vdavid
diff --git a/‎apps/desktop/src-tauri/src/network/CLAUDE.md‎
Lines changed: 8 additions & 4 deletions b/‎apps/desktop/src-tauri/src/network/CLAUDE.md‎
Lines changed: 8 additions & 4 deletions
diff --git a/‎apps/desktop/src-tauri/src/network/keychain_linux.rs‎
Lines changed: 3 additions & 1 deletion b/‎apps/desktop/src-tauri/src/network/keychain_linux.rs‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎apps/desktop/src-tauri/src/network/mod.rs‎
Lines changed: 2 additions & 0 deletions b/‎apps/desktop/src-tauri/src/network/mod.rs‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎apps/desktop/src-tauri/src/network/smb_smbclient.rs‎
Lines changed: 257 additions & 0 deletions b/‎apps/desktop/src-tauri/src/network/smb_smbclient.rs‎
Lines changed: 257 additions & 0 deletions
@@ -9,7 +9,8 @@ Discover, browse, and mount SMB network shares. Works on macOS and Linux.
   - `smb_client.rs` — Top-level share-listing entry point; orchestrates guest -> keychain -> prompt auth flow; tries smb-rs first, falls back to smbutil (macOS only)
   - `smb_connection.rs` — TCP connection establishment and IPC-level share listing calls
   - `smb_cache.rs` — 30-second in-memory cache for share lists, keyed by server address
-  - `smb_smbutil.rs` — `smbutil view -G` fallback for older Samba/NAS servers (macOS only; non-macOS stubs return errors)
+  - `smb_smbutil.rs` — `smbutil view -G` fallback for older Samba/NAS servers (macOS); on Linux delegates to `smb_smbclient`
+  - `smb_smbclient.rs` — `smbclient -L` fallback for Linux (requires `samba-client` package)
   - `smb_types.rs` — Shared types (`SmbShare`, `AuthMode`, `SmbError`, etc.)
   - `smb_util.rs` — Helpers: hostname derivation, IP resolution, account-name normalization
 - **Mounting** (platform-specific via `#[path]` in `mod.rs`):
@@ -26,7 +27,7 @@ Discover, browse, and mount SMB network shares. Works on macOS and Linux.
 |-----------|-------|-------|
 | mDNS discovery | `mdns-sd` (pure Rust) | `mdns-sd` (same) |
 | SMB share listing | `smb` + `smb-rpc` crates | `smb` + `smb-rpc` (same) |
-| smbutil fallback | `smbutil view -G` | Not available (returns error, smb-rs handles most cases) |
+| smbutil fallback | `smbutil view -G` | `smbclient -L` (from `samba-client` package) |
 | Credential storage | `security-framework` (macOS Keychain) | `keyring` (Secret Service) → `cocoon` encrypted file fallback |
 | Mounting | `NetFSMountURLSync` → `/Volumes/` | `gio mount` → `/run/user/<uid>/gvfs/` |
 
@@ -43,9 +44,12 @@ smb-rs doesn't resolve `.local` hostnames reliably (std lib DNS doesn't handle m
 3. If no stored creds → prompt user
 4. Never assume "guest only" — always offer "Sign in for more access" when guest succeeds (can't distinguish guest-only from guest-or-creds at probe time)
 
-### smbutil fallback (macOS only)
+### smbutil / smbclient fallback
 
-`smb` crate fails on older Samba servers with RPC incompatibility. Classify error as `ProtocolError`, then try `smbutil view -G` as fallback. On Linux, the non-macOS stubs return `ProtocolError` so the error propagates to the user.
+`smb` crate fails on older Samba servers (for example, Raspberry Pi) with RPC incompatibility. Classify error as `ProtocolError`, then try a platform-specific CLI fallback:
+- **macOS:** `smbutil view -G` (built-in).
+- **Linux:** `smbclient -L` (from `samba-client` package). If `smbclient` is not installed, returns a helpful error message. The `smb_smbutil.rs` Linux stubs delegate to `smb_smbclient.rs`.
+- **Other platforms:** stubs return `ProtocolError`.
 
 ### No persistent connection pool
 
 
@@ -285,7 +285,9 @@ pub fn save_credentials(
                 cache_put(&account, &creds);
                 return Ok(());
             }
-            _ => debug!("Secret service save appeared to succeed but read-back failed (keyring likely locked), trying file backend"),
+            _ => debug!(
+                "Secret service save appeared to succeed but read-back failed (keyring likely locked), trying file backend"
+            ),
         },
         Err(e) => debug!("Secret service save failed, trying file backend: {}", e),
     }
 
@@ -31,6 +31,8 @@ pub mod smb_client;
 // SMB submodules - these are implementation details of smb_client
 mod smb_cache;
 mod smb_connection;
+#[cfg(target_os = "linux")]
+mod smb_smbclient;
 mod smb_smbutil;
 mod smb_types;
 mod smb_util;
 
@@ -0,0 +1,257 @@
+//! Linux smbclient wrapper for SMB share listing.
+//!
+//! Provides fallback share listing using the `smbclient` command (from the `samba-client`
+//! package) when the pure Rust smb-rs implementation fails on Linux. This is the Linux
+//! equivalent of the macOS `smbutil` fallback in `smb_smbutil.rs`.
+
+use crate::network::smb_types::{ShareInfo, ShareListError};
+use log::debug;
+use std::process::Command;
+
+/// Lists shares using `smbclient -L` and returns parsed disk shares.
+///
+/// Guest mode: pass `credentials: None` → uses `-N` (no password).
+/// Authenticated: pass `credentials: Some((user, pass))` → uses `-U user%pass`.
+pub async fn run_smbclient_list(
+    host: &str,
+    port: u16,
+    credentials: Option<(&str, &str)>,
+) -> Result<Vec<ShareInfo>, ShareListError> {
+    let server = format!("//{}", host);
+    let port_str = port.to_string();
+    let creds_owned = credentials.map(|(u, p)| (u.to_string(), p.to_string()));
+
+    let output = tokio::task::spawn_blocking(move || {
+        let mut cmd = Command::new("smbclient");
+        cmd.arg("-L").arg(&server);
+        if port_str != "445" {
+            cmd.arg("-p").arg(&port_str);
+        }
+        match &creds_owned {
+            Some((username, password)) => {
+                cmd.arg("-U").arg(format!("{}%{}", username, password));
+            }
+            None => {
+                cmd.arg("-N");
+            }
+        }
+        cmd.output()
+    })
+    .await
+    .map_err(|e| ShareListError::ProtocolError(format!("Failed to spawn smbclient task: {}", e)))?
+    .map_err(|e| {
+        if e.kind() == std::io::ErrorKind::NotFound {
+            ShareListError::ProtocolError(
+                "smbclient not found. Install the samba-client package to connect to this server.".to_string(),
+            )
+        } else {
+            ShareListError::ProtocolError(format!("Failed to run smbclient: {}", e))
+        }
+    })?;
+
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    debug!(
+        "smbclient exit={:?}, stdout_len={}, stderr_len={}",
+        output.status.code(),
+        stdout.len(),
+        stderr.len()
+    );
+
+    if !output.status.success() {
+        debug!("smbclient stderr: {}", stderr);
+        return Err(classify_smbclient_error(&stdout, &stderr, host, credentials.is_some()));
+    }
+
+    Ok(parse_smbclient_output(&stdout))
+}
+
+/// Classifies smbclient error output into a typed error.
+fn classify_smbclient_error(stdout: &str, stderr: &str, host: &str, has_creds: bool) -> ShareListError {
+    let combined = format!("{} {}", stderr, stdout);
+
+    if combined.contains("NT_STATUS_ACCESS_DENIED")
+        || combined.contains("NT_STATUS_LOGON_FAILURE")
+        || combined.contains("NT_STATUS_WRONG_PASSWORD")
+    {
+        return if has_creds {
+            ShareListError::AuthFailed("Invalid username or password".to_string())
+        } else {
+            ShareListError::AuthRequired("This server requires authentication".to_string())
+        };
+    }
+
+    if combined.contains("NT_STATUS_HOST_UNREACHABLE")
+        || combined.contains("NT_STATUS_CONNECTION_REFUSED")
+        || (combined.contains("Connection to") && combined.contains("failed"))
+    {
+        return ShareListError::HostUnreachable(format!("Cannot reach {}", host));
+    }
+
+    if combined.contains("NT_STATUS_IO_TIMEOUT") {
+        return ShareListError::Timeout(format!("Connection to {} timed out", host));
+    }
+
+    ShareListError::ProtocolError(format!("smbclient failed: {}", stderr.trim()))
+}
+
+/// Parses `smbclient -L` output to extract share information.
+///
+/// Example output:
+/// ```text
+///     Sharename       Type      Comment
+///     ---------       ----      -------
+///     Public          Disk      System default share
+///     Documents       Disk
+///     IPC$            IPC       IPC Service (NAS Server)
+///
+/// SMB1 disabled -- no workgroup available
+/// ```
+pub fn parse_smbclient_output(output: &str) -> Vec<ShareInfo> {
+    let mut shares = Vec::new();
+    let mut in_shares_section = false;
+
+    for line in output.lines() {
+        let trimmed = line.trim();
+
+        if trimmed.starts_with("Sharename") && trimmed.contains("Type") {
+            in_shares_section = true;
+            continue;
+        }
+
+        if trimmed.starts_with("---") {
+            continue;
+        }
+
+        if !in_shares_section || trimmed.is_empty() {
+            continue;
+        }
+
+        let parts: Vec<&str> = trimmed.split_whitespace().collect();
+        if parts.len() < 2 {
+            break;
+        }
+
+        let name = parts[0].to_string();
+        let share_type = parts[1].to_lowercase();
+
+        // If not a known share type, we've left the share section
+        if share_type != "disk" && share_type != "ipc" && share_type != "printer" {
+            break;
+        }
+
+        // Skip hidden shares (ending with $) and non-disk shares
+        if name.ends_with('$') || share_type != "disk" {
+            continue;
+        }
+
+        let comment = if parts.len() > 2 {
+            Some(parts[2..].join(" "))
+        } else {
+            None
+        };
+
+        shares.push(ShareInfo {
+            name,
+            is_disk: true,
+            comment,
+        });
+    }
+
+    shares
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_parse_basic() {
+        let output = "\tSharename       Type      Comment\n\
+                       \t---------       ----      -------\n\
+                       \tPublic          Disk      System default share\n\
+                       \tWeb             Disk\n\
+                       \tMultimedia      Disk      System default share\n\
+                       \tIPC$            IPC       IPC Service (NAS Server)\n\
+                       \thome            Disk      Home\n\
+                       \tADMIN$          Disk      Admin share\n\
+                       \n\
+                       SMB1 disabled -- no workgroup available\n";
+
+        let shares = parse_smbclient_output(output);
+
+        assert_eq!(shares.len(), 4);
+        let names: Vec<&str> = shares.iter().map(|s| s.name.as_str()).collect();
+        assert!(names.contains(&"Public"));
+        assert!(names.contains(&"Web"));
+        assert!(names.contains(&"Multimedia"));
+        assert!(names.contains(&"home"));
+        assert!(!names.contains(&"IPC$"));
+        assert!(!names.contains(&"ADMIN$"));
+        assert!(shares.iter().all(|s| s.is_disk));
+
+        let public = shares.iter().find(|s| s.name == "Public").unwrap();
+        assert_eq!(public.comment.as_deref(), Some("System default share"));
+
+        let web = shares.iter().find(|s| s.name == "Web").unwrap();
+        assert!(web.comment.is_none());
+    }
+
+    #[test]
+    fn test_parse_empty() {
+        let output = "\tSharename       Type      Comment\n\
+                       \t---------       ----      -------\n\
+                       \n\
+                       SMB1 disabled -- no workgroup available\n";
+
+        let shares = parse_smbclient_output(output);
+        assert!(shares.is_empty());
+    }
+
+    #[test]
+    fn test_parse_with_printer() {
+        let output = "\tSharename       Type      Comment\n\
+                       \t---------       ----      -------\n\
+                       \tDocuments       Disk      My docs\n\
+                       \tprint$          Printer   Printer Drivers\n\
+                       \tIPC$            IPC       IPC Service\n";
+
+        let shares = parse_smbclient_output(output);
+        assert_eq!(shares.len(), 1);
+        assert_eq!(shares[0].name, "Documents");
+    }
+
+    #[test]
+    fn test_parse_raspberry_pi() {
+        let output = "\tSharename       Type      Comment\n\
+                       \t---------       ----      -------\n\
+                       \tpi              Disk      Pi shared folder\n\
+                       \tIPC$            IPC       IPC Service (Samba 4.13.13-Debian)\n";
+
+        let shares = parse_smbclient_output(output);
+        assert_eq!(shares.len(), 1);
+        assert_eq!(shares[0].name, "pi");
+        assert_eq!(shares[0].comment.as_deref(), Some("Pi shared folder"));
+    }
+
+    #[test]
+    fn test_classify_auth_errors() {
+        let err = classify_smbclient_error("", "NT_STATUS_ACCESS_DENIED", "host", false);
+        assert!(matches!(err, ShareListError::AuthRequired(_)));
+
+        let err = classify_smbclient_error("", "NT_STATUS_LOGON_FAILURE", "host", true);
+        assert!(matches!(err, ShareListError::AuthFailed(_)));
+    }
+
+    #[test]
+    fn test_classify_network_errors() {
+        let err = classify_smbclient_error("", "NT_STATUS_HOST_UNREACHABLE", "host", false);
+        assert!(matches!(err, ShareListError::HostUnreachable(_)));
+
+        let err = classify_smbclient_error("", "Connection to host failed", "host", false);
+        assert!(matches!(err, ShareListError::HostUnreachable(_)));
+
+        let err = classify_smbclient_error("", "NT_STATUS_IO_TIMEOUT", "host", false);
+        assert!(matches!(err, ShareListError::Timeout(_)));
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -285,7 +285,9 @@ pub fn save_credentials(`
`285`	`285`	`cache_put(&account, &creds);`
`286`	`286`	`return Ok(());`
`287`	`287`	`}`
`288`		`- _ => debug!("Secret service save appeared to succeed but read-back failed (keyring likely locked), trying file backend"),`
	`288`	`+ _ => debug!(`
	`289`	`+ "Secret service save appeared to succeed but read-back failed (keyring likely locked), trying file backend"`
	`290`	`+ ),`
`289`	`291`	`},`
`290`	`292`	`Err(e) => debug!("Secret service save failed, trying file backend: {}", e),`
`291`	`293`	`}`