Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Issues connecting to a local NAS
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Hysteria
n00b
n00b


Joined: 16 Jun 2024
Posts: 3

PostPosted: Sat Jul 13, 2024 4:57 am    Post subject: [SOLVED] Issues connecting to a local NAS Reply with quote

Hi all,

I'm very new to Gentoo - over the past week or so, whenever I find myself with a bit of free time, I've been slowly making my way through the issues caused by a brand new setup, using openrc instead of systemd (which I am more familiar with), and so on. On the whole, it's been going well, but I have one problem I haven't been able to make any headway on.


I have a NAS on my local network, and I'm trying to connect to it with my Gentoo machine. Normally I do so through KDE's dolphin file explorer - I can simply go:
Code:
smb://[IP-Address]/NAS/
and then I'm in. I get asked for NAS credentials if it's my first time connecting, but otherwise it's entirely over to kwallet. At the moment, this works on my Arch Linux machine.

On my new Gentoo machine, however, I get the following (with real IP addresses, of course), and I'm not sure how to deal with it:
Code:
lp_load_ex: refreshing parameters
added interface wlp7s0 ip=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx bcast= netmask=ffff:ffff:ffff:ffff::
added interface wlp7s0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0
kf.kio.core: Can't communicate with kiod_kpasswdserver (for checkAuthInfo)!
lp_load_ex: refreshing parameters
added interface wlp7s0 ip=xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx bcast= netmask=ffff:ffff:ffff:ffff::
added interface wlp7s0 ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx netmask=255.255.255.0
kf.kio.core: Can't communicate with kiod_kpasswdserver (for checkAuthInfo)!
kf.kio.core: "Timeout on server\nxxx.xxx.xxx.xxx"


So - kio can't communicate with kiod_kpasswdserver. On an interesting and perhaps related note, I also get this when opening kwalletmanager5:
Code:
Couldn't start kwalletd:  QDBusError("org.freedesktop.DBus.Error.Spawn.ChildSignaled", "Process org.kde.kwalletd5 received signal 6")
Attempting to create a manual kwallet generates more of the same - so perhaps there's multiple issues going on here...


Some information about my setup:
  • I'm on the openrc desktop profile, on amd64, and keep to stable packages as much as possible;
  • I'm running gentoo-dist-bin at this stage - haven't gotten around to switching to something else yet;
  • I use hyprland, and start it with dbus-run-session. I also have the dbus service started, so dbus I hope should be good and running;
  • I don't run plasma, but I do use a lot of KDE utilities. Given this, I do start polkit-kde-authentication-agent-1 through hyprland's startup execution process. I also took to starting kiod5 here too, and that made some additional errors disappear (the above log is when kiod5 is started);
  • I also run
    Code:
    dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
    through this startup process - with the understanding that openrc will just ignore the systemd input. Both WAYLAND_DISPLAY and XDG_CURRENT_DESKTOP are set (to wayland-1 and Hyprland respectively);
  • Neither dmesg nor /var/log/messages seem to have any messages about this issue - all I have is the above log, which comes from dolphin itself.


Perhaps most importantly, I have the following packages set up with the following use flags.
  • I have the samba global USE flag set in make.conf;
  • kde-apps/dolphin --> handbook
  • kde-apps/kwalletmanager --> handbook
  • kde-frameworks/kwallet --> gpg man
  • kde-plasma/kwallet-pam --> N/A no flags selected
  • sys-auth/pambase --> elogind nullok passwdqc sha512
  • sys-libs/pam --> filecaps
  • kde-misc/kio-fuse --> N/A no flags selected
  • sys-fs/fuse --> suid
  • sys-fs/fuse-common --> N/A no flags on package
  • kde-apps/kio-extras --> X handbook man samba sftp
  • kde-frameworks/kio --> X acl handbook kwallet
  • kde-misc/kio-fuse --> N/A no flags selected
  • kde-plasma/ksshaskpass --> N/A no flags selected
  • net-fs/samba --> acl client cups pam regedit syslog system-mitkrb5 winbind


Some of these packages may not have been necessary to mention - I have to admit, I'm definitely not 100% on how all these different components work together :P Samba also likely has much too many USE flags on it - you can see I've been tinkering to see what kind of effect it would have.

Unfortunately my Internet searching hasn't managed to dig up anything that could solve this - has anyone here got any ideas about what could fix this?


Last edited by Hysteria on Mon Sep 23, 2024 11:08 pm; edited 1 time in total
Back to top
View user's profile Send private message
kgdrenefort
Guru
Guru


Joined: 19 Sep 2023
Posts: 314
Location: Somewhere in the 77

PostPosted: Thu Aug 08, 2024 10:23 am    Post subject: Reply with quote

Hello,

My ISP routeur allows me to do Samba to access the file on the external hard disk connected to it. Allowing my LAN to use these file on any hardware supporting samba.

This is how it get connected at each boot in my /etc/fstab file :

Code:
//192.168.X.XXX/Volume\0403000Go\0401 /mnt/freebox cifs _netdev,rw,iocharset=utf8,uid=meself,credentials=/home/xxx/.credentials,file_mode=0660,dir_mode=0775 0 2


You could maybe add it to your /etc/fstab and try :

Code:
mount -a


After, of course, modifying this line with your relevant informations : IP, name, mounting point (it has to exist before of course), the file with your credential, looking like this:

Code:
username=yourusername
password=yourpassword


Also, I had to add the following USE flag to enable Samba on my Gentoo : Samba

If it's still not working, please provide us the output of the following command :

Code:
emerge --info


Regards,
GASPARD DE RENEFORT Kévin
_________________
Traduction wiki, pour praticiper.
Custom logos/biz card/website.
Back to top
View user's profile Send private message
Hysteria
n00b
n00b


Joined: 16 Jun 2024
Posts: 3

PostPosted: Thu Aug 22, 2024 11:02 pm    Post subject: Reply with quote

Thanks for getting back to me!

Unfortunately, I've had no further luck. After setting up the fstab entry and running
Code:
mount -a

At first I got this particular error:
Code:
This program is not installed setuid root -  "user" CIFS mounts not supported.


I got this even when I didn't provide a UID on the fstab entry - the manpage assured me that the default of 0 (root) would be used but this didn't seem to make a difference. I got around that by running
Code:
sudo chmod u+s $(which mount.cifs)
I understand this may not exactly be recommended, but I'm at the point where I'm willing to try just about anything to get it working, and I can fix up any security holes or what have you later when I understand the cause of the problem a bit better.

Now the output of the mount command looks very familiar:
Code:
mount error(115): Operation now in progress
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)


I got that error a lot during my earlier troubleshooting. The manpage was interesting (and very long), but didn't seem to have much on this sort of thing. The kernel log, on the other hand, looks like this:
Code:

[  707.521583] Key type dns_resolver registered
[  707.606713] Key type cifs.spnego registered
[  707.606749] Key type cifs.idmap registered
[  707.607213] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1479.342843] CIFS: enabling forceuid mount option implicitly because uid= option is specified
[ 1479.342850] CIFS: Attempting to mount //<ip-address-here>/NAS
[ 1489.660959] CIFS: VFS: Error connecting to socket. Aborting operation.
[ 1489.660979] CIFS: VFS: cifs_mount failed w/return code = -115


Note that when I didn't pass in a UID on the fstab entry, the 'enabling forceuid mount' line did not appear.

Unfortunately that just leaves us with
Code:
emerge --info
Which looks like this:
Code:

Portage 3.0.65 (python 3.12.3-final-0, default/linux/amd64/23.0/desktop, gcc-13, glibc-2.39-r6, 6.6.41-gentoo-dist x86_64)
=================================================================
System uname: Linux-6.6.41-gentoo-dist-x86_64-Intel-R-_Pentium-R-_Silver_N5030_CPU_@_1.10GHz-with-glibc2.39
KiB Mem:     7993820 total,   5038104 free
KiB Swap:    8388604 total,   8388604 free
Timestamp of repository gentoo: Mon, 12 Aug 2024 22:33:54 +0000
Head commit of repository gentoo: a90ce72f9f7ee6add6d66694120648760c4eaae7

Timestamp of repository guru: Sat, 10 Aug 2024 20:48:48 +0000
Head commit of repository guru: ebc9f1475c2cd5a5cdaa35bb7b7c92abc456797c

Timestamp of repository librewolf: Sat, 10 Aug 2024 14:22:25 +0000
Head commit of repository librewolf: 4644bd7dcc349ddf05fbe0c43ecff7398d78fa17

Timestamp of repository nordvpn: Mon, 12 Aug 2024 13:33:54 +0000
Head commit of repository nordvpn: 08102e67c6dafa56ade1981407fa438df79cfe77

sh bash 5.2_p26-r6
ld GNU ld (Gentoo 2.42 p3) 2.42.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.2_p26-r6::gentoo
dev-build/autoconf:        2.13-r8::gentoo, 2.71-r7::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/cmake:           3.28.5::gentoo
dev-build/libtool:         2.4.7-r4::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.4.1::gentoo
dev-lang/perl:             5.38.2-r3::gentoo
dev-lang/python:           3.12.3-r1::gentoo
dev-lang/rust-bin:         1.79.0::gentoo
sys-apps/baselayout:       2.15::gentoo
sys-apps/openrc:           0.54.2::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/binutils:        2.42-r1::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           18.1.8::gentoo
sys-devel/gcc:             13.3.1_p20240614::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/lld:             18.1.8::gentoo
sys-devel/llvm:            18.1.8-r1::gentoo
sys-kernel/linux-headers:  6.6-r1::gentoo (virtual/os-headers)
sys-libs/glibc:            2.39-r6::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git
    priority: -1000
    volatile: False
    sync-git-verify-commit-signature: yes

guru
    location: /var/db/repos/guru
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/guru.git
    masters: gentoo
    volatile: False

librewolf
    location: /var/db/repos/librewolf
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/librewolf.git
    masters: gentoo
    volatile: False

nordvpn
    location: /var/db/repos/nordvpn
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/nordvpn.git
    masters: gentoo
    volatile: False

Binary Repositories:

gentoobinhost
    priority: 1
    sync-uri: https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -mtune=native -O2 -pipe -flto -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d"
CXXFLAGS="-march=native -mtune=native -O2 -pipe -flto -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--ask --jobs=4 --load-average=2 --keep-going                      --complete-graph=y"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=native -mtune=native -O2 -pipe -flto -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=native -mtune=native -O2 -pipe -flto -Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
GENTOO_MIRRORS="https://mirror.aarnet.edu.au/pub/gentoo/                 http://mirror.aarnet.edu.au/pub/gentoo/                 http://ftp.swin.edu.au/gentoo/"
LANG="en_AU.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
MAKEOPTS="-j4 -l2"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RUSTFLAGS="-C target-cpu=native -C opt-level=3"
SHELL="/bin/bash"
USE="X a52 aac acl acpi alsa amd64 appindicator bluetooth bzip2 cairo cdda cdr cet crypt cups dbus dri dts dvd dvdr elogind encode exif flac gdbm gif gpm gtk gui iconv icu ipv6 jack jit jpeg keyring kf6compat lcms libnotify libtirpc lto mad mng mp3 mp4 mpeg multilib native-extensions ncurses networkmanager nls ogg opengl openmp pam pango pcre pdf pgo pipewire png policykit ppds pulseaudio qt5 qt6 readline samba sdl seccomp socks5 sound spell ssl startup-notification svg symlink syslog test-rust tiff truetype udev udisks unicode upower usb vaapi vorbis vulkan wayland wxwidgets x264 xattr xcb xft xml xv xvid zlib" ABI_X86="64" ADA_TARGET="gcc_12" ALSA_CARDS="hda-intel hda-nvidia" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-AU en-GB en-US" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby31 ruby32" VIDEO_CARDS="intel nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS


Thanks again to anyone who's got any advice here.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22859

PostPosted: Fri Aug 23, 2024 1:36 am    Post subject: Reply with quote

What SMB dialects does this server offer? Which dialect does KDE use when using the KDE smb transport?
Hysteria wrote:
Code:
This program is not installed setuid root -  "user" CIFS mounts not supported.
I got this even when I didn't provide a UID on the fstab entry
I think you misunderstood the error message. Generally, on Linux, if you want to mount something, either you do it as root, or you run a setuid program (which becomes root on your behalf). To that end, mount.cifs has a courtesy check that notices you did neither of those things, and exits with an error message. As I read the source of mount.cifs, this check happens very early, before it has even checked what you want it to do. Presumably, if this check were absent, you would get a more confusing error later when the kernel rejects a privileged syscall from your unprivileged mount.cifs.
Hysteria wrote:
I got around that by running
Code:
sudo chmod u+s $(which mount.cifs)
I understand this may not exactly be recommended, but I'm at the point where I'm willing to try just about anything to get it working, and I can fix up any security holes or what have you later when I understand the cause of the problem a bit better.
I hope you are taking notes so that you can find later what you need to undo. In the meantime, you could have instead run mount as root so that you did not need to set the setuid flag on the helper.
Hysteria wrote:
The kernel log, on the other hand, looks like this:
Code:
[  707.607213] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
Have you tried this?
Hysteria wrote:
Code:
[ 1479.342843] CIFS: enabling forceuid mount option implicitly because uid= option is specified
Note that when I didn't pass in a UID on the fstab entry, the 'enabling forceuid mount' line did not appear.
Right. The message is triggered by using uid= without using forceuid. This was touched in cifs: reinstate original behavior again for forceuid/forcegid. I read the manual page as stating that uid= without forceuid is legal, sets a uid when the server fails to describe one, and is otherwise ignored. That does not appear to me to be how the kernel currently works.

Please show the fstab variants you tried.
Back to top
View user's profile Send private message
Hysteria
n00b
n00b


Joined: 16 Jun 2024
Posts: 3

PostPosted: Mon Sep 23, 2024 11:08 pm    Post subject: Reply with quote

Apologies for the delay on getting back to this - it's been an interesting month, shall we say.

In any case - I'm happy to say that this issue is now fixed. It was the NAS firewall itself, of all things. I'm still not 100% clear on why it let my Arch machines connect and not my Gentoo machines (even when they're the same machine), but I suspect it has something to do with the order of precedence of the firewall rules. I added a new rule specifically for the machine I was on, which changed the error message I was getting to:

Code:
Communication with the local password server failed


Which is a much more understandable error message. I manually started kiod6 (as I'm not actually running Plasma, just using a few of their programs) and got the username/password prompt I expected. Once I filled that in, I was in.

Done!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum