Cant connect SMB in mikrotik

hasan2221 · April 2, 2024, 10:36pm

enabled: yes
status: enabled
domain: home
comment: MikrotikSMB
interfaces: all
[admin@MikroTik] > ip/smb/shares/print
Flags: X - DISABLED; * - DEFAULT
Columns: NAME, DIRECTORY, REQUIRE-ENCRYPTION, VALID-USERS
#    NAME   DIRECTORY   REQUIRE-ENCRYPTION  VALID-USERS
;;; default share
0 X* pub    /flash/pub  no
1    share  sd1         no                  user
smb
guest
[admin@MikroTik] > ip/smb/users//print
expected command name (line 1 column 14)
[admin@MikroTik] > ip/smb/users/print
Flags: r - READ-ONLY
Columns: NAME, PASSWORD
#   NAME   PASSWORD
0   smb    ....
1   user   ....
2 r guest
[admin@MikroTik] >
system/resource/print
uptime: 19m27s
version: 7.14.2 (stable)
build-time: 2024-03-27 07:48:52
factory-software: 6.36.1
free-memory: 182.9MiB
total-memory: 256.0MiB
cpu: MIPS 1004Kc V2.15
cpu-count: 4
cpu-frequency: 880MHz
cpu-load: 3%
free-hdd-space: 4288.0KiB
total-hdd-space: 16.0MiB
write-sect-since-reboot: 206
write-sect-total: 1797657
architecture-name: mmips
board-name: hEX
platform: MikroTik

From linux:

Bad SMB2 (sign_algo_id=1) signature for message
[0000] 40 E0 96 A2 83 CD 64 F9   CB 90 D4 B0 00 C7 C3 02   @.....d. ........
[0000] 4D 73 4B E1 49 21 40 F3   0E 7A B6 B8 AF 1D 89 B4   MsK.I!@. .z......
session setup failed: NT_STATUS_ACCESS_DENIED```

From Windows:
You dont have enough permission.

```nxc smb 172.16.0.1 -u 'user' -p 'pass' --shares
SMB         172.16.0.1      445    MikroTik         [*]  (name:MikroTik) (domain:MikroTik) (signing:False) (SMBv1:False)
SMB         172.16.0.1      445    MikroTik         [+] MikroTik\user:user1234
SMB         172.16.0.1      445    MikroTik         [*] Enumerated shares
SMB         172.16.0.1      445    MikroTik         Share           Permissions     Remark
SMB         172.16.0.1      445    MikroTik         -----           -----------     ------
SMB         172.16.0.1      445    MikroTik         share           READ,WRITE```

patrikg · April 3, 2024, 6:42am

None of these specifies the domain.

smbclient //172.16.0.1/share -U user%pass
nxc smb 172.16.0.1 -u 'user' -p 'pass' --shares

smbclient //172.16.0.1/share --user=user --password=pass --workgroup=home
nxc smb 172.16.0.1 -u 'home\user' -p 'pass' --shares

And what I am seeing this line using MikroTik as domain.
I think three things have to be correct when connecting to smb shares, domain username password.

SMB 172.16.0.1 445 MikroTik [*] (name:MikroTik) (domain:MikroTik) (signing:False) (SMBv1:False)

And the forum don’t support markdown syntax, you have to use the code tag.

hasan2221 · April 3, 2024, 7:06am

smbclient //172.16.0.1/share --user=user --password=user1234 --workgroup=home
Bad SMB2 (sign_algo_id=1) signature for message
[0000] 69 4F 0C C5 59 F8 50 FC 74 D5 02 7B 52 78 CB 9D iO..Y.P. t..{Rx..
[0000] 32 E2 CD AB 13 B2 FB 13 0E 17 3E 07 5A 3E B3 5C 2… ..>.Z>.
session setup failed: NT_STATUS_ACCESS_DENIED

 <mikrotik> ip/smb/users/print 
Flags: X - DISABLED; * - DEFAULT; r - READ-ONLY
Columns: NAME, PASSWORD
#     NAME   PASSWORD     
0     smb   
1     user   user1234     
2 X r guest               
3  *r guest

http://forum.mikrotik.com/t/unable-to-join-smb-with-windows-10/174128/9

My issue is exactly the same as above issue created in march

K0NCTANT1N · April 3, 2024, 7:25am

neighbor: http://forum.mikrotik.com/t/smb-share-cannot-be-accessed-after-upgrade/174870/1

hasan2221 · April 3, 2024, 7:31am

Ah finally I have enough proof that its not me its mikrotik. Bruh i have been working my @ss off making this work.

patrikg · April 3, 2024, 7:35am

What format is sd1 format as, and can you see that “user” have the correct rights to that folder.
There lots of things that can be the culprit.

hasan2221 · April 3, 2024, 8:11am

ex4 format. i can upload files to sd card via winbox

hasan2221 · April 3, 2024, 8:12am

patrikg · April 3, 2024, 9:46am

I my find the bug, when exporting the config I see that the user that have access to the share is declared as *4.
The correct user for me would be test.
It is working with the guest account.

add directory=sd1-part1 name=test require-encryption=yes valid-users=guest,*4

smbclient -L 192.168.88.1 --no-pass

Now it’s working for me with these commands.

sudo mount -t cifs -o guest,vers=3.0,uid=$(id -u $USER),gid=$(id -g $USER) //192.168.88.1/sd1-part1 share

sudo mount -t cifs -o username="user",password="user1234",domain="domain",vers=3.0,uid=$(id -u $USER),gid=$(id -g $USER) //192.168.88.1/share share

And my config as this:

[admin@MikroTik] > ip/smb/export verbose show-sensitive  
# 2024-04-03 12:56:03 by RouterOS 7.14.2
# software id = MG8A-1B17
#
# model = RB750Gr3
# serial number = 6F3A08AFE05D
/ip smb users
set [ find default=yes ] disabled=no name=guest password="" read-only=no
add disabled=no name=user password=user1234 read-only=no
/ip smb
set comment=MikrotikSMB domain=domain enabled=auto interfaces=all
/ip smb shares
set [ find default=yes ] directory=flash/pub disabled=yes invalid-users="" name=pub read-only=no require-encryption=no \
    valid-users=""
add directory=sd1-part1 disabled=no invalid-users="" name=share read-only=no require-encryption=no valid-users=guest,user
[admin@MikroTik] >

hasan2221 · April 3, 2024, 12:15pm

 <mikrotik> ip/smb/shares/add directory=sd1 name=test requir
e-encryption=yes valid-users=guest,*4

ip/smb/export verbose show-sensitive

2024-04-03 18:13:52 by RouterOS 7.14.2

software id = 92J4-QW18

model = RB750Gr3

serial number = 6F3807963F54

/ip smb users
add disabled=no name=smb password=“” read-only=no
add disabled=yes name=user password=user1234 read-only=no
add disabled=yes name=guest password=“” read-only=yes
set [ find default=yes ] disabled=no name=guest password=“”
read-only=yes
/ip smb
set comment=MikrotikSMB domain=home enabled=auto interfaces=all
/ip smb shares
add directory=sd1 disabled=no invalid-users=“” name=test
read-only=no require-encryption=yes valid-users=guest,guest

 smbclient -L 172.16.0.1 --no-pass
session setup failed: NT_STATUS_LOGON_FAILURE

sudo mount -t cifs -o guest,vers=3.0,uid=$(id -u $USER),gid=$(id -g $USER) //172.16.0.1/sd1 /mnt
mount error(13): Permission denied

 sudo mount -t cifs -o username="user",password="user1234" //172.16.0.1/test /mnt

worked but still it doesnt working in windows

net use H: \172.16.0.1\test /user:home\user
I get “System error 2148073478 has occurred.” which means invalid signature

 smbclient //172.16.0.1/share1 --user='user' --password='user1234'
Bad SMB2 (sign_algo_id=1) signature for message
[0000] 0A 32 3D C3 51 2B 94 25   BA BB 20 30 9A D4 87 6B   .2=.Q+.% .. 0...k
[0000] 9C 83 8C E2 0A 2C 4D 36   E1 F6 D8 F8 0F 09 5F 6F   .....,M6 ......_o
session setup failed: NT_STATUS_ACCESS_DENIED

patrikg · April 3, 2024, 12:55pm

I have format the sd card with gpt, and 1 ext4 partition, with my linux.
Not with the router.

And when i see your config, i see duplicate user guest..

hasan2221 · April 3, 2024, 1:03pm

I have removed the duplicate user and i have formated the SDCard in mikrotik. I think it has nothing to do with the sd card bcz now.

sudo mount -t cifs -o username=“user”,password=“user1234” //172.16.0.1/share1 /mnt

is working. and when i try smbclient and windows we get similar message (signature being invalid)

Bro i mistakenly solved the smbclient problem i was trying to type -m smb3 but put smb2 and it worked.

smbclient //172.16.0.1/share1 -m SMB3 --user='user' --password='user1234'
Bad SMB2 (sign_algo_id=1) signature for message
[0000] 0B 72 C9 F9 77 B0 12 2C   F0 81 A0 92 97 29 31 CB   .r..w.., .....)1.
[0000] C5 9E E4 B2 55 B8 C7 30   10 48 39 68 55 57 80 75   ....U..0 .H9hUW.u
session setup failed: NT_STATUS_ACCESS_DENIED

parrot in 🌐 parrotos in /🔒
❯ smbclient //172.16.0.1/share1 -m SMB2 --user='user' --password='user1234'
Try "help" to get a list of possible commands.
smb: \>

patrikg · April 3, 2024, 2:07pm

On windows it should be something like this:

net use h: \\172.16.0.1\share1 /user:"domain\user" "user1234"

hasan2221 · April 3, 2024, 2:09pm

net use h: \172.16.0.1\share1 /user:“home\user” “user1234”
System error 2148073478 has occurred.

patrikg · April 3, 2024, 2:16pm

Maybe the Windows uses smb3 to connect and linux uses smb2 to connect.
I don’t know how you can determine what version being used in the routeros.

hasan2221 · April 3, 2024, 2:20pm

PS C:\Users\Capt. Price> Get-SmbServerConfiguration | Select EnableSMB2Protocol

EnableSMB2Protocol

True

PS C:\Users\Capt. Price> Get-SmbServerConfiguration | Select EnableSMB1Protocol

EnableSMB1Protocol

False

PS C:\Users\Capt. Price> Get-SmbServerConfiguration | Select EnableSMB3Protocol

EnableSMB3Protocol

There is not smb3 and i have install smb1 didnt worked then again removed smb1

patrikg · April 3, 2024, 2:26pm

I think we have come a bit further when it comes to troubleshooting smb on Mikrotik routers

hasan2221 · April 3, 2024, 2:33pm

Do you suggest we do next. Bcz I’m all out of ideas I hope mikrotik support sees this post

patrikg · April 3, 2024, 2:38pm

Sorry, but my ideas have also run out, I think.

patrikg · April 3, 2024, 3:19pm

I have looked at this now, and found that you also have user and password in disk in the terminal window.
Don’t know if these uses in the smb config ??
I don’t have Windows so i can’t check that.

/disk set sd1 disabled=no parent=none slot=sd1 smb-encryption=no smb-password="user1234" smb-sharing=yes smb-user=user type=hardware

And if i take away the version in the mount command i see it’s mounting it with version 3.1.1.

//192.168.88.1/sd1 on /home/patrik/share type cifs (rw,relatime,vers=3.1.1,cache=strict,username=user,domain=domain,uid=1000,noforceuid,gid=984,noforcegid,addr=192.168.88.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1)