After this last update, I cannot write to my CIFS shares

[Paul D]

Running FreeNAS-9.10-STABLE-201606270534 (dd17351).

I copied a few files to various shares last night. Everything was fine.

Today, I see in my email that there's a FreeNAS update. So I go to the web GUI, update, reboot. Now I cannot write to any of my CIFS shares.

I'm also setting up a FreeNAS box with a Plex jail for a friend and I can't write to any share on it either. I can read, copy, whatever. But I cannot save, overwrite, or delete any files.

What happened and how do I fix this?

Please help!

 

[dlavigne]

Running FreeNAS-9.10-STABLE-201606270534 (dd17351).

I'm assuming that is after the update (not before)?

If so, the log of changes is at http://download.freenas.org/9.10/STABLE/201606270534/ChangeLog which shouldn't affect CIFS or plugins...

Anything in /var/log/messages when you try to do something that fails?

 

[Paul D]

I'm assuming that is after the update (not before)?

Yes, after the update.

Anything in /var/log/messages when you try to do something that fails?

I looked, but I don't exactly know what to look for and it's a big log file.

This is kinda freaking me out. I made NO changes to my shares, user accounts, passwords, datasets, or permissions. Can you think of anything?

Thanks.

 

[dlavigne]

Post your /var/log/messages so we can see what's going on. Use Insert -> Code if you paste it.

 

[anodos]

Also post the following enclosed in the aforementioned Code tags:

• /usr/local/etc/smb4.conf
• /var/log/samba4/log.smbd (only recent entries in)
• "getfacl" output for your share - i.e. "getfacl /mnt/Tank/Share"

 

[Paul D]

I ended up fixing the problem by changing the CIFS guest account from "nobody" to me. If this is terribly unwise in the view of you fine people, then I will change it back and try to actually fix the problem. But it did seem to work.

I won't be able to get to my FreeNAS machine all weekend, but I will paste the logs here on Tuesday.

Thanks!

 

[17garcol17]

Have the same problem, but I've had immediately after installing 9.10. Found the topic https://forums.freenas.org/index.php?threads/cifs-shares-become-read-only-to-windows-clients.34837/
Tried to updated and add "map readonly = no" as recommended in the topic, did not help.

Apparently the problem is not new and the solution apparently does not have. I will have to install 9.2 on the new server.

 

[anodos]

Have the same problem, but I've had immediately after installing 9.10. Found the topic https://forums.freenas.org/index.php?threads/cifs-shares-become-read-only-to-windows-clients.34837/
Tried to updated and add "map readonly = no" as recommended in the topic, did not help.

Apparently the problem is not new and the solution apparently does not have. I will have to install 9.2 on the new server.

That is wrong. I have multiple 9.10 servers and permissions work correctly. So there is definitely a solution.

The most common problem I see is mis-configured permissions and samba shares due to following any of the plethora of bad howtos / guides on the internet. Unfortunately, it can be difficult to see what exactly is going wrong for an individual user. Another way of thinking of it is that 'every permissions problem is unique'.

 

[17garcol17]

That is wrong. I have multiple 9.10 servers and permissions work correctly. So there is definitely a solution.

The most common problem I see is mis-configured permissions and samba shares due to following any of the plethora of bad howtos / guides on the internet. Unfortunately, it can be difficult to see what exactly is going wrong for an individual user. Another way of thinking of it is that 'every permissions problem is unique'.

Maybe you're right. I spent a lot of time thinking that I was wrong, but nothing found except the 2 topics where people discuss the same problem and no solution. As far as I know CIFS is configured simply and quickly. In previous versions I had no problem with it. I have not included any additional parameters. If you are sure that we are doing something wrong. Help us!

 

[anodos]

Maybe you're right. I spent a lot of time thinking that I was wrong, but nothing found except the 2 topics where people discuss the same problem and no solution. As far as I know CIFS is configured simply and quickly. In previous versions I had no problem with it. I have not included any additional parameters. If you are sure that we are doing something wrong. Help us!

There are many reasons why a samba share can be presented 'read-only' to a user. Some examples:

• The admin decided to use 'unix permissions' on a samba share and has done various things resulting in ACLs being in an inconsistent / broken state, generally this happens through attempts to modify posix mode bits via chmod.
• The admin has incorrectly decided to disable password authentication for the guest user.
• The admin granted permissions to the user via the owner@ ACE, then a Unix process changed the owner of the subdirectory(ies).
• The user lacks write privileges to the share (via NFSv4 ACL).
• The user lacks write privileges to the share (via NT-style Share Permissions)
• The file is flagged 'read-only' via DOS attributes as stored in XATTR
• The admin has removed owner@ and group@ ACL entries, has non-trivial ACLs on files, and has samba mapping posix mode bits to DOS attribute of "read0only".
• The admin has enabled various odd vfs modules in samba that when combined break permissions in unusual ways.
• Windows is authenticating as the wrong user (for instance, cached credentials client-side).
• Boot device has become corrupted causing samba to subtly break.
• Samba group mapping somehow broke resulting in SIDs being inconsistent.
• A Unix process has locked the files.

These are just ones that immediately come to mind. There are many more reasons why this can happen.

If you want to read up more on samba permissions, my wiki entry (which is more-or-less a stub at this point. I will flesh it out later) will get you started. https://wiki.freenas.org/index.php/Methods_For_Fine-Tuning_Samba_Permissions

You can PM me a debug file 'system' -> 'advanced' -> 'save debug'. Feel free to use Russian in the PM. I speak that language as well. I'm coming into a long weekend and will be away from computer till next Tuesday. No guarantees that I'll look at it till then.

 

[17garcol17]

Found the solution here: https://forums.freenas.org/index.ph...-samba-share-doing-things-wrong-part-i.39306/
Thank You, anodos.