9.10.2-U6 - SMB Windows 10 Permissions Issue

Starman

Dabbler
Joined
Feb 15, 2014
Messages
15
Hello all,
My N40L FreeNAS had sat idle for about 18 months I recently decided to upgrade the storage which went fine and I then copied data from my older 2TB [N36L] setup onto the larger combined unit.

I then discovered that the server no longer listed under Windows 10 Network [suspect this may of already been an issued but went unnoticed] although I could browse to the \\ip address but when attempting to access a share [I had one share as read only, and another separate which was writable]

In my attempts to troubleshoot the initial not listing under Network I have changed FN software versions to the latest build under a fresh install and found some gpedit to enabling guest access under win10 but suspect I have broken my permissions completely and am at a lost and would appreciate any assistance.

I have reverted to my last known working version as below but can move back to the newer build as require. I found that only the latest 11.3-BETA1 starting listing under windows network broswer again. But either I was requested to login - guest username with no password logged in but the permission issue remained.

1574617085295.png


Code:
Build: FreeNAS-9.10.2-U6 (561f0d7a1)
Model: HP N40L
Platform: AMD Turion(tm) II Neo N40L Dual-Core Processor
Memory: 8033MB




[starman@FreeNAS4TB] ~% testparm -s
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[FreeNAS10TB (Admin)]"
Processing section "[Media]"
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_STANDALONE

# Global parameters
[global]
dos charset = CP437
multicast dns register = No
netbios name = FREENAS
server string = FreeNAS 4TB Server
lm announce = Yes
nsupdate command = /usr/local/bin/samba-nsupdate -g
logging = file
max log size = 51200
kernel change notify = No
panic action = /usr/local/libexec/samba/samba-backtrace
pid directory = /var/run/samba
disable spoolss = Yes
load printers = No
printcap name = /dev/null
time server = Yes
map to guest = Bad User
ntlm auth = Yes
obey pam restrictions = Yes
security = USER
server role = standalone server
deadtime = 15
max open files = 231347
dns proxy = No
idmap config *: range = 90000001-100000000
idmap config * : backend = tdb
store dos attributes = Yes
strict locking = No
directory name cache size = 0
dos filemode = Yes
acl allow execute always = Yes
ea support = Yes
create mask = 0666
directory mask = 0777


[FreeNAS10TB (Admin)]
comment = Writeable Share
path = /mnt/Media/Dataset
veto files = /.snapshot/.windows/.mac/.zfs/
read only = No
vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr aio_pthread
zfsacl:acesort = dontcare
nfs4:chown = true
nfs4:acedup = merge
nfs4:mode = special
shadow:snapdirseverywhere = yes
shadow:format = auto-%Y%m%d.%H%M-2w
shadow:localtime = yes
shadow:sort = desc
shadow:snapdir = .zfs/snapshot


[Media]
comment = FreeNAS 5x4TB Share
path = /mnt/Media/Dataset
hide dot files = No
veto files = /.snapshot/.windows/.mac/.zfs/
read only = No
vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr aio_pthread
zfsacl:acesort = dontcare
nfs4:chown = true
nfs4:acedup = merge
nfs4:mode = special
shadow:snapdirseverywhere = yes
shadow:format = auto-%Y%m%d.%H%M-2w
shadow:localtime = yes
shadow:sort = desc
shadow:snapdir = .zfs/snapshot




[starman@FreeNAS4TB] ~% getfacl /mnt/Media
# file: /mnt/Media
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

[starman@FreeNAS4TB] ~% getfacl /mnt/Media/Dataset
# file: /mnt/Media/Dataset
# owner: nobody
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:rwxpDdaARWc--s:fd-----:allow
everyone@:--------------:fd-----:allow

[starman@FreeNAS4TB] ~% getfacl /mnt/Media/Dataset/FreeNAS2TB
# file: /mnt/Media/Dataset/FreeNAS2TB
# owner: nobody
# group: wheel
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:r-x---a-R-c--s:-------:allow

[starman@FreeNAS4TB] ~% getfacl /mnt/Media/Dataset/FreeNAS2TB/FREENAS2TB
# file: /mnt/Media/Dataset/FreeNAS2TB/FREENAS2TB
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fdi----:allow
group@:rwxpDdaARWcCos:fdi----:allow
everyone@:r-x---a-R-c---:fdi----:allow
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:--x---a-R-c--s:-------:allow
[starman@FreeNAS4TB] ~%
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
Your permissions are wrong on /mnt/Media. They don't allow traversal. setfacl -m everyone@:rxaRc:fd:allow /mnt/Media. This will be easier in 11.3 with the ACL manager. We've also made it so that users are no longer permitted to alter the permissions / ACL on the root of a zpool (to prevent these sorts of problems).
 

Starman

Dabbler
Joined
Feb 15, 2014
Messages
15
Your permissions are wrong on /mnt/Media.
Thank you for the response - I have altered as you have suggested however Windows is still presenting the same permissions error.
1574625171859.png
 

Starman

Dabbler
Joined
Feb 15, 2014
Messages
15
@anodos any chance some more assistance?
 

Starman

Dabbler
Joined
Feb 15, 2014
Messages
15
I managed to reset a user account passing and then after broswing to the IP address directly was finally able to access my SAMBA shares as normal. Thanks for the assist.
 
Top