home-assistant / addons

:heavy_plus_sign: Docker add-ons for Home Assistant
https://home-assistant.io/hassio/
Apache License 2.0
1.57k stars 1.51k forks source link

SMB Shares only using local NICs #3745

Closed DuckbillPlaster closed 1 month ago

DuckbillPlaster commented 2 months ago

Describe the issue you are experiencing

This might be a security feature but I swear this did work. I have SMB and ZeroTier (V 0.18.0) installed. I have a Home Assistant instance at 10.1.6.12 and anything inside my home network (anything 10.1.0.0/16) will connect just fine to the SMB share I then have a ZeroTier network setup at 192.168.196.0/24, which I then wanted to mount an SMB with (more info in details). ZeroTier does let me use FTP and MQTT over it which is nice. But NTP and ZeroTier doesn't appear to work by default. Maybe i've missed something

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Which add-on are you reporting an issue with?

Samba share

What is the version of the add-on?

12.3.2

Steps to reproduce the issue

Nmap scan

10.1.6.12 is the LAN IP for Home Assistant, 192.168.196.20 is the ZeroTier address for Home Assistant

nmap 10.1.6.12 -p 445
Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-03 13:30 AEST
Nmap scan report for XXXX (10.1.6.12)
Host is up (0.0011s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

nmap 192.168.196.20 -p 445
Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-03 13:30 AEST
Nmap scan report for 192.168.196.20
Host is up (0.0013s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

nmap 10.1.6.12 -p 21
Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-03 13:32 AEST
Nmap scan report for XXXX (10.1.6.12)
Host is up (0.0011s latency).
PORT   STATE SERVICE
21/tcp open  ftp

 nmap 192.168.196.20 -p 21
Starting Nmap 7.93 ( https://nmap.org ) at 2024-09-03 13:32 AEST
Nmap scan report for 192.168.196.20
Host is up (0.0033s latency).
PORT   STATE SERVICE
21/tcp open  ftp

Client configuration

Replacing 192.168.196.20 with 10.1.6.12 and putting connecting to my LAN lets me run sudo mount -a and it work's every time

cat /etc/fstab
//192.168.196.20/media /mnt/smbshare cifs credentials=/root/.smbcreds,uid=1000,gid=1000 0 0
sudo cat /root/.smbcreds
username=homeassistant
password=homeassistant

SMB Configuration

username: homeassistant
password: homeassistant
workgroup: WORKGROUP
compatibility_mode: false
veto_files:
  - ._*
  - .DS_Store
  - Thumbs.db
  - icon?
  - .Trashes
allow_hosts:
  - 10.0.0.0/8
  - 172.16.0.0/12
  - 192.168.0.0/16
  - 169.254.0.0/16
  - fe80::/10
  - fc00::/7

ZeroTier Config

Removed my Network ID

networks:
  - aXXXXXXXX
api_auth_token: ""

System Health information

System Information

version core-2024.7.4
installation_type Home Assistant OS
dev false
hassio true
docker true
user root
virtualenv false
python_version 3.12.4
os_name Linux
os_version 6.6.33-haos
arch x86_64
timezone Australia/Brisbane
config_dir /config
Home Assistant Supervisor host_os | Home Assistant OS 12.4 -- | -- update_channel | stable supervisor_version | supervisor-2024.08.0 agent_version | 1.6.0 docker_version | 26.1.4 disk_total | 30.8 GB disk_used | 6.5 GB healthy | true supported | true host_connectivity | true supervisor_connectivity | true ntp_synchronized | true virtualization | vmware board | ova supervisor_api | ok version_api | ok installed_addons | Mosquitto broker (6.4.1), ZeroTier One (0.18.0), chrony (3.0.1), Cloudflared (5.1.16), Studio Code Server (5.15.0), Terminal & SSH (9.14.0), FTP (5.0.2), File editor (5.8.0), motionEye (0.20.0), Samba share (12.3.2)
Dashboards dashboards | 3 -- | -- resources | 0 views | 3 mode | storage
Recorder oldest_recorder_run | 13 August 2024 at 05:31 -- | -- current_recorder_run | 13 August 2024 at 15:31 estimated_db_size | 648.62 MiB database_engine | sqlite database_version | 3.45.3

Anything in the Supervisor logs that might be useful for us?

No response

Anything in the add-on logs that might be useful for us?

No response

Additional information

No response

agners commented 2 months ago

I am not aware of an intential change in of the Samba add-on to prevent connection of a particular sort.

There was an update to Alpine, which likely brought a new Samba version :thinking:

https://github.com/home-assistant/addons/blob/master/samba/CHANGELOG.md

I'd suggest to try older add-on versions (via Backup Restore). Also maybe try older ZeroTier versions, maybe that add-on does things differently.

github-actions[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.