2/3) from the Web admin console...

Because it makes people buy new units.
« Last Edit: May 13, 2020, 08:28:13 AM by davo »
PM me for TFTP / Boot Images / Recovery files  LSRecovery.exe file.
Having network issues? Drop me an email: info@interwebnetworks.com and we will get it fixed!

borgan@yahoo.com

  • Calf
  • *
  • Posts: 9
Hey, all!  I updated the smb.sh as described and can access the NAS.  However, when I attempt to copy a large number of files from my Windows 10 computer, the NAS device services appear to shut down even though the device still pings.  The only way to recover is to hard boot the device.  I am now copying files directly from the backup to the array via ssh console, but this will not fix the overall large file count issue for future use.  Any ideas about either a buffer or other tweak that is missed?  Device is an LS-QVL with FW 1.74.  Thanks!
« Last Edit: May 12, 2020, 03:33:54 PM by borgan@yahoo.com »

hdeb

  • Calf
  • *
  • Posts: 3
Hi,

Sorry I am a little late after the battle ...
My Buffalo NAS is a LinkStation LS-WXL (LS-WXLB1D).
The firmware is 1.74 (DTCP-IP:1.65-20130731).

When I lost contact with it after a Windows 10 update, I read that Buffalo would not update the firmware.
Then one of my PCs was configured with SMB1, but it is not safe and I am not happy to throw away this NAS.
So I follow the instructions of this thread, thanks to mishikal.

I got : buffalo linkstation acp-commander-gui
I got an SSH entry point and a password to login as root. Great because I had no idea to do that before !
Then I used PuTTY to modify smb.sh as prescribed.
After restart, I checked that smb.conf was modified, and it was ok with the line: max protocol = SMB2 .

Then I look at my PCs : the NAS is hidden on the Windows 10 updated one and I can see it on the other which is SMB1 modified.

My NAS doesn't change to SMBv2 despite the smb.conf was modified by smb.sh.

I added "min protocol = SMB2" without any change.

As others seemed to be successful with this, where am I wrong ?

 
« Last Edit: October 29, 2020, 08:37:22 AM by hdeb »

hdeb

  • Calf
  • *
  • Posts: 3
My LinkStation LS-WXLB1D with FW 1.74 has this Samba version : 3.6.3-31a.osstech

I can't change from SMB1, don't know why.

Probably supporting no other Samba version ?

« Last Edit: October 30, 2020, 04:42:37 AM by hdeb »

1000001101000

  • Debian Wizard
  • Big Bull
  • *****
  • Posts: 1128
  • There's no problem so bad you cannot make it worse
I think others have been able to make this change successfully for this firmware.

Could be something simple like a typo or something.

I think there are samba commands to validate a config file and to print out the current config, that might give you some hints.

hdeb

  • Calf
  • *
  • Posts: 3
Thank you 1000001101000 for replying.
This is what I get using testparm :

Quote
root@Sauvegarde_NAS:~# testparm -V
Version 3.6.3-31a.osstech
root@Sauvegarde_NAS:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "null passwords" option is deprecated
WARNING: The "password level" option is deprecated
Processing section "[lp]"
WARNING: The "printer admin" option is deprecated
Processing section "[info]"
Processing section "[NOS_FILMS]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        dos charset = ISO8859-15
        unix charset = UTF-8
        display charset = UTF-8
        workgroup = NOISY
        server string = "LinkStation LS-WXLB1D"
        auth methods = guest, sam
        map to guest = Bad User
        null passwords = Yes
        passdb backend = tdbsam:/etc/samba/smbpasswd.tdb
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
        username map = /etc/samba/smbusers
        password level = 14
        unix password sync = Yes
        lanman auth = Yes
        max log size = 0
        max protocol = SMB2
        unix extensions = No
        deadtime = 15
        socket options = TCP_NODELAY SO_RCVBUF=262144 SO_SNDBUF=262144
        printcap name = /etc/printcap
        disable spoolss = Yes
        show add printer wizard = No
        os level = 1
        dns proxy = No
        lock directory = /etc/samba/lock
        host msdfs = No
        idmap config * : backend = tdb
        invalid users = mail, deamon
        admin users = root
        use sendfile = Yes
        printing = lprng
        lppause command = lpc hold '%p' %j
        lpresume command = lpc release '%p' %j
        queuepause command = lpc stop '%p'
        queueresume command = lpc start '%p'
        delete veto files = Yes
        veto files = /.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/.AppleDouble/.AppleDB/.com.apple.timemachine.supported/
        wide links = Yes

[lp]
        comment = Network Printer for Windows
        path = /mnt/array1/spool/samba
        printer admin = admin
        guest ok = Yes
        printable = Yes
        print ok = Yes
        print command = /usr/bin/lpr -Plp -r %s
        use client driver = Yes

[info]
        comment = LinkStation Utilities
        path = /mnt/info
        guest ok = Yes
        csc policy = disable

[NOS_FILMS]
        path = /mnt/array1/NOS_FILMS
        read only = No
        force create mode = 0666
        force security mode = 0666
        force directory mode = 0777
        force directory security mode = 0777
        guest ok = Yes
        vfs objects = recycle
        recycle:minsize = 1
        recycle:directory_mode = 777
        recycle:versions = 1
        recycle:keeptree = 1
        recycle:repository = trashbox

Do you see something wrong ?
« Last Edit: October 30, 2020, 06:26:34 PM by hdeb »

1000001101000

  • Debian Wizard
  • Big Bull
  • *****
  • Posts: 1128
  • There's no problem so bad you cannot make it worse
nothing obvious. The min protocol doesn't seem to be set, but I wouldn't think it would be necessary.

you could try restarting samba to make sure this config is actually what's in use.

philadopolis

  • Calf
  • *
  • Posts: 1
I had to do this a couple of years ago. Tonight I saw that a new firmware (1.75) was out. Against my better judgment, I installed it and promptly lost access to all of my files again, so I had to stumble my way through this solution again with the help of Internet Archive (https://web.archive.org/web/20190718105044/http://nerdkey.co.uk:80/guides/enable-ssh-linkstation-stock-firmware/):
  • Download ACP Commander GUI
  • Download Java
  • Download PuTTY

Thanks again to the OP. No thanks to BUFFALO.