Can't access shares following 11.1 update

[donsev]

Hello,

My FreeNAS was updated to build FreeNAS-11.1-RELEASE last week. Following a full system reboot I could no longer see the server on the network. Today I can see it on the network, but cannot access it.

The IP, name, etc. are all the same; the appropriate workgroup is there; SMB service is still enabled; creating a brand new share outside my main share folder has the same issue

testparm /usr/local/etc/smb4.conf showed normal.


Bug thread is here: https://redmine.ixsystems.com/issues/27373

Any ideas?

 

[Xelas]

Did you see my thread on the missing vfs modules? Can you confirm that the SMB shares have these modules loaded:
aio_fork
aio_pthread
streams_xattr
zfs_space
zfsacl


If you have snapshots enabled on that share, and you want to be able to browse them in Explorer, you also want to add:
shadow_copy

 

[donsev]

Hello,

Yep I did see that thread. As far as I can tell all those modules are loaded except for aio_fork:

[Videos]
path = "/mnt/ZFS/Shared/Videos"
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare

Edit: I added aio_fork but it didn't seem to do anything. I then stopped and started smb via GUI and nothing changed. Literally. aio_fork was removed from smb4.conf again.

 

[qwerion]

What error message are you getting in the log if any? I just updated to 11.1 and got murdered spammed by
Bad SMB2 signature for message

So two things worked for me after the googles:
1. Connected via \\hostname.local instead of \\hostname - I have no idea why this worked
2. Added server max protocol = SMB2 to auxilary parameters. Also noticed that the drop-down that you used to be able to use to set this is gone now.

Choose to go with #2

 

[Xelas]

I'm not having any issues connecting with Windows 10, Windows 7, Ubuntu, and a couple of Android Clients. For Android, I have a couple apps that need :
lanman auth = yes
ntlm auth = yes
... which, effectively, let them authenticate via the deprecated SMBv1 protocol. I'm OK with that since it's a home network, but this is not OK in a larger or more exposed network, but those are the only lines I've modified/added in the global config section.

I'm not restricting the Max version. Here are mappings from my Windows 10 PC. You can see that they are connecting via SMB protocol version 3.1.1:

Code:

PS C:\WINDOWS\system32> Get-SmbConnection

ServerName ShareName	   UserName   Credential Dialect NumOpens
---------- ---------	   --------   ---------- ------- --------
NAS		NAS_Backups	 T460P\Alex NAS\Alex   3.1.1   1	  
NAS		NAS_Data		T460P\Alex NAS\Alex   3.1.1   1	  
NAS		NAS_Media	   T460P\Alex NAS\Alex   3.1.1   3	  
NAS		Samsung_840_Pro T460P\Alex NAS\Alex   3.1.1   11

Here is a snippet from my smb4.conf file:

Code:

[NAS_Data]
	path = "/mnt/MainVol/Data"
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	access based share enum = no
	recycle:repository = .recycle/%U
	recycle:keeptree = yes
	recycle:versions = yes
	recycle:touch = yes
	recycle:directory_mode = 0777
	recycle:subdir_mode = 0700
	shadow:snapdir = .zfs/snapshot
	shadow:sort = desc
	shadow:localtime = yes
	shadow:format = auto-%Y%m%d.%H%M-2m
	shadow:snapdirseverywhere = yes
	vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr recycle aio_pthread
	hide dot files = no
	guest ok = no
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare

Not all of my shares have the "recycle:" lines and the "shadow:" lines (which go along with the "recyvle" and shadow_copy2 vfs objects).

I don't have a domain at home. The NAS server can be reached both by hostname and IP, and any shares work either way.

I hope that helps!

EDIT: A useful command to run on the FreeNAS terminal is "smbstatus". This will give you a list of all connections (who, what auth they are are using, and protocol versions) and a list of all locked files.