Can see my server, but not connect from OSx

[cobbr2]

I'm pretty clueless on Samba configuration. And I'm stymied with getting the setup to work.

Current behavior on my Mac OSx Big Sur client is that I can discover the server ("newsounds"), but I can't connect.
I'm only setting it up as guest right now. When I connect, a "Loading..." box is briefly displayed before I get "Connection Failed".

I think I've got about the dead simplest setup: not disabling anything, just trying to mount one directory.

docker-compose.yml:

rec@newsounds:~/samba$ cat *
version: '3'
services:
  samba:
    image: servercontainers/samba
    restart: unless-stopped
    network_mode: host
    # uncomment to solve bug: https://github.com/ServerContainers/samba/issues/50 - wsdd2 only - not needed for samba
    cap_add:
      - CAP_NET_ADMIN
    environment:
      AVAHI_NAME: newsounds
      SAMBA_CONF_LOG_LEVEL: 2
      SAMBA_CONF_SERVER_STRING: newsounds
      SAMBA_VOLUME_CONFIG_music: "[Music]; path=/home/shares/Music; guest ok = yes; read only = yes; browseable = yes"
    volumes:
      - /home/${USER}/Music:/home/shares/Music

If I docker exec -it ... into the container, the /home/shares/Music folder exists, has files, and I can read all files in it.

When run from my host, nmblookup '*' does not show the host, though the other samba server on my net does show up.

From the host:

rec@newsounds:~/samba$ smbclient --list=newsounds -N -U guest

	Sharename       Type      Comment
	---------       ----      -------
	Music           Disk
	IPC$            IPC       IPC Service (newsounds)

My host is modern Ubuntu server, headless:

rec@newsounds:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04 LTS
Release:	22.04
Codename:	jammy

The ubuntu firewall is disabled:

rec@newsounds:~/samba$ sudo ufw status
Status: inactive

I've posted the startup log as a gist at https://gist.github.com/cobbr2/328fce96e3e2be2fea34a73f74ae86a7

Thanks for looking, it seems there must be something completely obvious I'm missing.

[MarvAmBass]

Hi,

Unfortunately you're right there is no easy solution. At least I haven't found one and I have exactly the same issue.

I see the server in macOS - sometimes with randomly changing icon (despite the fact that I specifically set one icon to display) and I established myself the workaround cmd+k to connect manually to the server

It became the new normal and I didn't really recognize this as a bug

I still suspect that a macOS update interprets something differently than before. Or maybe I need to update the avahi config.

Comparing to a local non docker install would help - if it works there something's wrong with my container 🙈

Unfortunately this will need around 2-3 weeks for me since I'm pretty busy at the moment

If you find something new just update the ticket

Thanks and kind regards

[MarvAmBass]

Your nmbloopup is interesting, there is no nmbd running inside my container... maybe macOS uses it as some fallback 🤔

Can you connect manually?

[cobbr2]

Thanks for the comments. And sorry for the long post below.

I'm not sure what you mean by "manually", but I can not connect by using the "go" drop-down from Finder and then entering my address (smb://192.168....); I get "There was a problem connecting to the server...."

Frankly, if that worked I'd probably do exactly what you've done :) . I did get that to connect at one point maybe a month or six weeks ago, but I've never reproduced that again. I'm similar to you in terms of time; I can only spend an hour or so a week on it.

A couple more data points: we know the TCP/IP level between the systems is fine, because I'm manipulating the samba server from an ssh session that's initiated on my mac.

For an even more manual attempt to mount, I've tried mounting at the command line:

Ricks-Air:~ rick$ mount_smbfs //guest@newsounds/music test
mount_smbfs: server connection failed: Operation timed out

Ricks-Air:~ rick$ mount_smbfs //guest@<REDACTED_IP>/music test
mount_smbfs: server connection failed: Operation timed out

That command line works fine with my other samba host (which is a bit hard to compare with; it's a ~10 year old Fedora box). OTOH, one thing I checked: yup, the old one's running nmbd. I guess I'll see if that helps....

Well, more data, no fix. I exec'ed into my container and ran nmbd.

And... now the nmblookup returns the host. Even when I run it from my other samba host. MacOS still won't mount it.

But here's another data point. From that Fedora machine:

-bash-4.2$ smbclient --list=newsounds -N -U guest
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE

But as you can see from my original post, I get a good response to that command line when I run it on the new samba host with the container setup.

So I Googled that and found https://www.linuxquestions.org/questions/linux-networking-3/samba-min-protocol-%3D-smb2-causes-protocol-negotiation-failed-nt_status_invalid_network_response-4175597669/ . OTOH, when I tried to set the MIN protocol, I probably screwed up the syntax in the docker-compose.yml; I added

      SAMBA_CONF_SERVER_MIN_PROTOCOL: LANMAN1

but didn't see any change in my smb.conf even after a docker-compose up --build (and doing a docker rm of my dead containers to make sure there was no chance of a "already initialized".

Thanks for your help!

[MarvAmBass]

Super interesting, so it's still different from my issue.

I'll prioritize this issue and try to evaluate this problem within the next few days.

Yeah this problem with the minimum samba versions is annoying, at the early days of this container I had a flag to simply enable older versions.

maybe big sur has problems with the new server version...

SAMBA_GLOBAL_CONFIG_server_SPACE_min_SPACE_protocol = LANMAN1

this is the correct and hacky way to configure the server_min_protocol version on my container, you can try it. would be interesting if it works :)

[MarvAmBass]

did it work?

[cobbr2]

Well, no and yes: OSx still doesn't connect. Thanks for the syntax; it definitely changed the settings.

And, from my other Samba server:

-bash-4.2$ smbclient --list=newsounds -N -U guest
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.15.7]

	Sharename       Type      Comment
	---------       ----      -------
	Music           Disk
	IPC$            IPC       IPC Service (newsounds)
Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.15.7]

	Server               Comment
	---------            -------

	Workgroup            Master
	---------            -------

which is different from NT_STATUS_INVALID_NETWORK_RESPONSE... but makes me think we fixed a problem smbclient has with later protocols, but nothing interesting about OSx connections.

[cobbr2]

More information: I can mount the drive from my other Linux box (the same one as that smbclient came from) using

sudo mount -t cifs -o user=guest //newsounds/MUSIC test-newsounds-mount/

So this is something about requirements for OSx (security? protocol version?); Samba is "working" for an old (Fedora Core 20) definition of working :) .

One point, though: it takes a long time to succeed:

time sudo mount -t cifs -o guest //newsounds/MUSIC test-newsounds-mount/

real	0m20.123s
user	0m0.009s
sys	0m0.015s

So let's see if I can adjust OSx's timeout... and that 20s is a suspiciously round number (also quite repeatable; in three tries the time only differs by 0.003s).

[cobbr2]

Looking for a way to adjust that timeout... it appears to be ~10s (samples at 11, 13, and 12s)...

After more googling, I found https://developer.apple.com/forums/thread/680252, so I created an /etc/nsmb.conf so it looks like:

$ cat /etc/nsmb.conf
[default]
protocol_vers_map=2

and that makes things different, not quite successful yet:

Ricks-Air:~ rick$ time mount_smbfs -N //newsounds/Music test
mount_smbfs: server rejected the connection: Authentication error

real	0m10.264s
user	0m0.014s
sys	0m0.014s
Ricks-Air:~ rick$ time mount_smbfs -N //guest@newsounds/Music test
mount_smbfs: server connection failed: Socket is not connected

real	0m20.315s
user	0m0.014s
sys	0m0.015s

Nothing gets logged at the output of my samba container during these transactions (i.e., docker logs samba_samba_1 --follow shows nothing). And I'll point out that the time to complete the command is right around 20s, like the successful setup on Linux. Perhaps I'm on the right path.

Further evidence: I got prompted for authentication when trying to mount from the Go menu in Finder... but then got a connection error once I selected Guest and OK. Trying the Finder with the IP address instead of Netbios name, I now apparently get an authentication error, regardless of whether I try the Guest selection or just the Guest user id; it gives me a headshake after about 10s.

I tried a few other options, including

• trying to mount via using smbfs_mount ... cifs://... instead of "smb" (got a plug-in file not found error),
• adding a user name and password (verified worked on the Linux client), no go (with confusing loss of guest access)

and probably a dozen other things. Same basic answer: it appears I can get authenticated, but once I do, I get

mount_smbfs: server connection failed: Socket is not connected

(I can get that error message from smbutil, too). I'm going to call it a day.

[cobbr2]

I'm going to give up on the Samba approach for my problem, at least for a bit; I've made more progress with NFSv4 in an hour than I did in four sessions playing w/ Samba, and it's likely to fit my initial use cases just as well. Closing; will re-open if I get brave enough to try again. Thank you for your help! It's been interesting!