Samba error with CIFS share

[insomnium]

Good afternoon all.
I have a Freenas with a couple of CIFS shares. I've set Only "Allow Guest Access" to them, but put down a few hosts in "Hosts Allow" section (every host have a static IP). Everything works fine, but I'm constantly receiving this kind of messages (x.x.x.119 is the one that have access to CIFS shares):

Jan 29 09:31:20 freenas smbd[22295]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsreceive_smb_raw_talloc failed for client ipv4:x.x.x.119:1128 read error = NT_STATUS_CONNECTION_RESET.

Jan 29 09:59:49 freenas smbd[23233]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionspid[23233] Error writing 4 bytes to client 0.0.0.0. -1. (Broken pipe)

As far as I'm concerned, my shares works fine, but it's a bad idea to ignore error messages. Is there a way to fix it? Any and all advice/comments/questions are greatly appreciated, and thanks for reading!

P.S. Sorry my English.

 

[anodos]

Post contents of /usr/local/etc/smb4.conf

The message may be related to using 'hosts allow'. Honestly guest access +hosts allow is not a very good method of access control. All I'd need to do is wait till a client is down, and take it's IP address. Set up password authentication with proper permissions and get rid of 'hosts allow'.

 

[insomnium]

The message may be related to using 'hosts allow'. Honestly guest access +hosts allow is not a very good method of access control. All I'd need to do is wait till a client is down, and take it's IP address. Set up password authentication with proper permissions and get rid of 'hosts allow'.

I know it's not a best way to maintain security. But the boss don't want users to be interrupted by login/password screen. Mabye there is a way to use windows login/password to get access to the freenas?

By the way, when one of the computers who can access the share is online, I receive a message like this:
Jan 30 11:26:35 freenas smbd[8445]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsmatchname: host name/name mismatch: 10.10.0.119 != (NULL)
Jan 30 11:26:35 freenas smbd[8445]: [2015/01/30 11:26:35.741081, 0] ../source3/lib/util_sock.c:1199(get_remote_hostname)
Jan 30 11:26:35 freenas smbd[8445]: matchname failed on 10.10.0.119

Here's smb4.conf

Code:

[global]
    server max protocol = SMB2
    interfaces = 127.0.0.1 10.10.0.116
    bind interfaces only = yes
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    max open files = 232787
    syslog only = yes
    syslog = 1
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = guest
    map to guest = Bad User
    obey pam restrictions = yes
    directory name cache size = 0
    kernel change notify = no
    panic action = /usr/local/libexec/samba/samba-backtrace
    server string = FreeNAS Server
    ea support = yes
    store dos attributes = yes
    time server = yes
    null passwords = yes
    acl allow execute always = true
    acl check permissions = true
    dos filemode = yes
    domain logons = no
    local master = yes
    idmap config *: backend = tdb
    idmap config *: range = 90000001-100000000
    server role = standalone
    netbios name = FREENAS
    workgroup = METROLOG
    security = user
    pid directory = /var/run/samba
    smb passwd file = /var/etc/private/smbpasswd
    private dir = /var/etc/private
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = CP437
    unix charset = UTF-8
    log level = 1
   

[Metrolog Share]
    path = /mnt/da0/MetrologDS
    comment = Metrolog Share
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    shadow:snapdir = .zfs/snapshot
    shadow:sort = desc
    shadow:localtime = yes
    shadow:format = auto-%Y%m%d.%H%M-2w
    vfs objects = shadow_copy2 zfsacl
    hide dot files = yes
    hosts allow = 10.10.0.113 10.10.0.114 10.10.0.119 10.10.0.126 10.10.0.115 10.10.0.79
    guest ok = yes
    guest only = yes
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare

 

[anodos]

I know it's not a best way to maintain security. But the boss don't want users to be interrupted by login/password screen. Mabye there is a way to use windows login/password to get access to the freenas?

That is exactly how you do it.

(1) Have all windows clients and the FreeNAS server in the same workgroup.
(2) Configure clients and FreeNAS server so that credentials on both of them are identical.

Once you have (1) and (2) configured [as well as permissions properly set], then your clients should transparently authenticate.

On a side-note, the name of your pool (da0) worries me. Does your pool consist of a single hard drive? What are your server's hardware specs? Is this data valuable? Do you have a backup strategy?

Please note that getting permissions configured correctly can be a time-consuming process the first go-around. You should probably experiment with these things when the office is not open.

 

[insomnium]

That is exactly how you do it.
(1) Have all windows clients and the FreeNAS server in the same workgroup.
(2) Configure clients and FreeNAS server so that credentials on both of them are identical.
Once you have (1) and (2) configured [as well as permissions properly set], then your clients should transparently authenticate.

I've been trying this all day and still no progress. I can't found any relevant guide about this topic. Some guids uses options that no longer exists (Authentication Model for example). Some options has no documentation (Microsoft Account at Add User form, i think this is somehow involved in my problem). I don't know what else I can do. It's too many combinations for changin it randomly and hope something happens.