I have a flask webapp running on an Ubuntu Azure sever. I also have an azure storage account, and to access the storage from the webapp, I use SMB. This has worked so far, with adding and updating files on the server, but I tried to delete a file and it didn't work. No error or anything, it just did nothing and the file is still on the server. I tried the command locally and it worked fine. Is there something I'm doing wrong and how could I fix this problem. Here's the command I've been using:
smbclient //name.file.core.windows.net/website -mSMB3 -e -Uname%password -c 'rm tempplugins/test2.ini'
This may not solve your exact problem, but I was attempting to perform operations on a file share on an Azure Storage Account from an Azure VM running CentOS, and I ran into several different problems. It took me a while to get the kinks worked out.
In my case, I had to use to use backslashes, but I had to double them so that they were escaped properly. Example:
smbclient \\\\storageaccount.file.core.windows.net\\sharename
Additionally, we weren't using an integrated active directory, and so we had to use the storage account name as the username and it had to be "prefixed" with "Azure" like "Azure\storageaccount". And don't forget that backslashes have to be doubled! Also, the password was the storage account key. Example:
smbclient \\\\storageaccount.file.core.windows.net\\sharename -U Azure\\storageaccount%key
I used the "-d" option to debug the command line options for smbclient. However, in my case, the "-d" option had to be on the end of the command or it interfered. If it hadn't been for the clues provided by "-d", I never would have gotten this to work. Example:
smbclient \\\\storageaccount.file.core.windows.net\\sharename -U Azure\\storageaccount%key -d
Here's a simple, one-liner that shows a directory of a file share on an Azure Storage Account. Example:
smbclient \\\\storageaccount.file.core.windows.net\\sharename -U Azure\\storageaccount%key -c dir -d
I hope that this helps someone else as I must of blown 2 to 3 hours to get this worked out.
Related
I'm trying to execute a .bat File on a Server in a local network with psexec
I'm currently trying with this command:
.\PsExec.exe -i -u Administrator \\192.168.4.36 -s -d cmd.exe -c "Z:\NX_SystemSetup\test.bat"
The server has no password (it has no internet connection and is running a clean install of Windows Server 2016), so I'm currently not entering one, and when a password is asked I simply press enter, which seems to work. Also, the .bat File currently only opens notepad on execution.
When I enter this command, I get the message "The file cannot be acessed by the system"
I've tried executing it with powershell with administrator privileges (and also without, since I saw another user on Stackoverflow mention that it only worked for them that way) but to no success.
I'm guessing this is a privilege problem, since it "can't be accessed", which would indicate to me that the file was indeed found.
I used net share in a cmd and it says that C:\ on my server is shared.
The file I'm trying to copy is also not in any kind of restricted folder.
Any ideas what else I could try?
EDIT:
I have done a lot more troubleshooting.
On the Server, I went into the firewall settings and opened TCP Port 135 and 445 explicitly, since according to google, PsExec uses these.
Also on the Server, I opened Properties of the "windows" Folder in C: and added an admin$ share, where I gave everyone all rights to the folder (stupid ik but I'm desperate for this to work)
Also played around a bunch more with different commands. Not even .\PsExec.exe \\192.168.4.36 ipconfig seems to work. I still get the same error. "The file cannot be accessed by the system"
This is honestly maddening. There is no known documentation of this error on the internet. Searching explicitly for "File cannot be accessed" still only brings up results for "File cannot be found" and similar.
I'm surely just missing something obvious. Right?
EDIT 2
I also tried adding the domain name in front of the username. I checked the domain by using set user in cmd on the server.
.\PsExec.exe \\192.168.4.16 -u DomainName\Administrator -p ~ -c "C:\Users\UserName\Documents\Mellanox Update.bat"
-p ~
seems to work for the password, so I added that.
I also tried creating a shortcut of the .bat File, and executing it as Administrator, using it instead of the original .bat File. The error stays the same "The File cannot be accessed by the system"
As additional info, the PC I'm trying to send the command from has Windows 10, the Server is running Windows Server 2016
So, the reason for this specific error is as simple and as stupid as it gets.
Turns out I was using the wrong IP. The IP I was using is an IPMI Address, which does not allow for any traffic (other than IPMI related stuff)
I have not yet gotten it to work yet, since I've run into some different errors, but the original question/problem has been resolved.
I'm trying to connect to an Azure file share from my Mac running High Sierra 10.13.6 using the following command:
mount_smbfs -d 0777 -f 0777 //dolphins:PASSWORDHERE#dolphins.file.core.windows.net/models /Users/b3020111/Azure
However I keep getting the error:
mount_smbfs: server connection failed: No route to host
I have turned off packet signing in /etc/nsmb.conf:
[default]
signing_required=no
After looking around the web I seem to be at a loss as to where to go, any help is appreciated.
I got it working with azure provided connection example.
mount_smbfs -d 777 -f 777 //user:key#storageurl/folder ~/mountfolder
Folder in file share needed after url and mountfolder must exist.
But the main reason for "No route to host" was because the access key had forward slash in it! I did a rebuild of key1 until I got a key without forward slash.
BUT! Be aware, rebuilding key will kill all mounts and connections to that storageaccount.
Came across this issue myself today. Do double check that your ISP does not block SMB port 445. In my case, AT&T does actually block this port. I found this in their guide http://about.att.com/sites/broadband/network
The solution for me was to connect with a VPN which I'm already hosting on Azure. Additionally as others have mentioned in this thread, escape any / with %2f. Also, add the share name in the connection URL. For example, if your share name is my-data then the connection URL should contain xxx.file.core.windows.net/my-data.
This is omitted for some reason in the Azure docs/UI and was required for successful connection on OSX.
It was the "/" after all. I had to regenerate the key over ten times till I get a key that doesn't have the "/" character and then it worked fine through the terminal.
It should work using the following syntax:
mount_smbfs //<storage-account-name>#<storage-account-name>.file.core.windows.net/<share-name> <desired-mount-point>
Without adding the permissions.
Via Finder:
Source can be found here
"mount(2) system call failed no route to host "
while mounting azure file share on linux vm we can have this error.
In my case One package was missing which is - cifs-utils
So, I have used below command
"sudo yum install cifs-utils -y" to resolv the issue.
Important to allow port 445 (TCP) to smb communication. If you don't access it, your firewall block it! Please enable it and try it again.
I ran into this same problem, and while I was never able to get it working through the terminal I did manage to get it resolved in finder.
Essentially the same instructions as #Adam Smith-MSFT, however one key difference.
I created a directory via Azure's web interface, and after that I was able to connect by adding /<directory-name> to the connection string. Without a directory this would not work at all.
I tried deploying a HDInsight cluster with an edge node.
I used https://github.com/Azure/azure-quickstart-templates/blob/master/101-hdinsight-linux-with-edge-node/azuredeploy.json for deployment.
After deployment is complete I tried ssh using following command:
ssh sshuser#new-edgenode.myclustertest-ssh.azurehdinsight.net:22
[myclustertest is the name of the cluster].
It gives following error:
ssh: Could not resolve hostname new-edgenode.myclustertest-ssh.azurehdinsight.net:22: Name or service not known
Do I need to add something to the azuredeploy.json to enable ssh access?
Looking at the https://learn.microsoft.com/en-us/azure/hdinsight/hdinsight-hadoop-linux-use-ssh-unix I thought that
<edgenodename>.<clustername>-ssh.azurehdinsight.net
is enabled by default for external access.
Problem was in the ssh command.
I used the ssh command supplied from azure portal hoping that it would work seamlessly. I had to remove :22 from the command to make it work.
Modified command looks like this:
ssh sshuser#new-edgenode.myclustertest-ssh.azurehdinsight.net
I've been working on a file server product that uses smbcilent to transfer files between client computers and the server. It's been working great so far with our LAMP (Ubuntu) server and Windows machines.
I'm currently trying to expand the setup to include Mac's, but am having trouble with the server accessing the share on the Mac.
Here's my command and error (bracketed descriptions replace private info):
# smbclient //10.101.0.7/[share-file] -U [username]%[password] -c ls
WARNING: The "syslog" option is deprecated
NTLMSSP packet check failed due to short signature (0 bytes)!
NTLMSSP NTLM2 packet check failed due to invalid signature!
session setup failed: NT_STATUS_ACCESS_DENIED
Things I've tried:
✓ Accessing share using a Windows machine to ensure the share is setup properly - check! Works fine there.
✓ Invoking -S off or --signing=off in the command - no change.
✓ Just looking at the shares first using smbclient -L 10.101.0.7 -U [username]%[password] - same error.
✓ Googling for an answer - check! Several people with similar problems, but no working solutions so far.
The most promising thing I've see so far involves compiling smbclient 4.4 from sources and running that with no authentication (-U ""%""), but that seems like a temporary solution based on a bug rather than a solid plan that will work for a long time. (But I'll try that next if I can't find any better ideas...)
Thanks for reading and trying to help!
Try adding --option="ntlmssp_client:force_old_spnego = yes" to the smbclient command as suggested on the samba-technical mailing list.
For me, this now lists shares on a Mac OSX server:
smbclient -U$user%$password -L $mac_host --option="ntlmssp_client:force_old_spnego = yes"
For mounting, you may need to add the nounix,sec=ntlmssp options as in
sudo mount -t cifs //$mac_host/$share $mountpoint -o nounix,sec=ntlmssp,username=$user,password=$password
On recent versions of MacOS (e.g. Monterey) it is necessary to do several configuration steps to enable smb access from Linux:
Open System Preferences.
Select Sharing.
Select File Sharing.
Ensure that the directory is listed in Shared Folders.
Right-click/two-finger click on the share directory.
Click on Advanced Options
Ensure Only allow SMB encrypted connections is checked.
Click OK
Click on Options
Click on the checkbox for Share files and folders using SMB.
Under Windows File Sharing ensure the appropriate user is checked.
Type the user's password in the 'Authenticate' dialog bo and press 'OK'.
Click 'Done'.
You should now be able to connect from Linux to the MacOS share using the commands given by #mivk.
I've tried absolutely everything I can think of to do a SSH reset of my user on my Linux VM (Hortonworks Sandbox to be precise).
The VMAccessForLinux will not install, it simply states that it fails to provision:
I've tried adding it as 1.*,1.1, 1.2 and now 1.4 as per https://github.com/Azure/azure-content/blob/master/articles/virtual-machines/virtual-machines-troubleshoot-ssh-connections.md
I can't access my SSH, and I can't do any of the Azure reset commands, either using Azure CLI or Azure PS.
The VM is a RM vm.
How can I resolve this?
In PS I get errors like:
I'm beyond tearing my hair out.
And before anyone suggest that I use the portal, this is what I'm offered there (thanks Azure):
I can't say if this is a universal fix, but I managed to resolve this issue, by using the following in the Azure CLI:
$ azure vm reset-access -n {VMNAME} -g {GROUPNAME} \
-u {SSH_USER} -p {SSH_PASS} -E 1.4 -vv --json
It did NOT work for my original user on the box though; I created ANOTHER user, and from there I did a password reset with a sudo on the box, then I could SSH into the box from that user.
Firstly, can you go through the instructions here if you've not already. The VM extension has changed recently and that is the latest doc to go through: https://azure.microsoft.com/en-us/blog/using-vmaccess-extension-to-reset-login-credentials-for-linux-vm/.
EDIT #1
Glad to see you resolved it by creating a new user with reset-access.
If azure vm reset-access should fail, the next step would have been to download this tool which can allow you to inspect the VHD when not logged onto the VM: https://github.com/paulmey/inspect-azure-vhd - and inspect Waagent log is /var/log/waagent.log (You can see extension updates here) and
extension.log in /var/log/azure/.