SOLVED CIFS issue

[Albert Yang]

I'd used FreeNAS from 9.0 to now, 9.2.1.6. The CIFS was good until I upgraded to 9.2.1.7 last month.

After I upgraded the system to 9.2.1.7, I copied some files to FreeNAS, some files were copied, others failed.

And I found 9.2.1.8 was released, I upgraded system to 9.2.1.8. The upgrade was success, but CIFS could not start.

I tried restore factory default or re-install FreeNAS. But the CIFS service of both 9.2.1.7 and 9.2.1.8 could not start anymore. Here is the report:

Sep 30 07:40:21 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Sep 30 07:40:21 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Sep 30 07:40:21 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Sep 30 07:40:21 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Sep 30 07:40:21 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmp5pMoV9 -s /usr/local/etc/smb4.conf -e tdbsam:/var/etc/private/passdb.tdb
Sep 30 07:40:21 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/net groupmap list
Sep 30 07:40:21 freenas notifier: winbindd not running? (check /var/run/samba/winbindd.pid).
Sep 30 07:40:21 freenas notifier: smbd not running? (check /var/run/samba/smbd.pid).
Sep 30 07:40:21 freenas notifier: nmbd not running? (check /var/run/samba/nmbd.pid).
Sep 30 07:40:21 freenas notifier: Performing sanity check on Samba configuration: FAILED

I tried 9.2.1.5, the CIFS could start now. But I still could not visit FreeNAS from my Windows cilent. The Windows reported:

The device did not set to accept SMB connection.

I don't familiar to Unix/BSD system. I looked up the guide book and try but the problem exist. Could anyone help me?

 

[anodos]

Run 'testparm' in the console and post full output.

 

[Albert Yang]

Run 'testparm' in the console and post full output.

unable to open configuration file "/usr/local/etc/smb.conf"

 

[dlavigne]

Point testparm to /usr/local/etc/smb4.conf.

 

[anodos]

Also post output of "getfacl /mnt/[pool]/.system"

Replace [[pool] with name of zfs pool.

 

[Albert Yang]

Point testparm to /usr/local/etc/smb4.conf.

Load smb config files from /usr/local/etc/smb4.conf
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
WARNING: The "null passwords" option is deprecated
Processing section "[homes]"
Processing section "[CIFS14T]"
Processing section "[CIFS5T]"
Loaded services file OK.
WARNING: lock directory /var/db/samba4 should have permissions 0755 for browsing
to work
WARNING: state directory /var/db/samba4 should have permissions 0755 for browsin
g to work
WARNING: cache directory /var/db/samba4 should have permissions 0755 for browsin
g to work
Server role: ROLE_STANDALONE

***Something I could not copy out***

[CIFS5T]
path = /mnt/Vol-5T
read only = No
inherit acls = Yes
guest ok = Yes
veto files = /.snap/.windows/.zfs/
vfs objects = zfsacl, streams_xattr, aio_pthread
zfsacl:acesort = dontcare
nfs4:chown = yes
nfs4:acedup = merge
nfs4:mode = special
recycle:subdir_mode = 0700
recycle:directory_mode = 0777
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/%U

 

[Albert Yang]

Also post output of "getfacl /mnt/[pool]/.system"

Replace [[pool] with name of zfs pool.

# file: /mnt/Vol-14T/.system
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow

 

[anodos]

Chmod 0755 /var/db/samba4

 

[Albert Yang]

Chmod 0755 /var/db/samba4

Woo, it works! Thank you very much!

But why did it happen?

Would it cause because Samba upgrade to new version and the file attribute of samba4 is not set correct?

 

[anodos]

/var/db/samba4 is a symlink pointing to somewhere in your .system dataset, which is located within your pool. Best guess is that you recursively changed permissions on your pool.

 

[Albert Yang]

/var/db/samba4 is a symlink pointing to somewhere in your .system dataset, which is located within your pool. Best guess is that you recursively changed permissions on your pool.

Hi Anodos, it's a little complex to me to understand. Anyway it works well on 9.2.1.5. I'll re-install 9.2.1.8 to test. Thank you very much!

 

[anodos]

Hi Anodos, it's a little complex to me to understand. Anyway it works well on 9.2.1.5. I'll re-install 9.2.1.8 to test. Thank you very much!

To simplify, many new users create a zpool (for example - "CJ'smom") and create a CIFS share called "CJ'smom". It looks fairly straightforward. So your zpool is located at /mnt/CJ'smom which is designated as a CIFS share and has Windows ACLs. No problem so far, right?

Well, the thing that trips you up is that FreeNAS stores a lot of system information in a hidden directory located at /mnt/CJ'smom/.system . After 9.2.1.5 datasets with Windows ACL types have their aclmode set to "restricted" this prevents users and applications from changing unix permissions of folders because it breaks stuff. Unfortunately, when you set /mnt/CJ'smom as a windows share it also changes the aclmode of your .system dataset and tends to break more stuff.

Fortunately, there is an easy work around that conveniently lines up with best practice. You need to create separate datasets for each share. Suppose you have shares 1, 2, and 3. Don't touch the permissions for your zpool /mnt/CJ'smom. Instead create three datasets:
/mnt/CJ'smom/share1
/mnt/CJ'smom/share2
/mnt/CJ'smom/share3
And set their acl type to "windows/mac". Now samba runs happily and your logs don't get borked.

 

[cyberjock]

Just a word of advice, "data" is one of those pool names you shouldn't name a pool. ;)

It will work, then one day your pool won't mount. Your data will be safe, but you'll have to go through a rig-a-ma-role to get it fixed.

 

[anodos]

Just a word of advice, "data" is one of those pool names you shouldn't name a pool. ;)

It will work, then one day your pool won't mount. Your data will be safe, but you'll have to go through a rig-a-ma-role to get it fixed.

Okay. Fixed it. :) Learn something new every day. I don't really use "data" because it's about as informative as "foo".

 

[cyberjock]

I *think* the manual lists 'data' among a few others that you shouldn't use.

 

[anodos]

I *think* the manual lists 'data' among a few others that you shouldn't use.

The recommendation to avoid it (and 'freenas') is so that it will 'stick out in the logs'. Might be worth clarifying this point in the 9.3 handbook.

 

[mjws00]

So avoid data and freenas. ;) Who would mix those? Lol nice one anodos.

 

[Ericloewe]

That's why it's good to have a sense of humor.

My pool is named "Bender" - that way, if it fails one day, I'll laugh knowing it told me to bite its shiny metal ass and went on to start its own theme park. Filled with with NSFW activities I won't dare to mention until a mod does. :D

 

[anodos]

1. That's why it's good to have a sense of humor.

My pool is named "Bender" - that way, if it fails one day, I'll laugh knowing it told me to bite its shiny metal ass and went on to start its own theme park. Filled with with NSFW activities I won't dare to mention until a mod does. :D

So you have to mount "Bender" every time you boot? Not the way I roll, but to each his own. :)