Cannot access SMB shares using "Microsoft Account"

NetSoerfer

Explorer
Joined
May 8, 2016
Messages
57
I am trying to get my Windows 10 machine to connect to my FreeNAS 11 SMB shares without having to enter any credentials - that is, having Windows automatically log in with my Microsoft Account credentials.

I log in to my Windows 10 machine using a Microsoft Account and have set up the FreeNAS account accordingly (E-Mail, Password identical to the Microsoft credentials, Microsoft Account = true)

Still, trying to access \\freenas in Windows Explorer always prompts me to Enter network credentials with a The user name or password is incorrect comment.

If I enter the FreeNAS credentials (Username, Password) I can see the shares and access them (where permitted to in the file system). I have set /mnt/tank/home to be shared with Use as home share: true; Confusingly, I can now see a homes share and a username share (both with the same content) as well as the other shares.

If I enter the Microsoft credentials though (E-mail, Password) I can see most shares (except for the username share); trying to access the homes share in Windows Explorer throws an error stating that A device attached to the system is not functioning; trying to access all other shares prompts me to Enter network credentials again with an Access is denied comment.

Am I completely mistaken thinking that the Microsoft Account should allow me to log in from Windows without entering my credentials?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,544
I am trying to get my Windows 10 machine to connect to my FreeNAS 11 SMB shares without having to enter any credentials - that is, having Windows automatically log in with my Microsoft Account credentials.

I log in to my Windows 10 machine using a Microsoft Account and have set up the FreeNAS account accordingly (E-Mail, Password identical to the Microsoft credentials, Microsoft Account = true)

Still, trying to access \\freenas in Windows Explorer always prompts me to Enter network credentials with a The user name or password is incorrect comment.

If I enter the FreeNAS credentials (Username, Password) I can see the shares and access them (where permitted to in the file system). I have set /mnt/tank/home to be shared with Use as home share: true; Confusingly, I can now see a homes share and a username share (both with the same content) as well as the other shares.

If I enter the Microsoft credentials though (E-mail, Password) I can see most shares (except for the username share); trying to access the homes share in Windows Explorer throws an error stating that A device attached to the system is not functioning; trying to access all other shares prompts me to Enter network credentials again with an Access is denied comment.

Am I completely mistaken thinking that the Microsoft Account should allow me to log in from Windows without entering my credentials?

Check the contents of "/usr/local/etc/smbusers". Is your account listed?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,544
Another way of working around this particular issue is to set the auxiliary parameter: "ixnas:zfs_auto_homedir = true". This will use the return value of canonicalize_username() to create a ZFS dataset rather than rely on pam_mkhomedir.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,544
As an auxiliary parameter where? This doesn't appear to work when placed in the params for the SMB home share.
Sorry, I forgot to mention that ixnas must be enabled for that parameter to work. (Swap out zfsacl and zfs_space for ixnas in the VFS modules.

Also, is it possible to reopen https://redmine.ixsystems.com/issues/12270? It was closed as CNR, but I hit this issue with a by-the-book home shares setup.
I was able to reproduce the issue. We can't change the path macro from %U to %u (it would impact current installed userbase). I created a user "smbuser@microsoft.com". pam_mkhomedir created a directory "smbuser", but samba canonicalized the username as "smbuser_microsoft.com". I could connect to the share if I simply made a directory "smbuser_microsoft.com". I'll open a ticket to fix the issue when I have an opportunity. This will probably just involve pre-creating the directory.
 

Sycobob

Dabbler
Joined
Jul 23, 2018
Messages
19
Thanks, I didn't know about ixnas before so that's useful. zfs_auto_homedir ends up creating home dirs named after the windows login, which I'm not wild about. And I'd have to do other configuration to get the ssh home dirs to match. For my uses it seems better to stick with the previous workaround to redirect windows logins to the nas user.

It's a shame that improving the current situation involves creating a dummy directory as opposed to a one-time patch up when upgrading FreeNAS versions.
 

Sycobob

Dabbler
Joined
Jul 23, 2018
Messages
19
@anodos Does the workaround no longer work? I've recreated my home share in 11.3-U3.1 and I can't seem to get it to map correctly anymore.

I have "path = mnt/pool/users/%u" as an auxiliary parameter on my home share. But /var/log/samba4/log.smbd shows that my Microsoft account is still trying to use my email when opening my user folder. It's trying to reach myemail_gmail.com/.

[2020/06/01 21:47:17.791523, 1] ../../source3/smbd/service.c:665(make_connection_snum)
make_connection_snum: SMB_VFS_CONNECT for service 'myusername' at '/mnt/pool/users/myemail_gmail.com' failed: No such file or directory
 
Top