Can Nemo "Connect to server" be made to use NTLM? [Solved]

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
henrylaw
Level 1
Level 1
Posts: 5
Joined: Mon Mar 02, 2015 3:56 pm

Can Nemo "Connect to server" be made to use NTLM? [Solved]

Post by henrylaw » Tue Apr 24, 2018 6:58 am

The charity for which I'm IT manager has a Netgear NAS unit; users' clients are all Windows 10 machines. Their access to the different shares works smoothly: browse the network, find the NAS, open the share.

But if on my Mint 18.3 laptop I use Nemo "Connect to server" and fill in the NAS details and my credentials, access fails. Messing around with "mount -t cifs" in a terminal shows that the problem appears to lie in the use (or in the case of Nemo failure to use) NTLM. Specifically, if I put "sec=ntlm" in the mount options the operation succeeds; without that option the mount fails. (I've watched the network traffic and seen the error messages: I'm fairly sure about this). Nemo version is 3.0.6 and I'm running the Cinnamon desktop.

Can Nemo be made to add that "ntlm" option to the mount command it (presumably) uses when executing "Connect to server"? If not, is there a file manager that would do that?
Last edited by henrylaw on Tue Apr 24, 2018 10:41 am, edited 1 time in total.

altair4
Level 19
Level 19
Posts: 9275
Joined: Tue Feb 03, 2009 10:27 am

Re: Can Nemo "Connect to server" be made to use NTLM?

Post by altair4 » Tue Apr 24, 2018 7:46 am

I'm going to give you two options:

[1] Alter smb.conf.

Samba has evolved over the last few years but as I remember you have to disable ntlmv2 and enable the old lanman protocol. You do that by editing /etc/samba/smb.conf and right under the workgroup = WORKGROUP line add these two:

Code: Select all

client lanman auth = yes
client ntlmv2 auth = no
The problem with that approach is that this will affect how you access more modern operating systems like Win10 for example.

[2] Use mount.cifs a different way.

I wrote an alternative to the built in way that Nemo accesses samba shares ( gvfs ) using CIFS in fstab: On Demand CIFS Mounting of Shares

Short Version:

** Create a mount point in the user's home directory or directly under /media.
** Then add a mount statement to /etc/fstab that looks something like this:

Code: Select all

//nas/nas-share /media/NAS cifs username=nnn,password=ppp,uid=1000,sec=ntlm,noauto,user 0 0
OR this depending on what Linux kernel version you are using:

Code: Select all

//nas/nas-share /media/NAS cifs username=nnn,password=ppp,uid=1000,sec=ntlm,vers=1.0,noauto,user 0 0
The noauto option will make it so that it does not mount at boot time and the user option allows an ordinary ( non root / sudo ) user to mount the share.

What happens is pure magic. Because it's under /media or a user's home directory the mount point shows up in the side panel of nemo as an "actionable" link. When clicked on it will go to fstab to find out how to mount the share.

This way you can use Nemo in it's default smb.conf configuration to access any other shares that are available but use a CIFS mount for special share requirements.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.

henrylaw
Level 1
Level 1
Posts: 5
Joined: Mon Mar 02, 2015 3:56 pm

Re: Can Nemo "Connect to server" be made to use NTLM? [Solved]

Post by henrylaw » Tue Apr 24, 2018 10:40 am

Option 1 isn't a go-er because it's a Netgear NAS and I don't have access to its smb.conf (*)

Option 2 is neat and it will solve my problem. It slightly offends my sense of technical propriety that you have to know the shares you're going to access and put them in /etc/fstab beforehand; but given I'm the guy who sets up the shares, and they don't change often, it will be OK for me. Shame, but THIW.

Additionally I found your "Bonus info II" really helpful ("Some but not all NAS devices use a version of samba that can only be described as antique..." and so on); our NAS is indeed an old one and I now know why I have the problem I described and lots of others with Windows 10 and so on. So thank you additionally for that insight.

* I notice though that the backup of the Netgear NAS is a ZIP archive containing numerous control files, including smb.conf. I guess it might be possible to change smb.conf in the NAS by editing it within the backup ZIP file and then restoring from it ...

altair4
Level 19
Level 19
Posts: 9275
Joined: Tue Feb 03, 2009 10:27 am

Re: Can Nemo "Connect to server" be made to use NTLM? [Solved]

Post by altair4 » Tue Apr 24, 2018 11:56 am

henrylaw wrote:
Tue Apr 24, 2018 10:40 am
Option 1 isn't a go-er because it's a Netgear NAS and I don't have access to its smb.conf (*)
....
....
* I notice though that the backup of the Netgear NAS is a ZIP archive containing numerous control files, including smb.conf. I guess it might be possible to change smb.conf in the NAS by editing it within the backup ZIP file and then restoring from it ...
It's Mint's smb.conf not the Netgear's smb.conf. smb.conf controls the Samba server and client so in this case you would be altering the way the samba client on Mint accesses the server's smb shares.

But I find the cifs option more ... um .... elegant :oops:
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.

rene
Level 8
Level 8
Posts: 2226
Joined: Sun Mar 27, 2016 6:58 pm

Re: Can Nemo "Connect to server" be made to use NTLM? [Solved]

Post by rene » Tue Apr 24, 2018 12:34 pm

henrylaw wrote:
Tue Apr 24, 2018 10:40 am
Option 1 isn't a go-er because it's a Netgear NAS and I don't have access to its smb.conf
Altair4 already specified that he was talking about your Mint system's smb.conf but other than that, "sure you do". Depending on the model/vintage of ReadyNAS,

https://kb.netgear.com/30068/ReadyNAS-O ... ion-guides

or the "Enable root SSH" add-on for the specific RAIDiator 4.x or 5.x version:

https://kb.netgear.com/24545/ReadyNAS-Apps-Add-ons

Once enabled/installed you log in as ssh root@nas with your admin password, i.e., the same password as used for the admin web interface.

Post Reply

Return to “Software & Applications”