11.2-U6 smb, cannot connect from Windows 2008

leonardorame

Contributor
Joined
Jun 30, 2018
Messages
106
Hi, I cannot connect to a smb (FreeNAS 11.2-U6) share from Windows 2008 R2 Standard.

I enabled this on Services->SMB to be able to track the problem:

Code:
log level=3
auth_audit:3


When i try to access the share from Windows, I'm asked for credentials, type the user "uwindows" and the password (I created the same credentials on both ends), but on the samba log I get this:

Code:
[2019/11/15 04:11:40.490378,  3] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2541
[2019/11/15 04:11:40.492533,  3] ../source3/smbd/service.c:156(chdir_current_service)
  chdir (/mnt/PoolPrincipal/Compartido2) failed, reason: Permission denied
[2019/11/15 04:11:40.492552,  0] ../source3/smbd/uid.c:453(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2019/11/15 04:11:40.492564,  3] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2541


Here is the result of testparm:

Code:
# Global parameters
[global]
        aio max threads = 2
        deadtime = 15
        disable spoolss = Yes
        dns proxy = No
        dos charset = CP437
        kernel change notify = No
        lm announce = Yes
        load printers = No
        local master = No
        logging = file
        max log size = 51200
        max open files = 466823
        multicast dns register = No
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        obey pam restrictions = Yes
        printcap name = /dev/null
        security = USER
        server min protocol = SMB2_02
        server role = standalone server
        server string = FreeNAS Server
        unix extensions = No
        idmap config *: range = 90000001-100000000
        idmap config * : backend = tdb
        create mask = 0666
        directory mask = 0777
        directory name cache size = 0
        dos filemode = Yes
        strict locking = No

[Compartido2]
        aio write size = 0
        hosts allow = 192.168.0.13
        path = "/mnt/PoolPrincipal/Compartido2"
        read only = No
        veto files = /.snapshot/.windows/.mac/.zfs/
        vfs objects = zfs_space zfsacl streams_xattr
        zfsacl:acesort = dontcare
        nfs4:chown = true
        nfs4:acedup = merge
        nfs4:mode = special


The shared dataset is "/mnt/PoolPrincipal/Compartido2", here is the getfacl result:

Code:
getfacl /mnt/PoolPrincipal/Compartido2
# file: /mnt/PoolPrincipal/Compartido2
# owner: uwindows
# group: uwindows
            owner@:rwxpDdaARWcCos:fdi----:allow
            group@:rwxpDdaARWcCos:fdi----:allow
         everyone@:--------------:fdi----:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:r-x---a-R-c--s:-------:allow
         everyone@:r-x---a-R-c--s:-------:allow


Can someone help me fix this?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,544
[2019/11/15 04:11:40.492533, 3] ../source3/smbd/service.c:156(chdir_current_service)
chdir (/mnt/PoolPrincipal/Compartido2) failed, reason: Permission denied

^^^ This almost always means that permissions are wrong on some share path component. Post output of "getfacl /mnt/PoolPrincipal".
 

leonardorame

Contributor
Joined
Jun 30, 2018
Messages
106
Code:
root@freenas[~]# getfacl /mnt/PoolPrincipal           
# file: /mnt/PoolPrincipal
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow
 

leonardorame

Contributor
Joined
Jun 30, 2018
Messages
106
Fixed by changing permissions on the dataset /mnt/PoolPrincipal to this:

1573824928173.png
 
Top