Just went through this.
- Check for all of the Domain Controlers with that freenas can see using
host -t srv _ldap._tcp.YOURDOMAIN.COM
- Make sure that all of those DC's are pingable.
- Make sure the times on the domain controller are all accurate. Very important.
- For me i had to add this to my smb4.conf. Put it in the additional args section of the Auxiliary parameters: of SMB service
realm = domain.net
workgroup = domain
- In SMB config turn up log level to full
- In Sharing > Windows SMB > Share name > Enable "Browseable to Network Clients"
- For some shares i had to enable. In Sharing > Windows SMB > Share name > Enable "Access Based Share Enumeration" Not really sure why.
- Make sure wbinfo -g returns a list of all of the groups
- Do a freenas reboot and make sure there are no errors when devices connect
- Watch tail -f /var/log/debug.log for errors
- Watch tail -f /var/log/samba4/log.smbd log for permission issues when you click on shares and permission is not granted.
Shares need to be configured in a Windows application!!!
This was a shocker for me. You MUST use windows COMPUTER MANAGMENT to add permissions to Samba Shares. NOT WELL DOCUMENTED AT ALL.
https://forums.freenas.org/index.php?resources/smb-tips-and-tricks.1
On one machine, i had to wait 10 minutes for the shares to be come visiable. Reboots help...
Its art NOT science.
