lunes, 2 de octubre de 2017

Troubleshooting owncloud external storage with Azure CIFS/SMB















This post tries to be a tips and tricks or a little troubleshooting guide in external storage owncloud config to Azure. If you haven't read the previous post I really encourage you to do it because it gives you a background of the problems with CIFS and in concrect CIFS and Azure.

Requirements

These are the packages you'll need to config the external storage in Owncloud (wikipedia):
  • smbclient
  • libsmbclient-dev
  • php-smbclient
Test if you are able to connect via smbclient and the previous post if you can it's a good signal.

Config (more or less)

Here you'll find the manual for smb external storage in Owncloud. This is not some I'm going to explain, just follow the manual.


Troubleshooting

If you get problems configuring and accessing the external storage you can use this code extracted from https://github.com/eduardok/libsmbclient-php with some personal customizations (little). It's a PoC for connecting to a samba (SMB) share from PHP:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php

print "smbclient version:" . smbclient_version() . PHP_EOL;
print "samba version:" . smbclient_library_version() . PHP_EOL;

// Create new state:
$state = smbclient_state_new();

// Initialize the state with workgroup, username and password:
smbclient_state_init($state, 'AZURE', '<user_name>', '****');
print "$state" . PHP_EOL;

// Open a directory:
$dir = smbclient_opendir($state, 'smb://<azure_URL>/<share>');
print "$dir" . PHP_EOL;
exit;
// Loop over the directory contents, print each node:
while (($entry = smbclient_readdir($state, $dir)) !== false) {
 echo "{$entry['name']} : {$entry['type']}\n";
}
// Close the directory handle:
smbclient_closedir($state, $dir);

// Free the state:
smbclient_state_free($state);
print "$dir" . PHP_EOL;

// Loop over the directory contents, print each node:
while (($entry = smbclient_readdir($state, $dir)) !== false) {
 echo "{$entry['name']} : {$entry['type']}\n";
}
// Close the directory handle:
smbclient_closedir($state, $dir);

// Free the state:
smbclient_state_free($state);
?>


Attention to "exit;" command in line 16!!



Here are the results in the case of error:
smbclient version:0.9.0
samba version:4.2.14-Debian
Resource id #4
NTLMSSP packet check failed due to short signature (0 bytes)!
NTLMSSP NTLM2 packet check failed due to invalid signature!
PHP Warning:  Couldn't open SMB directory smb://<SMB share>: Workgroup not found in libsmb01.php on line 14


And here, in the case of success:
smbclient version:0.9.0
samba version:4.5.8-Debian
Resource id #4
Resource id #5



Conclusion

I got no more knowledge that in last post, just that version cares, used it with caution ... ;)


Mount an Azure Share from Linux


Some times we need to make things we don't like, just because a customer needs it. and you have to do some tests. That was my case, I needed to make a test mounting a CIFS/smb share from Microsoft Windows server from Linux (as you can imagine I have no Windows Server to make such a test) so, we got a Windows Server in Azure and we succeded to share a directory to the world.


Requirements

You need these packages:

I rather use a credential file to don't write user and passwd every time (i.e.: ~/.smbclient.conf) with this content:

username=<domain>/<user>
password=<passwd>


First test to connect from a Debian 9 Stretch GNU/Linux with :

smbclient //<azureURLServer>/<shareName> -A ~/.smbclient.conf

And we got this answer:
WARNING: The "syslog" option is deprecated
protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED


This line have been working well for some server I had connected to, but not for Azure? ...


After a while googling I got some interesting info: How to force Linux cifs mount to default to smb3? (https://superuser.com/questions/1226973/how-to-force-linux-cifs-mount-to-default-to-smb3/1228011)

Maybe Azure is only publishing SMB shares in SMB3 because of security concerns? So make the change in /etc/samba/smb.conf:
[global]
client min protocol = SMB2
client max protocol = SMB3


These changes made it work:
WARNING: The "syslog" option is deprecated
Domain=[X] OS=[] Server=[]
smb: \>


Some other tests

I also tested this working config with other Linux flavors and library versions:
  • Oldstable version of Debian 8 GNU/Linux (Jessie): Not working
  • Ubuntu 16.04.2 LTS (Xenial Xerus): Not working
  • Amazon AWS AMI: Not woking 


Conclusion

All tests made with the others distros were using older versions of samba libraries, so the hypothesis is:

Azure is sharing using the last version of SMB protocol (3.0.2 or 3.1.1 maybe) and the only libraries supporting this version are the one with Debian 9 Stretch.

I hope it helps someone ...