Author Topic: How to enable SMBv2 on Linkstation LS-WXL systems so it works with modern OSes  (Read 6195 times)

mishikal

  • Calf
  • *
  • Posts: 5
This requires enabling remote SSH access to the system, but once you do that and log in as root, modify /etc/init.d/smb.sh

There is a configure() function that calls /usr/local/sbin/nas_configgen -c samba, which always overwrites /etc/samba/smb.conf.  To allow SMBv2, modify the code as follows.

From:
Code: [Select]
        /usr/local/sbin/nas_configgen -c samba
        if [ $? -ne 0 ]; then
                echo "$0 configure fail"
                exit 1
        fi

To:
Code: [Select]
    /usr/local/sbin/nas_configgen -c samba
        if [ $? -ne 0 ]; then
                echo "$0 configure fail"
                exit 1
        fi
        /bin/sed -i '3i\\
    min protocol = SMB2\\
    max protocol = SMB2\\
        ' /etc/samba/smb.conf


Then run /etc/init.d/smb.sh reload and the NAS will now allow SMBv2 connections.  Enjoy!
« Last Edit: April 30, 2018, 04:53:18 pm by mishikal »

ArronHad

  • Calf
  • *
  • Posts: 1
Nice one Mishikal, it took me a couple of tries but got it working perfect in the end! Feels good to be all setup.

StephenDavis1977

  • Calf
  • *
  • Posts: 2
How do I do this on a Windows 10 machine that cannot access the LinkStation?

patator

  • Calf
  • *
  • Posts: 1
Quote
How do I do this on a Windows 10 machine that cannot access the LinkStation?

First you need to get root access on your linkstation using ACP Commander.
I used this http://nerdkey.co.uk/guides/enable-ssh-linkstation-stock-firmware/ as it sounded easy enough at that time.

For the next steps, I take it you are not familiar with Unix, so here is a step by step once you have root access.

Login as root using PUTTY
once done, type
cp  /etc/init.d/smb.sh /root
This will cpy the file in case you make a mistake.

vi  /etc/init.d/smb.sh
this editor is quite unfriendly, so follow the following key strokes ([ESC] is the key esape, not the letters):
[ESC]/nas_config
use the arrow to go at the end of this section:
Code: [Select]
/usr/local/sbin/nas_configgen -c samba
        if [ $? -ne 0 ]; then
                echo "$0 configure fail"
                exit 1
        fi
type A then enter
copy the following and right click to paste in putty:
Code: [Select]
/bin/sed -i '3i\\    max protocol = SMB2\\' /etc/samba/smb.confthen hit the following keys:
[ESC]:wq

to try that it worked:
/etc/init.d/smb.sh restart

You should now be able to access your files on Windows10.

Good luck!

« Last Edit: February 18, 2018, 11:33:20 am by patator »

jurrabi

  • Calf
  • *
  • Posts: 2
This might be a stupid question but, how come this is not enabled by default in the latest 1.74 firmware version for my Linkstation LS-WXL?? I mean, that update is dated Feb, 2018 and the Buffalo site states that the model is Windows 10 compatible witch can't be without SMBv2 enabled...
WTF?

Since I don't seem able to get root or SSH access to my device... what are my options?

Any ideas? thanks in advance.

oxygen8

  • Buffalo
  • ***
  • Posts: 138
  • Giving you some breathing space.
"Windows 10 compatible witch can't be without SMBv2 enabled.."

this is not correct
Microsoft have disabled SMB1

Now Windows is not compatibel to old nas

enable SMB1 on windows

mishikal

  • Calf
  • *
  • Posts: 5
enable SMB1 on windows

Under no circumstances should you enable SMB1.  Microsoft disabled it for a reason: SMBv1 has numerous security flaws at the protocol level.  That is why they disabled it in the first place.  The correct solution is to enable SMBv2 as documented above.

Why Buffalo isn't including this in their firmware updates is beyond me.  It's trivial to do.

See also https://www.us-cert.gov/ncas/current-activity/2017/03/16/Microsoft-SMBv1-Vulnerability

Basically, if you enable SMBv1, anyone on your network can take over your computer.

mishikal

  • Calf
  • *
  • Posts: 5
Note: I've updated the original suggestion so that SMBv1 is entirely disabled, given the security risks of allowing it.

mparker

  • Calf
  • *
  • Posts: 1
So first off thank you for all who contributed to this fix. It works, for the most part.
So, that being said I have an issue that I can't seem to figure out yet is this.

I have a Windows 10 machine that is my personal laptop
Windows 10 Pro version 10.0.17134 Build 17134
this is the machine I SSH'd to the Linkstation LS-QVL from and made the changes as you listed above.
I figured that would be the end of it and the issue was fixed. So I started notifying my users. They still cannot access the Linkstation which baffles me completely.

Their machines are the exact same build
Windows 10 Pro version 10.0.17134 Build 17134
I did a complete fresh install on a test machine and it cannot access the linkstation.
Only difference between their machines and the test machine is that it is a Work Machine that is connected to Azure AD where mine is a personal machine not connected to Azure AD. That's the only common thing I can find that differs between the machines.

The following are the error messages I receive, and it doesn't matter whether I use the IP address of the LS-QVL or the Network name \\NAS1

From File Explorer:
Windows cannot access \\nas1
Check the spelling of the name. Otherwise, there might be a problem with your network. To try to identify and resolve the problems, click Diagnose.
Error code: 0x80004005
Unspecified Error

From Windows Key + R
The specified server cannot perform the requested operation

I am at a loss here, my personal laptop connected to the same network works after I implented the changes as specified in this thread. No other Azure AD connected machines can access the device. And we are all connected to the same exact network.

UPDATE: I reinstalled the OS on the test machine. I chose Personal Use instead of Work use so it did not join the Azure AD domain. Now I can access the Share, this means there is a setting in Azure AD somewhere that locks down access to this share. Why I don't know, but it's locking the domain systems out.
« Last Edit: May 15, 2018, 12:45:25 pm by mparker »