Koozali.org: home of the SME Server

Smeserver 10 and Synology NAS

Offline Raphaël

  • *
  • 38
  • +0/-0
Smeserver 10 and Synology NAS
« on: July 13, 2021, 02:04:58 PM »
Hello.
We have upgraded Smeserver from V9.2 to V10.
The whole thing works fine except for the connection of a Synology NAS.
The NAS was a member of the domain, NT4 domain under V9.2 and now I can't get it to go up.
No particular error, just that it doesn't want to
Any idea how to debug?
Thanks in advance.
Raphaël Larronde

Offline Jean-Philippe Pialasse

  • *
  • 2,166
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Smeserver 10 and Synology NAS
« Reply #1 on: July 13, 2021, 07:00:57 PM »
upgrade your Synology and enable smb3 protocol.

smb1 also known cifs is deprecated and insecure.

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Synology NAS
« Reply #2 on: July 13, 2021, 07:27:28 PM »
upgrade your Synology and enable smb3 protocol.
To DSM v7 ?

smb1 also known cifs is deprecated and insecure.

SMB1 is already deactivated

Offline Jean-Philippe Pialasse

  • *
  • 2,166
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Smeserver 10 and Synology NAS
« Reply #3 on: July 14, 2021, 12:57:50 PM »
then you need to check what protocol is enabled for clients in samba configuration.

if the samba version is old in your synology, it could be that the only non smb1 dialect available is an old smb2 not fully compatible with current dialects of smb2 and smb3.

i do not have any synology, so i can not say more about the needed version. 

Offline Raphaël

  • *
  • 38
  • +0/-0
Re: Smeserver 10 and Synology NAS
« Reply #4 on: July 15, 2021, 09:28:40 AM »
Hi.
I upgraded the Synology to V7 and it's the same thing.
The LDAP access works though.
As written in the topic https://forums.contribs.org/index.php/topic,54540.0.html I will test with a new installation of sme

Offline atorres

  • 2
  • +0/-0
Re: Smeserver 10 and Synology NAS
« Reply #5 on: December 10, 2021, 10:50:48 AM »
Hello, I've been working in this stuff, and from several days making test, I've found 2 ways to solve this problem.

I think the problem happens when the Synology is a member of the domain (not sure at all).

I was using a local user of the Synology NAS to make the backups, it works fine in SmeServer9.2 but in SmeServer10 appears the error "mount error (13): Permission denied" (doesn't mather which version of the Synology DSM used (6.2 or 7)).
The only thing that I've found to be changed is the version of CIFS in SmeServer.

But if you use a domain user (with proper access permissions in the backup shared folder) it would work fine.



Also find another solution, more than solution its a trick:

For use a local Synology account, you must specify the CIFS option: domain=.
It will say to the Synology that you want to use a local user.

For example, the command will be like this (SmeServer):

/bin/mount -t cifs "//$host/$share" $mountdir -o credentials=/etc/dar/CIFScredentials,domain=.,nounix


I've thought about change this part of the code to add the domain option, but maybe in the next SmeServer update it will come back to defaults.
Also, I try to change the credentials (/etc/dar/CIFScredentials) and add a line with "domain=." but when you activate the backup via server-manager this file it's overwritten and disappear the domain option.
The last one is to specify the domain option in the username value, like this:

User Name: [local_user_name],domain=.

You can pass domain option using this field, because the credentials file can contain user, pass and domain.
But it's a trick that now can work but maybe not in newer versions of SmeServer.


So, resume:
When Synology its a member of the domain you don't need to specify the domain if the user is also a member.
If the user is not a member and its a local user you have to use the option domain=.

Offline Jean-Philippe Pialasse

  • *
  • 2,166
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Smeserver 10 and Synology NAS
« Reply #6 on: December 10, 2021, 01:32:57 PM »
simply add vers=3.0 and change nothing to SME smb options.

Offline atorres

  • 2
  • +0/-0
Re: Smeserver 10 and Synology NAS
« Reply #7 on: December 13, 2021, 10:25:32 AM »
simply add vers=3.0 and change nothing to SME smb options.

Where can i add vers=3.0?
In the file:
/etc/e-smith/events/actions/workstation-backup-dar file
line:
return ( qx(/bin/mount -t cifs "//$host/$share" $mountdir -o credentials=/etc/dar/CIFScredentials,nounix$opt 2>&1) );

It won't change in next server updates?

Thanks,
Alberto

Offline Jean-Philippe Pialasse

  • *
  • 2,166
  • +8/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Smeserver 10 and Synology NAS
« Reply #8 on: December 13, 2021, 01:08:06 PM »
in
/bin/mount -t cifs "//$host/$share" $mountdir -o credentials=/etc/dar/CIFScredentials,domain=.,nounix



but just understand this string is on sme side. so would be vers=1.0

you need to enable smb 3 and disable smb1 on your synology this is not only sme, any recent linux will refuse to connect to vers=1.0 unless forced, and using smb1 nowaday is leaving your data compromised.

once only smb3 enabled you need to use vers=3.0 there
« Last Edit: December 13, 2021, 02:02:53 PM by Jean-Philippe Pialasse »