SMB external storage won't connect

smb

#1

Steps to reproduce

  1. Add SMB/CIFS external storage

Expected behaviour

SMB setup connects and files are browseable

Actual behaviour

Red box appears, files not browseable

Server configuration

Operating system:
Linux

Web server:
Apache

Database:
MySQL (MariaDB)

PHP version:
7.0

ownCloud version: (see ownCloud admin page)
10.0.3.3

Updated from an older ownCloud or fresh install:
Fresh, then migrated old data

Where did you install ownCloud from:
TAR

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and put the link here.
No errors

Config Report

List of activated apps:

Enabled:
  - activity: 2.3.6
  - comments: 0.3.0
  - configreport: 0.1.1
  - dav: 0.3.0
  - federatedfilesharing: 0.3.1
  - files: 1.5.1
  - files_external: 0.7.1
  - files_pdfviewer: 0.8.2
  - files_sharing: 0.10.1
  - files_texteditor: 2.2.1
  - files_trashbin: 0.9.1
  - files_versions: 1.3.0
  - files_videoplayer: 0.9.8
  - firstrunwizard: 1.1
  - market: 0.2.2
  - notifications: 0.3.1
  - provisioning_api: 0.5.0
  - templateeditor: 0.1
  - updatenotification: 0.2.1
Disabled:
  - encryption
  - external
  - federation
  - files_antivirus
  - systemtags
  - theme-example
  - user_external

Are you using external storage, if yes which one: local/smb/sftp/...
smb

Are you using encryption: yes/no
no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

Client configuration

Browser:
Chrome

Operating system:
Windows

Logs

Web server error log

[Mon Oct 02 17:55:18.240863 2017] [authz_core:error] [pid 29151] [client REMOVED:61545] AH01630: client denied by server configuration: /var/www/html/owncloud/data/htaccesstest.txt

php-smbclient is installed. This just broke about 2 weeks ago.


#2

Can you connect to the share using a file browser on a different host?


#3

Yes, can connect fine through other Windows machines, and can connect on owncloud server directly via smbclient.

We discovered in our logs that owncloud appears to be trying to connect as user "nobody" instead of the user we assign in the settings.


#4

The last line in this series of logs does look suspicious, like it isn't passing a username at all: Invalid request for smb:\/\/192.168.2.23\/Clients\/

{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: __construct({\"host\":\"192.168.2.23\",\"share\":\"Clients\",\"root\":\"\",\"domain\":\"\",\"user\":\"SHAREUSER\",\"password\":\"***removed***\"})"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"using native libsmbclient"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"leave: __construct, getId:smb::SHAREUSER@192.168.2.23\/\/Clients\/\/"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: __construct({\"host\":\"192.168.2.23\",\"share\":\"Clients\",\"root\":\"\",\"domain\":\"\",\"user\":\"SHAREUSER\",\"password\":\"***removed***\"})"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"using native libsmbclient"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"leave: __construct, getId:smb::SHAREUSER@192.168.2.23\/\/Clients\/\/"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: test()"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: stat()"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: getFileInfo()"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: buildPath()"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"leave: buildPath, return '\/'"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"stat fetching '\/'"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: remoteIsShare"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"leave: remoteIsShare, return true"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: isRootDir(\/)"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"leave: isRootDir, return true"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"faking stat for forbidden '\/'"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"enter: shareMTime"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"test swallowing Icewind\\SMB\\Exception\\ForbiddenException - code: 13 message: Invalid request for smb:\/\/192.168.2.23\/Clients\/ (ForbiddenException) trace: #0 \/var\/www\/html\/owncloud\/apps\/files_external\/3rdparty\/icewind\/smb\/src\/NativeState.php(72): Icewind\\SMB\\NativeState->handleError('smb:\/\/192.168.2...')\n#1 \/var\/www\/html\/owncloud\/apps\/files_external\/3rdparty\/icewind\/smb\/src\/NativeState.php(101): Icewind\\SMB\\NativeState->testResult(false, 'smb:\/\/192.168.2...')\n#2 \/var\/www\/html\/owncloud\/apps\/files_external\/3rdparty\/icewind\/smb\/src\/NativeShare.php(86): Icewind\\SMB\\NativeState->opendir('smb:\/\/192.168.2...')\n#3 \/var\/www\/html\/owncloud\/apps\/files_external\/lib\/Lib\/Storage\/SMB.php(307): Icewind\\SMB\\NativeShare->dir('\/')\n#4 \/var\/www\/html\/owncloud\/apps\/files_external\/lib\/Lib\/Storage\/SMB.php(179): OCA\\Files_External\\Lib\\Storage\\SMB->shareMTime()\n#5 \/var\/www\/html\/owncloud\/apps\/files_external\/lib\/Lib\/Storage\/SMB.php(290): OCA\\Files_External\\Lib\\Storage\\SMB->getFileInfo('\/')\n#6 \/var\/www\/html\/owncloud\/lib\/private\/Files\/Storage\/Common.php(436): OCA\\Files_External\\Lib\\Storage\\SMB->stat('')\n#7 \/var\/www\/html\/owncloud\/apps\/files_external\/lib\/Lib\/Storage\/SMB.php(643): OC\\Files\\Storage\\Common->test()\n#8 \/var\/www\/html\/owncloud\/lib\/private\/Files\/External\/LegacyUtil.php(202): OCA\\Files_External\\Lib\\Storage\\SMB->test(false, true)\n#9 \/var\/www\/html\/owncloud\/apps\/files_external\/lib\/Controller\/StoragesController.php(255): OC\\Files\\External\\LegacyUtil::getBackendStatus('\\\\OCA\\\\Files_Exte...', Array, false, true)\n#10 \/var\/www\/html\/owncloud\/apps\/files_external\/lib\/Controller\/StoragesController.php(304): OCA\\Files_External\\Controller\\StoragesController->updateStorageStatus(Object(OC\\Files\\External\\StorageConfig), true)\n#11 [internal function]: OCA\\Files_External\\Controller\\StoragesController->show(23, true)\n#12 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(159): call_user_func_array(Array, Array)\n#13 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/Http\/Dispatcher.php(89): OC\\AppFramework\\Http\\Dispatcher->executeController(Object(OCA\\Files_External\\Controller\\GlobalStoragesController), 'show')\n#14 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/App.php(98): OC\\AppFramework\\Http\\Dispatcher->dispatch(Object(OCA\\Files_External\\Controller\\GlobalStoragesController), 'show')\n#15 \/var\/www\/html\/owncloud\/lib\/private\/AppFramework\/Routing\/RouteActionHandler.php(46): OC\\AppFramework\\App::main('OCA\\\\Files_Exter...', 'show', Object(OC\\AppFramework\\DependencyInjection\\DIContainer), Array)\n#16 [internal function]: OC\\AppFramework\\Routing\\RouteActionHandler->__invoke(Array)\n#17 \/var\/www\/html\/owncloud\/lib\/private\/Route\/Router.php(307): call_user_func(Object(OC\\AppFramework\\Routing\\RouteActionHandler), Array)\n#18 \/var\/www\/html\/owncloud\/lib\/base.php(928): OC\\Route\\Router->match('\/apps\/files_ext...')\n#19 \/var\/www\/html\/owncloud\/index.php(56): OC::handleRequest()\n#20 {main}"}
{"reqId":"WdUxL@ZK6PdE3Na1ZOA-YgAAAAc","level":0,"time":"2017-10-04T19:06:23+00:00","remoteAddr":"***removed***","user":"USER","app":"wnd","method":"GET","url":"\/apps\/files_external\/globalstorages\/23?testOnly=true","message":"leave: test, return false"}

#5

Can you create a new share, that doesn't require a username or password, and doesn't have any permissions set on the filesystem, to see if that makes any difference?


#6

I can try. I did forget to mention though that if I set this share to be public, then it does connect and I can browse the files like normal... But once it is set back to requiring a username/password, it fails again, and share logs show a user failed to connect with username "nobody". Thanks for your help with this issue.


#7

Check if your windows server needs (or not) a domain / workgroup to be sent. While some servers won't require a domain / workgroup (aka, sending the username as 'username') will work fine, other might require it ('my.windows.server\username' you'll need to user 'username' as username and 'my.windows.server' as domain).
In the second case, connecting to the server using just 'username' will fail and the server (windows) might fallback to use anonymous authentication.


#8

Thanks @jvillafanez. Our server does not require a workgroup. We can connect locally from our other Windows workstations, and directly from smbclient as mentioned.

To add to this, we also cannot connect to our other Linux server via SMB either.. Basically any server we try to connect to through SMB no longer works.


#9

Windows servers/PCs always require a workgroup or domain. Check that this matches on all hosts that you're trying to connect between, or use the <hostname>\<username> syntax when trying to connect to a share.

Given that this worked before, it'd be worth thinking about what has changed that could have caused this.

Also, in your original post you mention an error message in the logs:

What does that file have in it?


#10

The only thing I can come up with is to comment lines https://github.com/owncloud/core/blob/master/apps/files_external/lib/Lib/Storage/SMB.php#L74-L76 and verify the password is the expected one, without any weird or empty char in it. You can restore them afterwards.


#11

I have the similar issue.
I am using LDAP for auth on all of the local services.
When share is guest ok it is mounted properly on OwnCloud.
If I setup share to use Login credentials, save in session, it fails to mount.
If I setup share with username and password it fails to mount.
If I setup share with username and password and add Domain, it mounts!
If I setup share to use Login credentials, save in session and add Domain, it fails to mount.

It seams that libsmbclient is not able to authenticate user somehow, not sure why.
I actually installed xdebug on my server and tried to debug, before I figured out a scenario where it works.
If I find some time I will try do debug once again to compare working and no working cases, if somebody else does not fix it before me.


#12

I've managed to get a quick look.
It seams that when username, password and domain are set for a share, domain set is used and everything goes fine.
When user and password from session are used domain added is ignored, and OC tries to get domain from session, which does not exist.
Quick workaround for me was to use Samba in simple sharing mode instead of using it as domain controller and adding my workgroup to each share in OC.
Not a great solution, but I prefer having OC working, than DC.
Anyhow, this should be further investigated by OC developer responsible for Samba implementation.
I don't have enough free time to further investigate and develop a proper patch.


#13

@vaxter first, install the libsmbclient-php library and make sure it's being used by ownCloud. As far as I know, the domain is correctly fetched but it might be not properly forwarded to the smbclient CLI. The native library should fix the problem.


#14

@jvillafanez Native library was installed a long, long time ago.
Domain was not fetched correctly, I have verified that and am 100% sure of it.
It seams that latest update has fixed the issue.


#15

I had the exact same issue after upgrading to from version 10.0.3 to 10.0.4. Adding the domain to the share fixed the problem.


#16

Having exactly the same problem. Works great with explicit username and password, does not work with credentials stored in session for users stored in a LDAP directory!
The only workaround I have is to mount a SMB share for every user.


#17

Have you tried “stored in database”?


#18

Not sure I understand what you mean with “stored in database”. I only see these two options for using credentials: Either use those stored in the session or configure static ones on per user base.


#19

Hey,

maybe @dmitry is referring to the following?

The enterprise version has a mode called “Save in DB” where the credentials are saved, in encrypted form, in the database (via the WND app). In this mode, all of the above operations work.

which i had found in:

https://doc.owncloud.org/server/latest/admin_manual/configuration/files/external_storage/auth_mechanisms.html#known-limitations


#20

Ah, sorry, did not know that this was an enterprise feature. my bad