Samba4 on R7800

[JRI]

Has anyone got Samba4 working on a R7800? How did you do it? I've got it almost working, apart from the critical part of getting it to serve up files. I'll post all the details, as I've had to do a lot of tweaking, but TLDR; smbd gives invalid file handle errors when it tries to open the directories that it is supposed to be sharing.

What I'm trying to do​

I want to use my R7800 as a mini NAS to serve files on my home network, principally to Windows 10 & 11 clients. Now that Windows has disabled SMB1 and Guest mode access, I want to bring my configuration up to date with WSD instead of NetBIOS for host discovery, proper user-level file share security, and ideally SMB3 as the transfer protocol. I can do most of this with Samba3, but moving from SMB2 to SMB3 seems to require using Samba4.

My set-up​

• Netgear R7800 Nighthawk X4S with Voxel V1.0.2.113SF firmware (thanks Voxel!)
• Entware installed on WD Elements external USB HDD, mounted at /tmp/mnt/sda1, formatted with ext4. This drive also has the files I want to share.
• SSH access enabled (so I'm happy configuring from the command line, and don't need to use the GUI to configure Samba).
• smbd v3.6.25 from Voxel's firmware (works).
• smbd v4.18.8 from Voxel's Entware repo (doesn't work).
• Windows 10 and 11 SMB clients, with SMB1 and NetBIOS over TCP disabled.
• Various other non-Windows clients (Raspberry Pi, Android, etc.) that are less important to support.

What I've done that works​

Now that SMB1 is disabled by default on Windows, Samba servers don't show up in the Network area of Windows File Explorer any more. The solution is to use WSD instead. Hence I've followed the instructions in the Readme for Voxel's firmware to install Entware, then installed the samba4-server and wsdd2 packages:

/opt/bin/opkg update
/opt/bin/opkg upgrade
/opt/bin/opkg install wsdd2
rm /opt/etc/init.d/S99wsdd2

The last line stops wsdd using Entware's startup scripts. When I used these, I found that my router would be discovered by Windows, but with a default Entware hostname, ignoring what I set as a command line parameter. This meant that Windows couldn't open a connection to the router. When I ran wsdd directly, it worked fine and used the same hostname as smbd without any further configuration.

To get wsdd to start and stop automatically, I added it to the Samba init script, /etc/init.d/samba. I also removed the commands to run AFP (as I don't have any Apple devices) and changed the commands that set up configuration files, to use my custom versions rather than the firmware defaults. (Not relevant to Samba, but I also removed AFP from my Avahi configuration at this point). My /etc/init.d/samba file now looks like this:

#!/bin/sh /etc/rc.common

START=86

CUSTOM=/mnt/sda1/firmware
PRIVATE_DIR=/tmp/private

start()
{
    RUN_D=/var/run/samba
    SMB_CONF_DIR=/tmp/samba
    SYS_CONF_DIR=/tmp/config
    SMBD_PID_F=$RUN_D/smbd.pid
    SMB_PASSWD_DIR=/tmp/smbpasswd

    mkdir -p /var/run/samba/locks
    mkdir -p $SMB_CONF_DIR
#    cp -f $CUSTOM/etc/samba/samba3.conf $SMB_CONF_DIR/smb.conf
    cp -f $CUSTOM/etc/samba/samba4.conf $SMB_CONF_DIR/smb.conf
    cp -f $CUSTOM/etc/samba/lowcase.dat $SMB_CONF_DIR
    cp -f $CUSTOM/etc/samba/upcase.dat $SMB_CONF_DIR
    cp -f $CUSTOM/etc/samba/valid.dat $SMB_CONF_DIR
    mkdir -p $SYS_CONF_DIR
    cp -f $CUSTOM/usr/config/passwd $SYS_CONF_DIR
    cp -f $CUSTOM/usr/config/group $SYS_CONF_DIR
    mkdir -p $PRIVATE_DIR
    cp -f $CUSTOM/etc/samba/smbpasswd $PRIVATE_DIR
    cp -f $CUSTOM/etc/samba/passdb.tdb $PRIVATE_DIR
    mkdir -p $RUN_D

    /usr/sbin/update_smb
    /etc/init.d/dbus start
    /etc/init.d/avahi-daemon start
    /opt/bin/wsdd2 -d
}

stop() {
    killall -9 smbd
    cp -f $PRIVATE_DIR/passdb.tdb $CUSTOM/etc/samba/passdb.tdb
    /etc/init.d/avahi-daemon stop
    /etc/init.d/dbus stop
    killall wsdd2
}

boot() {
    start &
    /etc/init.d/kcode boot
}

[ "$1" = "start" ] && start
[ "$1" = "stop" ] && stop

smbd is actually started by /usr/sbin/update_smb, which is a binary in the firmware and is hard coded to use the original Samba3 smbd. It also re-writes /etc/smb.conf, which is unhelpful. I used strings to try to guess what it was doing, then created a replacement script to replicate the necessary bits:

#!/bin/sh

if /bin/pidof smbd > /dev/zero 2>&1; then
    # Restart any smbd processes that are already running
    echo Restarting running smbd
    /usr/bin/killall -SIGHUP smbd
else
    # Start a new process
    /usr/sbin/taskset -p 3 `/bin/pidof usb-storage` > /dev/null 2>&1

    # Samba3
    # /usr/sbin/taskset -c 1 /usr/sbin/smbd -D -l /var/log/log.smbd > /dev/null 2>&1

    # Samba4
    /usr/sbin/taskset -c 1 /opt/sbin/smbd -D --configfile /etc/samba/smb.conf -l /var/log > /dev/null 2>&1

    /usr/sbin/taskset -p 1 `/bin/pidof usb-storage` > /dev/null 2>&1
fi

To set up user-level share control, I first had to create new /etc/passwd and /etc/groups files, to create new Linux users. I was then able to use smbpasswd to set up matching Samba users (which doesn't work if the Linux users aren't valid). I tried using a tbdsam password backend for Samba4, but had to use a plain smbpasswd file for Samba3, as tbdsam isn't supported. Some of the tweaks to the init script make sure that all these configuration files are copied from my HDD to the right places at runtime.

Finally, I had to set up my Samba configuration file. I've copied the Samba4 version here, but my Samba3 version is virtually identical. The main difference was that I had to specify different paths to the log file (possibly because the Entware version of Samba4 is compiled with a default /opt prefix on all its configuration files); this also had to be specified on the command line for Samba3, and caused server startup to abort if it was wrong. I also tried tweaking the protocol version configuration. For Samba3, I added min protocol = SMB2 to disable SMB1, and tried removing the max protocol = SMB2 line. However, SMB3 doesn't seem to be supported by Samba3 and I started to get connection areas. Samba4 defaults to SMB2 anyway, and seemed happy allowing any higher version, but I've restricted it to SMB2 for debugging.

[global]
  workgroup = WORKGROUP
  netbios name = Nighthawk
  disable netbios = yes
  lm announce = no
  bind interfaces only = yes
  server string = Study router
  log file = /var/log
  log level = 10
  max log size = 10
  obey pam restrictions = no
  disable spoolss = yes
  strict allocate = no
  host msdfs = no
  security = user
  map to guest = Never
  pam password change = no
  smb encrypt = disabled
#  min protocol = SMB3_11
  max protocol = SMB2
  passdb backend = smbpasswd:/mnt/sda1/firmware/etc/samba/smbpasswd
  private dir = /tmp/private
  state directory = /var/run/samba/locks
  cache directory = /var/run/samba/locks
  lock directory = /var/run/samba/locks
  enable core files = no
  deadtime = 30
  use sendfile = yes
  map archive = no
  map hidden = no
  map read only = no
  map system = no
  store dos attributes = yes
  dos filemode = yes
  oplocks = yes
  level2 oplocks = yes
  kernel oplocks = no
  wide links = no
  min receivefile size = 16384
  socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072

[USB_Storage]
  path = /tmp/mnt/sda1/
  browsable = yes
  writeable = yes
  guest ok = no
  valid users = root, admin, james
  force directory mode = 0777
  force create mode = 0777

What doesn't work​

With the above configuration (give or take logging), Samba3 seems to work fine. Samba4 works to a certain extent: I can discover the server in Windows (using WSD discovery), and after I have authenticated, I can see the shared folder. This tells me that user authentication is working: Windows 11 doesn't let you connect as a guest, so Samba won't show you the list of shares unless you are authenticated.

What I can't do is actually browse the files in any share I create. When I try to open the share in Windows, I get the error "\\Nighthawk\USB_Storage is unavailable. If the location is on this PC, make sure the device or drive is connected or the disc is inserted, and then try again..." Connecting from an Android client gives a similar message. When I examine /var/log/log.smbd, I can see that the client connection is accepted and the user is validated, but when the server attempts to open the root directory of the share (i.e. .), it gets a bad file handle, which leads to a NT_STATUS_INVALID_HANDLE error, followed by NT_STATUS_OBJECT_PATH_NOT_FOUND. This message is too long to include the log here, so I'll continue in a follow-on post.

 

[JRI]

Log extract​

[2025/02/22 15:24:43.028818, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2] ../../source3/smbd/smb2_create.c:864(smbd_smb2_create_send)
  smbd_smb2_create_send: open execution phase
[2025/02/22 15:24:43.028881, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:559(openat_pathref_fsp)
  openat_pathref_fsp: smb_fname [.]
[2025/02/22 15:24:43.028912, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:459(openat_pathref_fullname)
  openat_pathref_fullname: smb_fname [.]
[2025/02/22 15:24:43.028943,  5, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:76(fsp_new)
  fsp_new: allocated files structure (1 used)
[2025/02/22 15:24:43.029006, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:2022(file_name_hash)
  file_name_hash: /tmp/mnt/sda1/. hash 0x8f426f15
[2025/02/22 15:24:43.029131, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/open.c:798(non_widelink_open)
  non_widelink_open: fstat[at](.) failed: Bad file descriptor
[2025/02/22 15:24:43.029193, 10, pid=31521, effective(1, 2), real(1, 0), class=locking] ../../source3/locking/posix.c:481(delete_lock_ref_count)
  delete_lock_ref_count for file .
[2025/02/22 15:24:43.029256, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/open.c:966(fd_openat)
  fd_openat: name ., flags = 04000 mode = 00, fd = -1. NT_STATUS_INVALID_HANDLE
[2025/02/22 15:24:43.029287, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:534(openat_pathref_fullname)
  openat_pathref_fullname: Opening pathref for [.] failed: NT_STATUS_INVALID_HANDLE
[2025/02/22 15:24:43.029349,  5, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:1812(file_free)
  file_free: freed files structure 0 (0 used)
[2025/02/22 15:24:43.029381,  3, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/files.c:1237(synthetic_pathref)
  synthetic_pathref: opening [.] failed
[2025/02/22 15:24:43.029412, 10, pid=31521, effective(1, 2), real(1, 0)] ../../source3/smbd/filename.c:1169(filename_convert_dirfsp_nosymlink)
  filename_convert_dirfsp_nosymlink: opening directory  failed: NT_STATUS_INVALID_HANDLE
[2025/02/22 15:24:43.029474,  3, pid=31521, effective(1, 2), real(1, 0), class=smb2] ../../source3/smbd/smb2_server.c:3962(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_PATH_NOT_FOUND] || at ../../source3/smbd/smb2_create.c:340
[2025/02/22 15:24:43.029506, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2] ../../source3/smbd/smb2_server.c:3847(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: mid [7] idx[1] status[NT_STATUS_OBJECT_PATH_NOT_FOUND] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:4013
[2025/02/22 15:24:43.029537, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:975(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8160/8192, total granted/max/low/range 33/8192/8/33
[2025/02/22 15:24:43.030911, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2] ../../source3/smbd/smb2_server.c:5003(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 9 vectors
[2025/02/22 15:24:43.030943, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:718(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 8 (position 8) from bitmap
[2025/02/22 15:24:43.030974, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:718(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 9 (position 9) from bitmap
[2025/02/22 15:24:43.031036, 10, pid=31521, effective(1, 2), real(1, 0), class=smb2] ../../source3/smbd/smb2_server.c:2986(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 8

What could be the problem?​

Any ideas what could be causing the bad file handle? I've had the following thoughts:

• Bad file/directory permissions stopping the server opening the file. However, the same configuration works with Samba3.
• Bad path for the share, perhaps due to the compiled-in Entware prefix. However, I've also added a symlink from /opt/mnt/sda1 to /tmp/mnt/sda1 just in case, and it didn't help. The correct path appears in the log anyway.
• Some problem creating a lock file or similar? However, I've run over the configuration file with testparm and created all the missing directories it complained about. smbd is running as root anyway, so it should have sufficient permissions.
• A missing library or other dependency. Do I need to install something else from Entware? If so, what?
• A bug in this version of Samba4 (4.18.8). Has anyone had success with a different version (the threads I have found where people have it working seem to be different versions, or different routers). How can I get a more recent version to try? Are there any instructions for cross-compiling onto the R7800?

Any other suggestions? Thanks in advance for any help - and for making it to the end of this epic post!