11.2-U6 smb, cannot connect from Windows 2008

[leonardorame]

Hi, I cannot connect to a smb (FreeNAS 11.2-U6) share from Windows 2008 R2 Standard.

I enabled this on Services->SMB to be able to track the problem:

Code:

log level=3
auth_audit:3

When i try to access the share from Windows, I'm asked for credentials, type the user "uwindows" and the password (I created the same credentials on both ends), but on the samba log I get this:

Code:

[2019/11/15 04:11:40.490378,  3] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2541
[2019/11/15 04:11:40.492533,  3] ../source3/smbd/service.c:156(chdir_current_service)
  chdir (/mnt/PoolPrincipal/Compartido2) failed, reason: Permission denied
[2019/11/15 04:11:40.492552,  0] ../source3/smbd/uid.c:453(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2019/11/15 04:11:40.492564,  3] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2541

Here is the result of testparm:

Code:

# Global parameters
[global]
        aio max threads = 2
        deadtime = 15
        disable spoolss = Yes
        dns proxy = No
        dos charset = CP437
        kernel change notify = No
        lm announce = Yes
        load printers = No
        local master = No
        logging = file
        max log size = 51200
        max open files = 466823
        multicast dns register = No
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        obey pam restrictions = Yes
        printcap name = /dev/null
        security = USER
        server min protocol = SMB2_02
        server role = standalone server
        server string = FreeNAS Server
        unix extensions = No
        idmap config *: range = 90000001-100000000
        idmap config * : backend = tdb
        create mask = 0666
        directory mask = 0777
        directory name cache size = 0
        dos filemode = Yes
        strict locking = No

[Compartido2]
        aio write size = 0
        hosts allow = 192.168.0.13
        path = "/mnt/PoolPrincipal/Compartido2"
        read only = No
        veto files = /.snapshot/.windows/.mac/.zfs/
        vfs objects = zfs_space zfsacl streams_xattr
        zfsacl:acesort = dontcare
        nfs4:chown = true
        nfs4:acedup = merge
        nfs4:mode = special

The shared dataset is "/mnt/PoolPrincipal/Compartido2", here is the getfacl result:

Code:

getfacl /mnt/PoolPrincipal/Compartido2
# file: /mnt/PoolPrincipal/Compartido2
# owner: uwindows
# group: uwindows
            owner@:rwxpDdaARWcCos:fdi----:allow
            group@:rwxpDdaARWcCos:fdi----:allow
         everyone@:--------------:fdi----:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:r-x---a-R-c--s:-------:allow
         everyone@:r-x---a-R-c--s:-------:allow

Can someone help me fix this?

 

[anodos]

[2019/11/15 04:11:40.492533, 3] ../source3/smbd/service.c:156(chdir_current_service)
chdir (/mnt/PoolPrincipal/Compartido2) failed, reason: Permission denied

^^^ This almost always means that permissions are wrong on some share path component. Post output of "getfacl /mnt/PoolPrincipal".

 

[leonardorame]

Code:

root@freenas[~]# getfacl /mnt/PoolPrincipal           
# file: /mnt/PoolPrincipal
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow

 

[leonardorame]

Fixed by changing permissions on the dataset /mnt/PoolPrincipal to this: