Tutorial How to get Samba 4.18.8 running on an RT-AX86U Pro running Merlin 3006.102.4_0

[iTyPsIDg]

I, like others, noticed that my 3006 firmware router was pegging the CPU at 100% when I enabled Samba in the GUI (version 3.6.25). I was using built-in Samba on my RT-AX86U running Merlin 3004.388.9_2 just fine. I had even figured out how to make Time Machine backups work.

The CPU issue made me decide to revisit my attempts to get Samba 4 running on my router.

I am now stable for several days and decided to write a tutorial for everyone (and myself if I have to repeat this).

Install Entware Samba 4 Packages:

# Ensure Entware is up to date
opkg update

# Install Samba 4 and its utilities
opkg install samba4-server samba4-utils

Create Samba Users in Entware:

/opt/bin/smbpasswd -a User1
/opt/bin/smbpasswd -a User2
/opt/bin/smbpasswd -a Router_Admin_Name

It'll prompt for the passwords after each command.

Update/create /opt/etc/samba/smb.conf:

[global]
   ## Identity and basic settings
   netbios name = RT-AX86U_PRO-82
   server string = RT-AX86U_Pro Samba4
   workgroup = WORKGROUP

   ## Security
   security = user
   passdb backend = smbpasswd
   smb passwd file = /opt/etc/samba/smbpasswd
   map to guest = Bad User
   guest ok = no

   ## Networking
   bind interfaces only = yes
   interfaces = br0

   ## Character sets
   unix charset = UTF8

   ## Performance / behavior
   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
   load printers = no
   disable spoolss = yes
   printing = bsd
   deadtime = 30

   ## Protocol versions
   min protocol = SMB2
   max protocol = SMB3
   smb encrypt = desired

   ## File and directory permissions
   create mask = 0777
   directory mask = 0777

   # -------------------------------------------------------------------
   # Turn off legacy NetBIOS altogether (no UDP/137,138 traffic)
   # We only use SMB2/3 over TCP (port 445) on macOS & Win11
   # -------------------------------------------------------------------
   disable netbios        = yes
   name resolve order     = host

   ## macOS compatibility (Time Machine, resource forks)
   strict allocate = yes
   vfs objects = catia fruit streams_xattr
   fruit:metadata = stream
   fruit:zero_file_id = yes
   fruit:model = MacSamba
   fruit:nfs_aces = no
   fruit:posix_rename = yes
   fruit:veto_appledouble = no
   fruit:wipe_intentionally_left_blank_rfork = yes
   fruit:delete_empty_ad_files = yes

   ## Logging
   log level = 1
   logging = syslog

###############################################################################
# Your Shares
###############################################################################

[TimeMachine]
   comment = TimeMachine
   path = /tmp/mnt/TimeMachine
   valid users = User1, User2
   read list    = User1, User2
   write list   = User1, User2
   browseable   = yes
   writable     = yes
   read only    = no
   create mask  = 0700
   directory mask  = 0700
   fruit:model = TimeCapsule
   fruit:time machine = yes

[Shared]
   comment = Shared Data
   path = /tmp/mnt/Data/Shared
   valid users = User1, User2
   read list    = User1, User2
   write list   = User1, User2
   browseable   = yes
   writable     = yes

[User2]
   comment = User2 Data
   path = /tmp/mnt/Data/User2
   valid users = User2
   read list    = User2
   write list   = User2
   browseable   = yes
   writable     = yes
   create mask  = 0700
   directory mask  = 0700

[User1]
   comment = User1 Data
   path = /tmp/mnt/Data/User1
   valid users = User1
   read list    = User1
   write list   = User1
   browseable   = yes
   writable     = yes
   create mask  = 0700
   directory mask  = 0700

Modify /opt/etc/init.d/S91smb so that smbd is replaced with /opt/sbin/smbd. Do the same thing for nmbd or comment it out if you want to disable NETBIOS (what I did).

#!/bin/sh

[ -f /opt/etc/samba/smb.conf ] || exit 0

mkdir -p /opt/var/log/samba
mkdir -p /opt/var/lib/samba/private
mkdir -p /opt/var/cache/samba
mkdir -p /opt/var/run/samba/ncalrpc

start() {
    echo "Starting SMB services: "
    /opt/sbin/smbd -D
    [ $? = 0 ] && echo "OK" || echo "FAIL"

#    echo "Starting NMB services: "
#    /opt/sbin/nmbd -D
#    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

stop() {
    echo "Shutting down SMB services: "
    kill -9 `pidof smbd`
    [ $? = 0 ] && echo "OK" || echo "FAIL"

#    echo "Shutting down NMB services: "
#    kill -9 `pidof nmbd`
#    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

restart() {
    stop
    start
}

reload() {
    echo "Reloading smb.conf file: "
    kill -HUP `pidof smbd`
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
    ;;
  reload)
    reload
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|reload}"
    exit 1
esac

exit $?

Now we need to ensure that it doesn't automatically get killed whenever you reboot your router. I tried a lot of things, but this seemed to do the trick:
1. Create /jffs/scripts/custom-start-smb.sh:

#!/bin/sh#
# only start my services if they’re not already running

# 1) Bail out if Core-Files/Entware isn’t mounted yet
[ -x /opt/bin/opkg ] || exit 0

MARKER=/jffs/configs/.smb_started

# 2) if we already did our “first start”, bail
[ -f "$MARKER" ] && exit 0

# 3) Samba
if ! pidof smbd >/dev/null; then
  logger -t custom-start "First-time start: Samba4"
  /opt/etc/init.d/S91smb start
fi

# record that we ran once
touch "$MARKER"

2. Add this to /jffs/scripts/service-event:

if { [ "$1" = "stop" ] || [ "$1" = "restart" ]; } && [ "$2" = "samba" -o "$2" = "nasapps" ]; then
  logger -t entware-smb "service-event: firmware NAS stopping, clearing .smb_started flag"
  rm -f /jffs/configs/.smb_started
fi

3. Add this to /jffs/scripts/post-mount:

[ -x "${1}/entware/bin/opkg" ] && rm -f /jffs/configs/.smb_started # clear stale flag file so our cron task will run

4. Create our cron job:
cru a entware_smb */3 * * * * /jffs/scripts/custom-start-smb.sh

Now you can reboot (my preference) or just run /opt/etc/init.d/S91smb start and enjoy Samba 4. In my experience, it comes up significantly faster and does not peg the CPU. Even on my old router running the 3004 firmware, one CPU was typically pegging at 100% for several minutes after a reboot before I could access the shares.

I'll make a separate post about avahi later. I'm still working out the kinks on that.

 

[iTyPsIDg]

My shares:

smbutil statshares -a

==================================================================================================
SHARE                         ATTRIBUTE TYPE                VALUE
==================================================================================================
User1
                              SERVER_NAME                   RT-AX86U_Pro-82C8 - Data._smb._tcp.local
                              USER_ID                       501
                              SMB_NEGOTIATE                 SMBV_NEG_SMB1_ENABLED
                              SMB_NEGOTIATE                 SMBV_NEG_SMB2_ENABLED
                              SMB_NEGOTIATE                 SMBV_NEG_SMB3_ENABLED
                              SMB_VERSION                   SMB_3.1.1
                              SMB_ENCRYPT_ALGORITHMS        AES_128_CCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_128_GCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_256_CCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_256_GCM_ENABLED
                              SMB_CURR_ENCRYPT_ALGORITHM    AES-128-GCM
                              SMB_SIGN_ALGORITHMS           AES_128_CMAC_ENABLED
                              SMB_SIGN_ALGORITHMS           AES_128_GMAC_ENABLED
                              SMB_CURR_SIGN_ALGORITHM       AES_128_GMAC
                              COMPRESSION_IO_THRESHOLD      4096
                              COMPRESSION_CHUNK_LEN         262144
                              COMPRESSION_MAX_FAIL_CNT      5
                              WRITE_COMPRESSION_CNT         0
                              WRITE_CNT_LZ77Huff            0
                              WRITE_CNT_LZ77                0
                              WRITE_CNT_LZNT1               0
                              WRITE_CNT_FWD_PATTERN         0
                              WRITE_CNT_BWD_PATTERN         0
                              READ_COMPRESSION_CNT          0
                              READ_CNT_LZ77Huff             0
                              READ_CNT_LZ77                 0
                              READ_CNT_LZNT1                0
                              READ_CNT_FWD_PATTERN          0
                              READ_CNT_BWD_PATTERN          0
                              SMB_SHARE_TYPE                DISK
                              SIGNING_SUPPORTED             TRUE
                              EXTENDED_SECURITY_SUPPORTED   TRUE
                              UNIX_SUPPORT                  TRUE
                              LARGE_FILE_SUPPORTED          TRUE
                              OS_X_SERVER                   TRUE
                              DFS_SUPPORTED                 TRUE
                              FILE_LEASING_SUPPORTED        TRUE
                              MULTI_CREDIT_SUPPORTED        TRUE
                              MULTI_CHANNEL_SUPPORTED       TRUE
                              ENCRYPTION_REQUIRED           TRUE
                              SESSION_RECONNECT_TIME        0:0
                              SESSION_RECONNECT_COUNT       0

--------------------------------------------------------------------------------------------------
Shared
                              SERVER_NAME                   RT-AX86U_Pro-82C8 - Data._smb._tcp.local
                              USER_ID                       501
                              SMB_NEGOTIATE                 SMBV_NEG_SMB1_ENABLED
                              SMB_NEGOTIATE                 SMBV_NEG_SMB2_ENABLED
                              SMB_NEGOTIATE                 SMBV_NEG_SMB3_ENABLED
                              SMB_VERSION                   SMB_3.1.1
                              SMB_ENCRYPT_ALGORITHMS        AES_128_CCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_128_GCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_256_CCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_256_GCM_ENABLED
                              SMB_CURR_ENCRYPT_ALGORITHM    AES-128-GCM
                              SMB_SIGN_ALGORITHMS           AES_128_CMAC_ENABLED
                              SMB_SIGN_ALGORITHMS           AES_128_GMAC_ENABLED
                              SMB_CURR_SIGN_ALGORITHM       AES_128_GMAC
                              COMPRESSION_IO_THRESHOLD      4096
                              COMPRESSION_CHUNK_LEN         262144
                              COMPRESSION_MAX_FAIL_CNT      5
                              WRITE_COMPRESSION_CNT         0
                              WRITE_CNT_LZ77Huff            0
                              WRITE_CNT_LZ77                0
                              WRITE_CNT_LZNT1               0
                              WRITE_CNT_FWD_PATTERN         0
                              WRITE_CNT_BWD_PATTERN         0
                              READ_COMPRESSION_CNT          0
                              READ_CNT_LZ77Huff             0
                              READ_CNT_LZ77                 0
                              READ_CNT_LZNT1                0
                              READ_CNT_FWD_PATTERN          0
                              READ_CNT_BWD_PATTERN          0
                              SMB_SHARE_TYPE                DISK
                              SIGNING_SUPPORTED             TRUE
                              EXTENDED_SECURITY_SUPPORTED   TRUE
                              UNIX_SUPPORT                  TRUE
                              LARGE_FILE_SUPPORTED          TRUE
                              OS_X_SERVER                   TRUE
                              DFS_SUPPORTED                 TRUE
                              FILE_LEASING_SUPPORTED        TRUE
                              MULTI_CREDIT_SUPPORTED        TRUE
                              MULTI_CHANNEL_SUPPORTED       TRUE
                              ENCRYPTION_REQUIRED           TRUE
                              SESSION_RECONNECT_TIME        0:0
                              SESSION_RECONNECT_COUNT       0

--------------------------------------------------------------------------------------------------
TimeMachine
                              SERVER_NAME                   RT-AX86U_Pro-82C8 - TimeMachine._smb._tcp.local
                              USER_ID                       501
                              SMB_NEGOTIATE                 SMBV_NEG_SMB1_ENABLED
                              SMB_NEGOTIATE                 SMBV_NEG_SMB2_ENABLED
                              SMB_NEGOTIATE                 SMBV_NEG_SMB3_ENABLED
                              SMB_VERSION                   SMB_3.1.1
                              SMB_ENCRYPT_ALGORITHMS        AES_128_CCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_128_GCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_256_CCM_ENABLED
                              SMB_ENCRYPT_ALGORITHMS        AES_256_GCM_ENABLED
                              SMB_CURR_ENCRYPT_ALGORITHM    AES-128-GCM
                              SMB_SIGN_ALGORITHMS           AES_128_CMAC_ENABLED
                              SMB_SIGN_ALGORITHMS           AES_128_GMAC_ENABLED
                              SMB_CURR_SIGN_ALGORITHM       AES_128_GMAC
                              COMPRESSION_IO_THRESHOLD      4096
                              COMPRESSION_CHUNK_LEN         262144
                              COMPRESSION_MAX_FAIL_CNT      5
                              WRITE_COMPRESSION_CNT         0
                              WRITE_CNT_LZ77Huff            0
                              WRITE_CNT_LZ77                0
                              WRITE_CNT_LZNT1               0
                              WRITE_CNT_FWD_PATTERN         0
                              WRITE_CNT_BWD_PATTERN         0
                              READ_COMPRESSION_CNT          0
                              READ_CNT_LZ77Huff             0
                              READ_CNT_LZ77                 0
                              READ_CNT_LZNT1                0
                              READ_CNT_FWD_PATTERN          0
                              READ_CNT_BWD_PATTERN          0
                              SMB_SHARE_TYPE                DISK
                              SIGNING_SUPPORTED             TRUE
                              EXTENDED_SECURITY_SUPPORTED   TRUE
                              UNIX_SUPPORT                  TRUE
                              LARGE_FILE_SUPPORTED          TRUE
                              OS_X_SERVER                   TRUE
                              DFS_SUPPORTED                 TRUE
                              FILE_LEASING_SUPPORTED        TRUE
                              MULTI_CREDIT_SUPPORTED        TRUE
                              MULTI_CHANNEL_SUPPORTED       TRUE
                              ENCRYPTION_REQUIRED           TRUE
                              SESSION_RECONNECT_TIME        0:0
                              SESSION_RECONNECT_COUNT       0

--------------------------------------------------------------------------------------------------

 

[ColinTaylor]

Good stuff. But I think on balance, as you're already having to modify S91smb, I'd still prefer my solution. That way you shouldn't need those three other scripts or the cron job.

Either way you still have to be careful if there's an update to Entware's samba4-server as it will overwrite your changes in S91smb.

 

[iTyPsIDg]

Good stuff. But I think on balance, as you're already having to modify S91smb, I'd still prefer my solution. That way you shouldn't need those three other scripts or the cron job.

Either way you still have to be careful if there's an update to Entware's samba4-server as it will overwrite your changes in S91smb.

During upgrades to Entware's samba4-server, does your solution require copying the smbd and nmbd files again? Mine should only require modifying the S91smb file, which both our solutions require.

 

[ColinTaylor]

During upgrades to Entware's samba4-server, does your solution require copying the smbd and nmbd files again? Mine should only require modifying the S91smb file, which both our solutions require.

I haven't actually used this since the initial discussion in 2022, but theoretically yes. But as we're already modifying the file names in S91smb I would just put two copy statements near the beginning of that script (e.g. cp -p /opt/sbin/smbd /opt/sbin/smbd4).

I've been mulling over the idea of renaming the customised S91smb file to S90smb and then deleting the original script (from within S90smb). But there might be potential issues with that. I need to think about it a bit more.

 

[ColinTaylor]

@iTyPsIDg What do you think of this for S90smb? Seems to work OK as far as I can tell. (This assumes the router's built-in Samba is disabled in the GUI.)

#!/bin/sh

[ -f /opt/etc/samba/smb.conf ] || exit 0

mkdir -p /opt/var/log/samba
mkdir -p /opt/var/lib/samba/private
mkdir -p /opt/var/cache/samba
mkdir -p /opt/var/run/samba/ncalrpc
cp -p /opt/sbin/smbd /opt/sbin/smbd4
cp -p /opt/sbin/nmbd /opt/sbin/nmbd4
chmod 000 /opt/etc/init.d/S91smb

start() {
    echo "Starting SMB services: "
    smbd4 -D
    [ $? = 0 ] && echo "OK" || echo "FAIL"

    echo "Starting NMB services: "
    nmbd4 -D
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

stop() {
    echo "Shutting down SMB services: "
    kill -9 `pidof smbd4`
    [ $? = 0 ] && echo "OK" || echo "FAIL"

    echo "Shutting down NMB services: "
    kill -9 `pidof nmbd4`
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

restart() {
    stop
    start
}

reload() {
    echo "Reloading smb.conf file: "
    kill -HUP `pidof smbd4`
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
    ;;
  reload)
    reload
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|reload}"
    exit 1
esac

exit $?

Side note: If Entware is not shutdown properly after an update the chmod command is still effective on the initial startup because busybox's source command is non-standard (i.e. requires execute permission). Yuk.

Windows Users

If you want your Samba shares to appear in Windows File Explorer see post #15.

 

[iTyPsIDg]

@iTyPsIDg What do you think of this for S90smb? Seems to work OK as far as I can tell. (This assumes the router's built-in Samba is disabled in the GUI.)

#!/bin/sh

[ -f /opt/etc/samba/smb.conf ] || exit 0

mkdir -p /opt/var/log/samba
mkdir -p /opt/var/lib/samba/private
mkdir -p /opt/var/cache/samba
mkdir -p /opt/var/run/samba/ncalrpc
cp -p /opt/sbin/smbd /opt/sbin/smbd4
cp -p /opt/sbin/nmbd /opt/sbin/nmbd4
chmod 000 /opt/etc/init.d/S91smb

start() {
    echo "Starting SMB services: "
    smbd4 -D
    [ $? = 0 ] && echo "OK" || echo "FAIL"

    echo "Starting NMB services: "
    nmbd4 -D
    [ $? = 0 ] && echo "OK" || echo "FAIL"

    echo "Starting WSDD services: "
    NBN=$(grep -i "netbios name" /opt/etc/samba/smb.conf | awk '{print $4}')
    if [ -z $NBN ]; then
      /usr/sbin/wsdd2 -d -w -i br0
    else
      /usr/sbin/wsdd2 -d -w -i br0 -b sku:$NBN
    fi
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

stop() {
    echo "Shutting down SMB services: "
    kill -9 `pidof smbd4`
    [ $? = 0 ] && echo "OK" || echo "FAIL"

    echo "Shutting down NMB services: "
    kill -9 `pidof nmbd4`
    [ $? = 0 ] && echo "OK" || echo "FAIL"

    echo "Shutting down WSDD services: "
    kill -9 `pidof wsdd2`
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

restart() {
    stop
    start
}

reload() {
    echo "Reloading smb.conf file: "
    kill -HUP `pidof smbd4`
    [ $? = 0 ] && echo "OK" || echo "FAIL"
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
    ;;
  reload)
    reload
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|reload}"
    exit 1
esac

exit $?

Side note: If Entware is not shutdown properly after an update the chmod command is still effective on the initial startup because busybox's source command is non-standard (i.e. requires execute permission). Yuk.

Interesting. What is the reason for the wsdd addition? I understand conceptually the point of it, but I don't understand why it needs to be added.

Side note: For some reason, my wife's Macbook continues to make Time Machine backups with zero problems based on Avahi broadcasting and my Macbook says it can't find the share. That certainly makes troubleshooting more difficult. I need to make a separate thread about Avahi, though.

 

[ColinTaylor]

Interesting. What is the reason for the wsdd addition? I understand conceptually the point of it, but I don't understand why it needs to be added.

wsdd2 runs as part of the router's Samba support. Once you disable the built-in Samba it stops running. So I'm just replicating what the router normally does (otherwise the SMB shares would be invisible to Windows users).

 

[iTyPsIDg]

I tried your script, but I'm getting this error:

Starting WSD services:
get_smbparm: can't access smb.conf
get_smbparm: can't access smb.conf
get_smbparm: can't access smb.conf
get_smbparm: can't access smb.conf
OK

This appears to be why:

[15:38] RT-AX86U_Pro-82C8:/tmp/mnt/Core-Files/entware/etc/init.d# l /opt/etc/samba/
-rw-------    1 root root        430080 May 23 09:59 secrets.tdb
-rw-------    1 root root          2747 May 30 19:24 smb.conf
-rw-------    1 root root           666 Jan  8 13:16 smb.conf-opkg
-rw-r--r--    1 root root          5685 Jan  8 13:16 smb.conf.template
-rw-------    1 root root           335 May 23 10:02 smbpasswd

What are your permissions set to?

 

[ColinTaylor]

# ls -al /opt/etc/samba/
drwxr-xr-x    2 admin    root          4096 May 30 19:44 .
drwxr-xr-x   12 admin    root          4096 May 30 19:10 ..
-rw-------    1 admin    root        430080 May 30 20:17 secrets.tdb
-rw-r--r--    1 admin    root          2505 May 31 00:20 smb.conf
-rw-------    1 admin    root           666 Jan  8 18:16 smb.conf-opkg
-rw-r--r--    1 admin    root          5685 Jan  8 18:16 smb.conf.template
-rw-------    1 admin    root           104 May 30 19:22 smbpasswd

Try:

chmod 644 /opt/etc/samba/smb.conf

Although it shouldn't make a difference because I think your permissions are correct and mine are wrong.

EDIT: Ignore the above. I changed my smb.conf permissions to be the same as yours and it still works for me.

# ls -al /opt/etc/samba/
drwxr-xr-x    2 admin    root          4096 May 31 22:00 .
drwxr-xr-x   12 admin    root          4096 May 30 19:10 ..
-rw-------    1 admin    root        430080 May 30 20:17 secrets.tdb
-rw-------    1 admin    root          2505 May 31 00:20 smb.conf
-rw-------    1 admin    root           666 Jan  8 18:16 smb.conf-opkg
-rw-r--r--    1 admin    root          5685 Jan  8 18:16 smb.conf.template
-rw-------    1 admin    root           104 May 30 19:22 smbpasswd

EDIT 2: OK I think I see the problem. Standby....

In the meantime just comment out the WSD part, or ignore the error.

 

[ColinTaylor]

OK I've found the problem.

I was trying to be too clever by reusing the built-in version of wsdd2. Unfortunately it's been modified with a hard-coded read of /etc/smb/conf.

So for now I've updated the script in post #6 to remove all the WSD stuff. At least that makes it simpler.

I'm going to deal with WSD as a separate issue, which you can ignore as you're a Mac user. To that end I suggest Windows users install the Entware wsdd2 package if they need network file browsing. The default is that it replies on all network interfaces. I'm not sure whether I should change that (for security reasons) to br0 only like Merlin does. Or just rely on the router's firewall to do its job. For now I'm leaving it at the default. I have added this as a note at the end of post #6.

 

[Jeffrey Young]

OK I've found the problem.

I was trying to be too clever by reusing the built-in version of wsdd2. Unfortunately it's been modified with a hard-coded read of /etc/smb/conf.

So for now I've updated the script in post #6 to remove all the WSD stuff. At least that makes it simpler.

I'm going to deal with WSD as a separate issue, which you can ignore as you're a Mac user. To that end I suggest Windows users install the Entware wsdd2 package if they need network file browsing. The default is that it replies on all network interfaces. I'm not sure whether I should change that (for security reasons) to br0 only like Merlin does. Or just rely on the router's firewall to do its job. For now I'm leaving it at the default. I have added this as a note at the end of post #6.

Can you make a symbolic link in the /etc directory and point it to the new smb.conf file to keep wsdd2 happy? Add the link in your script

 

[ColinTaylor]

Can you make a symbolic link in the /etc directory and point it to the new smb.conf file to keep wsdd2 happy? Add the link in your script

I did think about that. But I'd probably have to go through the wsdd2 code and find what changes RMerlin made to be confident it's still compatible with the Samba4 conf file. It could be quite time consuming to test given that the family are always using the network. But I'll certainly look into it.

As a side note, I've discovered that I need to modify the ARGS value in S99wsdd2 anyway as without the -d parameter it fails to start on bootup. Ho hum. Once I've confirmed that I'll report it as a bug to the Entware dev.
UPDATE: So this turned out not to be a bug in Entware, but rather yet another problem caused by restart nasapps killing the process on bootup.

 

[aru]

Thanks to iTyPsIDg for sharing information about Samba v4. I did a quick test myself and noticed that both read and write speeds seem improved compared to version 3 when running on GT-AX6000.

I measured around 180 MB/s for reading

and about 130 MB/s for writing.

Since I already have a NAS , I’m not using the router for Samba file sharing. The USB drive connected to it is mainly for installing third-party packages and storing the swap file.

Thanks again for sharing. It could be useful sometime down the road.

 

[ColinTaylor]

For Windows users to be able to see Samba shares in File Explorer do the following:

1. Install Entware's wsdd2 package.

opkg install wsdd2

2. Create the following script called /opt/etc/init.d/S98wsdd2

#!/bin/sh

cp -p /opt/bin/wsdd2 /opt/bin/wsdd2-w
chmod 000 /opt/etc/init.d/S99wsdd2

ENABLED=yes
PROCS=wsdd2-w
ARGS="-d -w -i br0"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

3. Make the script executable and start the process.

chmod 755 /opt/etc/init.d/S98wsdd2

/opt/etc/init.d/S98wsdd2 start

 

[Jeffrey Young]

For anyone interested, I did get Samba4 working while still using the router's GUI to manage shares and usernames. The trick was to continue using Asus's samba_multicall for adding the username/passwords (more on this below). Here is what I did

1. Copy Asus's samba_multicall to your jffs directory or the USB drive and rename the binary to smbpasswd

Change the paths to your liking. I am showing where I put things.

cp -pf /usr/sbin/samba_multicall /opt/usr/samba/smbpasswd

2. Create a symbolic link nmbd in the same directory that samba_multicall was copied to and point the link to the copy.

ln -s /opt/usr/samba/smbpasswd /opt/usr/samba/nmbd

3. Create a /jffs/scripts/smb.postconf file with the following. You may need to tinker with the smb.conf setting to suit your environment. Make the fille executable.

Spoiler: /jffs/scripts/smb.postconf file

#!/bin/sh

CONFIG="/etc/smb.conf"
source /usr/sbin/helper.sh

count=0
while ! [ -x "/opt/sbin/smbd" ]
do
    sleep 5
    let "count=count+5"
    if [ "$count" -gt 60 ];then
        exit 1
    fi
done

mkdir -p /opt/var/log/samba
mkdir -p /opt/var/lib/samba/private
mkdir -p /opt/var/cache/samba
mkdir -p /opt/var/run/samba/ncalrpc

pc_delete "unix charset" $CONFIG
pc_delete "display charset" $CONFIG
pc_delete "use spnego" $CONFIG
pc_delete "client use spnego" $CONFIG
pc_delete "max protocol" $CONFIG

pc_insert "[global]" "max protocol = SMB3" $CONFIG
pc_insert "[global]" "private dir = /etc/samba" $CONFIG
pc_insert "[global]" "client min protocol = NT1" $CONFIG

mount --bind /jffs/addons/young/samba-call.sh  /usr/sbin/samba_multicall
sleep 5

I have one printer that is stuck using smb1, hence why my minimum protocol is what it is.

4. Create the following script in your jffs drive somewhere (I put my stuff in /jffs/addons/young) and make it executable.

Spoiler: samba-call.sh

#!/bin/sh

cmd="$(basename "$0")"

case "$cmd" in
    smbd)
        /opt/sbin/smbd "$@" &
    ;;
    smbpasswd)
        /opt/usr/samba/smbpasswd "$@"
    ;;
    nmbd)
        /opt/usr/samba/nmbd "$@" &
esac

5. Remove permissions from the S91smbd file in the /opt/etc/init.d directory

chmod 000 /opt/etc/init.d/S91smbd

6. Lastly, restart samba

service restart_samba

I have both a smb.postconf and /jffs/configs/smb.conf.add files. So far, everything works. I have had it working now for a few days (had to come home as the wife hurt herself and can't get to camp now).

So far, this is working with Asus's/Merlin's implementation of wsdd2.

samba_multicall binary

The real trick was figuring out the samba_multicall binary. From what I read, this was an openWRT thing once a long time ago. The binary is a combination of smbd, nmbd, and smbpasswd. The trick is the binary acts on its basename (akin to $0 in bash). So if you rename the binary to smbpasswd, it works as smbpasswd. If you rename it to smbd, the binary acts as smbd. Hence why Asus has symbolic links for smbd, nmbd, and smbpasswd all referencing the samba_multicall binary.

The multicall's binary version of smbpasswd is very scaled down. It only supports adding a user (smbpasswd userid password) and deleting a user (smbpasswd DEL userid). So, in order to use the GUI, one was to use the multicall binary, while pointing to the new Samba4 smbd for the server.

As Colin says, no matter what you do, it's a very messy hack. On the scale, I think I would stick to Colin's solution.

 

[ColinTaylor]

Ha! How ironic... I had just done the same thing yesterday and was going to PM you about. See my scripts below, but on first glance they seem to be functionally the same as yours (although I'm running the Samba4 version of nmbd - but I can't see a good reason to do that).

# cat /opt/etc/init.d/S90smb
#!/bin/sh

start() {
    echo "Patching Samba services."

    mkdir -p /opt/var/log/samba
    mkdir -p /opt/var/lib/samba/private
    mkdir -p /opt/var/cache/samba
    mkdir -p /opt/var/run/samba/ncalrpc

    chmod 000 /opt/etc/init.d/S91smb

    cat << 'EOF' > /jffs/scripts/samba_multicall
#!/bin/sh
case "$(basename $0)" in
    smbd)
        /opt/sbin/smbd "$@" ;;
    nmbd)
        /opt/sbin/nmbd "$@" ;;
    smbpasswd)
        /jffs/scripts/smbpasswd "$@" ;;
esac
EOF
    chmod a+x /jffs/scripts/samba_multicall

    umount /usr/sbin/samba_multicall 2>/dev/null
    cp -p /usr/sbin/smbpasswd /jffs/scripts/smbpasswd
    mount -o bind /jffs/scripts/samba_multicall /usr/sbin/samba_multicall
}

stop() {
    echo "Unpatching Samba services."
    umount /usr/sbin/samba_multicall
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  *)
    echo "Usage: $0 {start|stop}"
    exit 1
esac

exit $?

# cat /jffs/scripts/smb.postconf
#!/bin/sh

logger -t "$(basename $0)" "$1"

CONFIG=$1
source /usr/sbin/helper.sh

# Samba 4 compatability
pc_delete "display charset" $CONFIG
pc_delete "use spnego" $CONFIG
pc_delete "auth methods" $CONFIG
pc_insert "[global]" "dos charset = ASCII" $CONFIG

# Don't limit max protocol to SMB2
pc_delete "max protocol = SMB2" $CONFIG

if [ "$(nvram get smbd_protocol)" = "2" ]; then
    # Add missing SMB1 support
    pc_insert "[global]" "client min protocol = NT1" $CONFIG
    pc_insert "[global]" "min protocol = NT1" $CONFIG
fi

 

[Jeffrey Young]

Ha! How ironic... I had just done the same thing yesterday and was going to PM you about. See my scripts below, but on first glance they seem to be functionally the same as yours (although I'm running the Samba4 version of nmbd - but I can't see a good reason to do that).

That made me smile! I was hoping you had a more elegant way of somehow changing the basename (so to speak) of that samba_multicall binary when executing it. I spent a lot of time trying to figure out a way to do that. No luck though. I could not find any source code for the binary and it looks like it's closed source in Merlin's repo.