Have you edited/created this user without SMBv1 mode? In this case you have no password hashes for SMBv1 in the database. You need to reset this with enabled SMBv1 if you plan to use it.
I think you are right. But now smbd is not running.
if i run /etc/init.d/samba start twice, second time you can see that smbd is not working.
It starts to work after starting samba in services. But SMB daemon is stil red.
I once reset the password with SMB1 enabled and started the service. Now I get the following message where I can still log in via Windows 10.
In the meantime I have put together a VM and try to test the options with Smaba version 4.13.1. Unfortunately the previous options don’t work with Sonos and the Sonos support didn’t give me any real hope.
Try to install old Samba versions on my Ubuntu 20.04 VM but it doesn’t work yet.
I try my luck with a FTP server.
Try your luck with a DNLA server like Plex or Serviio
but i think that doesn’t work also
I would invest in a new multimedia system. BTW any Smart TV is doing this… 
It is gruelling to find a solution here that does not hurt your wallet. Yes FTP does not work but why the hell doesn’t the current Samba work with SMB1 enabled?
Within my VM with SambaI have set the following values directly under [Global] and up to now they were always at the bottom of my screen. The access works now.
#======================= Global Settings =======================
[global]
server min protocol = NT1
ntlm auth = yes
###################
I am now testing it once on the router.
I was missing the info that the values must be set directly under [Global].
With these values, you’ll finally be able to access and share your files in Sonos. Unfortunately after saving the file “/var/ipfire/samba/smb.conf” is changed again and the entries are missing.
How can I make sure that the values are always stored in the file below [Global]?
Is it better for security reasons to store the SMB share on a VM and away from the ipfire system? Does this share make the router (ipfire) vulnerable?
Hi,
yes, it is a good idea to move the Samba server away from IPFire in terms of security. 
Thanks, and best regards,
Peter Müller
Ok I will maybe use a VM for this.
But how can you save the options (lines) directly below [Global] because they will disappear again and again?
Second question.
How could you access or integrate local data from the router (in my case the audio files) from another Linux system (Ubuntu 20.04 - QEMU) in the best and safest way possible?
Every time you save things from the Samba web page then the smb.conf file is rewritten with any changes from the web page. Normally you would use the smb.conf.local file for things you wanted to add that were not on the web page but as far as I am aware this local file is appended to the end of smb.conf
Therefore, as far as I can tell, your only option is to add the line back in each time you save the samba web page and not to save from the web page unless you are actually changing something.
If you are moving the share away from IPFire to a VM then why don’t you also move the Samba Server itself to the VM.
I still need Samba on the ipfire for the backup of my Windows client (VEEAM / ca. 500GB) and a separate hard disk (SSD M.2) is installed on the router.
Of course you can access it via the current Samba version without SMB1.
I have now created a new VM (Ubuntu) on my router (qemu) with Samba and a SMB1 share on my router.
The access works with the following parameters and my router is protected.
I thank all involved and wish you a relaxing weekend.
MfG Paul
————————-
smb.local
[global]
server min protocol = NT1
ntlm auth = yes
2 Likes
@Pablo78 no intent to disrespect your choices but… Using a router as a server might not be the best idea. At least, with a so specific distro as IPfire.
Also, AFAIK Windows Clients supports SMBv2 and SMBv3, and this part of the OS is used by Veeam for backup, so SMBv1 should not be a necessity, unless you’re using Windows XP. Since Vista (dated 2006) Microsoft’s client OS supports SMBv2, unless disabled via registry.
I don’t mind if someone use a really old car (1960) as daily driver, but I assume that this car is really much more dangerous in case of impact than a newer one (starting from EuroNCAP tests) and the onwer/driver is aware of that.
So I don’t mind if you’re using this setup, maybe it suits your needs and works perfectly fine for current use. But it suboptimal (IMVHO) as network architecture, system management and performance. And with SMBv1 is… not that safe.
Please, consider my opinions only as “Hey, I would do that differently”, again no disrespect for your choices.
The correct file name is /var/ipfire/smb.conf.local and it should not have a global section. (The content will added at the end of the global section of smb.conf)
Hello Arne.
If I create the file smb.conf.local manually and put the values
server min protocol = NT1
ntlm auth = yes
and a wrap behind it, then after a restart of the service (samba) the smb.conf is changed as follows.
But SMBv1 only worked for me if the options were directly below the line ( [global] ) and I don’t do a save on the web interface anymore.
Here the Original smb.local
This is strange because the order of the commands should not important (except a key exist twice, in this case the later entry should win)
Run testparm to check how samba interpretes the config.
other question: Is a dot allowed in a workgroup name?
I only set the value in the workgroup but never used it that way. But in the meantime I have moved my media library to a VM and don’t need SMBv1 on the router anymore.
1 Like