Cannot use SMB in NextCloud 15 plugin, FreeNAS 11.2-U3

evllprchn

Cadet
Joined
May 3, 2019
Messages
4
I'm trying to set up NextCloud so I can remotely access my files. My files are primarily accessed via a SMB share in FreeNAS (11.2-U3). I have three users of the SMB shares, and all the shares/permissions are working great on the Windows machines that access them.

I have installed the NextCloud plugin. I even got SSL working, because that seemed like a good idea if I was doing remote access. I have enabled the "External storages" app. Because the plugin didn't support SMB out of the box, I installed the smbclient that matched the php version (7.1.28) by running:

Code:
pkg install php71-pecl-smbclient


After restarting the plugin, I am now able to use an "SMB / CIFS" external storage in NextCloud. Unfortunately, nothing I put in the configuration seems to work. All combinations of shares, domains, usernames, and hosts I can think of results in a red circle with an exclamation point (what I gather is the generic "error" icon).

I did some searching, and I found that SMB1 has been disabled in FreeNAS, so I added this tunable:
Variable: freenas.services.smb.config.server_min_protocol
Value: NT1
Type: Sysctl

(I realize it's not a great idea from a security standpoint, but at this point I'm just going for whatever I can get working -- I'll dial the openness back once it's working!)
As far as I can tell, this hasn't had any effect (even after restarting the SMB service).

In my testing, I have discovered smbclient in the Nextcloud jail is also unable to see the shares.
Code:
smbclient -L 192.168.9.200
just prints this and exits: "Connection to 192.168.9.200 failed (Error NT_STATUS_IO_TIMEOUT)"

I get the same error message if I specify a username/password, or if I use the hostname instead of the IP address. I'm unable to ping the SMB host (the FreeNAS host itself) from the jail, but I'm not sure if that's an error or not. Both host and jail are in 192.168.9.*, so I wouldn't expect communication to be an issue there, but maybe FreeNAS doesn't respond to pings from jails for some reason (I don't have what I would consider a lot of experience with FreeNAS or FreeBSD in general).

For reference, here's my incredibly-sparse smb4.conf file from the NextCloud jail:
Code:
root@nextcloud:~ # cat /usr/local/etc/smb4.conf
[global]
    workgroup = WORKGROUP
    dos charset = cp850
    unix charset = ISO-8859-1
root@nextcloud:~ #


After all this, I considered simply mounting the dataset into the NextCloud jail directly, but I worry that will wreak havoc with the file permissions. Because this will be used for remote file access, I want to both read and write files (including updating existing files) without breaking the permissions for the Windows PCs that are the primary users of the data. I feel like SMB is the solution to my problem, I just don't know how to go about fixing it.

Has anyone had similar problems accessing SMB shares in a jail, or am I missing something completely obvious? Thanks for any advice.
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,555
I think you are making things hard for yourself. Start with why you want to include a smb share in a documentation application? Why not simply use the Nextcloud client?
 

evllprchn

Cadet
Joined
May 3, 2019
Messages
4
I'm not sure I understand the question. Why don't I use the Nextcloud client... on my Windows machines? Or to access the files remotely? I'll try to explain the thought process behind what in trying to do, hopefully I'll answer the question somewhere in there.

One of my primary uses of FreeNAS is as file storage. We have three primary users, each with their own login and folder in the NAS. The folders are accessed almost entirely from Windows boxes that have the folders mounted via SMB. This part is working great.

I would like to add the ability to view and modify these same files remotely. NextCloud seems like a good way to do that, so I installed it via the plugins. In theory, this will let my users download and upload my shares when not at home. In order to get my files accessible by the NextCloud in some way, I need to mount the files in the plugin's jail.

I could do this by adding the dataset to the jail in FreeNAS. If I do this, all the files in the dataset will need to be readable and writeable by the 'www' user in the NextCloud jail. I'm worried this will break the permissions in the existing SMB shares in Windows (which are currently working great).

NextCloud has the ability to mount an SMB share to use as storage, which should preserve the ownership of the files, since the files will essentially be accessed as if they were the Windows box.

Unfortunately, SMB in the NextCloud plugin isn't working as I had hoped.

Did I answer your question somewhere in there, or am I missing a different solution that might be easier?
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hi Evilprch,

We have three primary users, each with their own login and folder in the NAS. The folders are accessed almost entirely from Windows boxes that have the folders mounted via SMB. This part is working great.

Actually, No, this is not working great at all...

Nextcloud uses a database to keep file inventory. Whenever you access Nextcloud's backend directly and bypass it, you brake that database. There is a way to re-scan the backend and re-sync the database, but such a permanent break-N-fix is really not great. Il will eventually brake in a way that will make you loose data.

If you are about to use Nextcloud, you have to respect it. That is, you have to respect both the frontend and the backend. The frontend is the one meant to receive access from users while backend is dedicated to the frontend and out of reach for users.

This is also not great at all for another reason.

Nextcloud is using the same UID for accessing and managing all files. Access control is performed in the application. For SMB, each user reaches the backend with his own UID and access control is performed by ACL in the filesystem. These two mechanisms are not compatible. All files can not be owned by the same Nextcloud ID while at the same time be owned by each of their respective owners.

So clearly, you should stop doing that.

What you need to do is to install the Nextcloud Desktop client on every computer these users are working with. The Nextcloud Desktop client will use the frontend to access and sync the files. A local copy of the file will be saved on the Desktop computer and whenever changes happen, either from the Desktop or from the Nextcloud frontend server, the Desktop client will re--sync everything.

Good luck fixing your Nextcloud setup,
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,555
I'm not sure I understand the question. Why don't I use the Nextcloud client... on my Windows machines? Or to access the files remotely? I'll try to explain the thought process behind what in trying to do, hopefully I'll answer the question somewhere in there.

One of my primary uses of FreeNAS is as file storage. We have three primary users, each with their own login and folder in the NAS. The folders are accessed almost entirely from Windows boxes that have the folders mounted via SMB. This part is working great.

I would like to add the ability to view and modify these same files remotely. NextCloud seems like a good way to do that, so I installed it via the plugins. In theory, this will let my users download and upload my shares when not at home. In order to get my files accessible by the NextCloud in some way, I need to mount the files in the plugin's jail.

I could do this by adding the dataset to the jail in FreeNAS. If I do this, all the files in the dataset will need to be readable and writeable by the 'www' user in the NextCloud jail. I'm worried this will break the permissions in the existing SMB shares in Windows (which are currently working great).

NextCloud has the ability to mount an SMB share to use as storage, which should preserve the ownership of the files, since the files will essentially be accessed as if they were the Windows box.

Unfortunately, SMB in the NextCloud plugin isn't working as I had hoped.

Did I answer your question somewhere in there, or am I missing a different solution that might be easier?

Okey good, no Nextcloud would not easily do what you want.
As I see it you have two options, either set up a vpn solution where your users have roaming access to share (there are plenty of SOHO solutions for that) or take the leap and actually implement Nextcloud.

Everything is possible with software and as you say nextcloud do have SMB support for external storage, but my own experience working with external storage is that its far from straight forward. Your use case of the same user accessing the same data via two different channels is my main issue. Using nextcloud as a webfrontend for a smb share is a rather cumbersome route to take.

I would advice against this route and suggest you go for a pure Nextcloud implementation including the desktop client or the VPN route to maintain present workflow remotely.

If those two options are not satisfactory maybe someone will come along and talk you through ACL permissions and nextcloud external storage.
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hi,

In Nextcloud, external storages are not mounted by the client. They are mounted by the Frontend. The frontend mounts the storage and then present it to Nextcloud clients. Because it is the frontend that mounts and operates the external storage, again file ownership must be configured accordingly.

In all cases, whatever is usable by the Frontend must be turned to unavailable for direct access by other clients.
 

Heracles

Wizard
Joined
Feb 2, 2018
Messages
1,401
Hey Garm,

I recommend you read carefully the link you posted yourself.

1-The feature is limited in its connection requirements
2-The feature is not reliable when using non-Windows server (so you should read not reliable when using FreeNAS SMB share)
3-The feature is still a permanent break-N-fix way of working
4-The fix part of it is run under the regular cron job which is 15 minutes by default
5-Even if you increase it, a cron job is every minute at its fastest rate
6-When working interactively on the same document, a minute is forever

So No, you should not bypass your Nextcloud frontend...
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,555
Hey Garm,

I recommend you read carefully the link you posted yourself.

1-The feature is limited in its connection requirements
2-The feature is not reliable when using non-Windows server (so you should read not reliable when using FreeNAS SMB share)
3-The feature is still a permanent break-N-fix way of working
4-The fix part of it is run under the regular cron job which is 15 minutes by default
5-Even if you increase it, a cron job is every minute at its fastest rate
6-When working interactively on the same document, a minute is forever

So No, you should not bypass your Nextcloud frontend...

I never said it would be easy.. I said
Nextcloud would not easily do what you want.
And then I went on discouraging it even further. But saying (my emphasis)
whatever is usable by the Frontend must be turned to unavailable for direct access by other clients.
Is objectively wrong
 

trek102

Dabbler
Joined
May 4, 2014
Messages
46
Okey good, no Nextcloud would not easily do what you want.
As I see it you have two options, either set up a vpn solution where your users have roaming access to share (there are plenty of SOHO solutions for that) or take the leap and actually implement Nextcloud.

Everything is possible with software and as you say nextcloud do have SMB support for external storage, but my own experience working with external storage is that its far from straight forward. Your use case of the same user accessing the same data via two different channels is my main issue. Using nextcloud as a webfrontend for a smb share is a rather cumbersome route to take.

I would advice against this route and suggest you go for a pure Nextcloud implementation including the desktop client or the VPN route to maintain present workflow remotely.

If those two options are not satisfactory maybe someone will come along and talk you through ACL permissions and nextcloud external storage.

100s of Nextcloud users are doing this and its a valid use case. Everyone has legacy SMB shares that are accessed via Windows or Mac outside of Nextcloud. I also had this "External SMB" functionality running perfectly well in a Nextcloud Docker environment. Its just that the Truenas Jail somehow fails to offer that. I have the same problem after installing smbclient all connections from Nextcloud fail (red circle) and no error message is availble.
 
Top