Hello, I installed Volumio after using RaspyFi and I found that, even months after the known issues, the connection to SMB shares is still an issue, as the forums prove.
I did several tests but at the end I solved just like in RaspyFi, by installing cifs-utils and autofs and then configuring /etc/auto.nas with:
please provide more options in the GUI, at least the one to switch between NTLM and NTLMv2 (and to make clear which one is active)
one option to load shares in read-only mode would be appreciated.
/etc/auto.nas is world readable and writable. Not a good idea, it contains the password in cleartext.
also, please let me disable USB support (I disabled /etc/auto.usb from /etc/auto.master, but I haven’t tested it yet) and the Volumio RAMdisk share (and the RAM disk altogether), since they are sometimes only a channel for attack.
In some installations, like mine, it is not used at all, that means two disadvantages if enabled:
an additional entry in the Browse section
the possibility for everyone to mount a device I cannot control, and then either play it (the web GUI has no access control!) and, who knows, even potentially exploit vulnerabilities later discovered in the playback libraries or mpd libraries.
If not used, why leaving an opening for attack?
It can look like a paranoid worry, but I noticed other weaknesses (as I wrote elsewhere) that show that this distro is not given enough care from the security perspective.
Let’s not forget that this is a linux machine with a lot of power and connected to the local network and to the internet.
World readable and writable configuration files, no access control, auto-mounting of external devices… all of this is VERY bad.
Every option (ram disk, usb mounting, CIFS sharing of the folder with the webradios and of the other folders, …) should be explicitly enabled and only web radios enabled.
My personal intention to use volumio is first quality music and possibilities to make some experiments achieving better sound.
But certainly not hiding from the world;-)
Maybe I’ve misunderstood the meaning of your posting
Think about this: anyone in your network is able to read in cleartext the password for your SMB/CIFS/NAS share.
In other words, if someone from the street gets into the network, he can access your data (unless you used separate login for music and for data, but most people won’t). In addition, he can take control of the R-Pi and use it as he wishes. For example, in a matter of minutes he can set a listening server to get back into your network from the Internet, without having to be in the street anymore.
At this point, many things are possible.
Keep in mind, wifi passwords are in general easy to crack.
It would be so easy to request the user to provide a new (safe) password for SSH access and to give proper read/write privileges to the most important system files…
And it wouldn’t affect in any way the quality of the music reproduced.
The reason we have so many vulnerabilities in many softwares is because security is seen as something for high-profile applications, while it should be the standard (at least some security).
Hello Lag-na,
I hope you can help me. I’ve mounted the NAS with your suggestion and the NAS is also mounted in the Web-UI when I rebooted the Pi.
But my problem is, when I open the NAS-folder and I look into a folder where music should be inside, I can’t see anything. The folder is empty.
The funny thing is, when I open this folder via Putty, then I can see all the music files.
Yes, I have updated the MDB-Database and I waited round about 15 minutes. My test folder only includes 2 files.
Maybe I made a mistake in the Installation.
First I have logged-in via putty.
Then I typed “sudo apt-get update”
Then “sudo apt-get cifs-utils”
Then “sudo apt-get autofs”
And then I edited the auto.fs file with the description of Lag-na. (“sudo nano /etc/auto.nas”)
Bonjour
Je tente désepérement de faire fonctionner l’access NAS via SMB/CIFS.
et cela ne fonctionne pas.
A priori je ne suis pas le seul et pas de correction en vue.
Je me demande si le projet est viable.
RuneAudio a t’il le même problème car les fonctionnalités sont presques identiques.
Désolé pour mon anglais et Google traduction
Regards
Yes, I have checked it. The auto.nas file wasn’t overwritten after some reboots and I have no shares in the web GUI too.
But after every reboot I see only the webradio-folder when I open the “Browse”-path at the bottom on the left side on the screen.
When I start the MPD Database Update, a NAS-folder is listed. In the Folder is the “MyNAS”-folder like in your description and in this folder should be some of my music files but this folder is empty.
Why all of this? You’re completely changing the way mounting works…
Now, which version are you using? Which format are your files?
If you’re not able to mount your NAS, you can try this (from a pristine Volumio install)
Why auto.fs? I disabled this because it relies on kernel module, which may not be available in all platforms. Using the generated command is better than relying on auto.nas.
Which options?
To quote your points:
please provide more options in the GUI, at least the one to switch between NTLM and NTLMv2 (and to make clear which one is active)
absolutely agree on that!
one option to load shares in read-only mode would be appreciated.
Not possible, mpd needs folder to be mounted with 777 privileges, unless it will not scan them correctly. I would also have preferred to load them in read only mode…
/etc/auto.nas is world readable and writable. Not a good idea, it contains the password in cleartext.
Volumio does not rely on auto.nas to handle nas mounting. The username and passwords are stored in a database located in /var/www/db/ , which are not accessible through samba.
also, please let me disable USB support (I disabled /etc/auto.usb from /etc/auto.master, but I haven’t tested it yet) and the Volumio RAMdisk share (and the RAM disk altogether), since they are sometimes only a channel for attack.
[/quote]
Again, autofs is not installed in Volumio… For USB it relies on usbmount, which has its conf file in /etc/usbmount/usbmount.conf
If you need to disable Ramdisk, just comment the pertaining line in /etc/fstab and you’re good to go.
Hope I gave a satisfactory reply, I like these talks. I do also care about security
So, I have tried to mount the NAS. The mounting works so far and I can see a NAS-folder when I open the “Browse”-path.
But the problem is that my music folder is empty. The files in this folder are mp3 and flac. I use the newest Version of Volumio: 1.1beta
When I install cifs-utils then I can’t mount the NAS. I get a “mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)”.
Krypton, most likely it’s permissions related, the network share is mounted but mpd doesn’t have permissions to read (and index) the content of the folder.
Try adding “uid=mpd” in the mount flags section of the advanced options section of the “edit network mount” section of the web interface for volumio.
I’m curious if noone else has this problem with nfs / samba shares because this flag is not added by default and without this i was unable to allow access to my shares for user mpd (i.a. adding mpd to the same group users as the mounted share did not work.
Very good idea dafart but it doesn’t work for me. I can’t understand why it doesn’t work.
I added “uid=mpd” to the mount flags and nothing else. Then I updated the MPD Database but the folder with my music is still empty.
