CIFS setup - no write permission on Windows 7 Home

[darkesha]

I downloaded and installed FreeNAS-9.3-STABLE-201505130355 last week.
This is my first real networking / users / permissions experience.

I have 2 Windows and 2 OsX (iMac and hackintosh) PCs and one Linux Mint lap top in my household.

I setup samba share which worked great in OsX (I don't think I tried it from Windows PC at the time).
Than I changed samba share to NFS Unix share which I was able to successfully auto mount on OsX. After this I decided again to enable samba due to the fact that this dataset will hold all my media and Windows PCs will most likely write to it (copying movies or editing metadata for files).

Anything I try (already tried a lot of possible combination of settings and users) results with Win7 home box not having permission to write. I access this dataset as guest with no password.
I will post all screenshots of my settings.
I might be missing something but I don't know what.

 

[SweetAndLow]

Did you try giving everyone write permissions using the windows gui? You say your windows clients can't write well that is because as you pointed out they don't have write permissions.

 

[jlpellet]

If the WinGUI permission change does not work, I think what is going on is the "user" connecting from the Windows system is "guest" rather than "nobody" and "guest" does not have write permission/ownersship. I suggest, for a test, changing the CIFS account to guest, allowing empty password then changing the dataset owner/group to guest/guest. As I understand it, the recursive box affects how the change is executed so I would not expect it to "stay" checked. Hope this helps.

 

[SweetAndLow]

If the WinGUI permission change does not work, I think what is going on is the "user" connecting from the Windows system is "guest" rather than "nobody" and "guest" does not have write permission/ownersship. I suggest, for a test, changing the CIFS account to guest, allowing empty password then changing the dataset owner/group to guest/guest. As I understand it, the recursive box affects how the change is executed so I would not expect it to "stay" checked. Hope this helps.

No this is wrong. They are connecting as the 'nobody' user since that is the user that is being set in the CIFS settings under the 'guest account' setting. There is no difference between the nobody user and guest user. Modifying the the cifs account and allowing empty password will not fix anything and will just confuse people. You basically just told this person to do exactly what they are doing but use the guest user, please don't give this advice unless you understand what it actually does.

 

[darkesha]

Did you try giving everyone write permissions using the windows gui? You say your windows clients can't write well that is because as you pointed out they don't have write permissions.

I tried - but I get the same message - I have no access as guest to change that. I will try my Win. Ultimate box and see if there is more success.

I tried to mount the NFS share first - but it looks like that is not possible from Win7 home.

 

[darkesha]

I think I am making some progress (and since I have spend 3-4 hours I better should have something to show for it).
I created multitude of test datasets (some from wizard menu, and some from storage menu).
Each time this is what getafcl says:

getfacl /mnt/vzp/za

# file: /mnt/vzp/za
# owner: nobody
# group: nogroup
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow

I found out if I disable "Allow Guest Access" the windows PC will ask me to log in, and if I type in guest, I will be able to login and write to the share.
If I enable Guest Access the windows will log in but won't be able to write.
I don't know why is this happening though. In both cases user should be guest - but in one FreeNAS is treating guest as full fledge user and in the other case as Everyone with limited permissions

There is still lots to do but in the mean time some one might chip in with their ideas ?

For future references I should note these two commands for cmd.exe:

net use \\192.168.1.X /d

# followed by

klist purge

in order to delete and purge windows credentials for access to the server

_____

After 5min I remember to disable guest log in, go to Win7 home and log in as guest (not nobody since that user is asking password; but guest without password) which allows me writing to this share - this is when I got into security tab and changed permission for Everyone.
I enabled guest access, purged net use, browsed to the share and tried creating folder - and it works.

This is probably some bug in how guest access in handled.

 

[SweetAndLow]

In both cases the user is being treated as everyone. Typing in a password doesn't change the amount of access you get. The amount of access is related to the permissions you set on the files. Why don't you give everyone full permissions?

I have asked this multiple times now and you don't do it, why not?

 

[darkesha]

Sorry for late reply (wasn't at home).

I wasn't able to change permissions until this happened:
" I found out if I disable "Allow Guest Access" the windows PC will ask me to log in, and if I type in guest, I will be able to login and write to the share."
followed by:
"go to Win7 home and log in as guest (not nobody since that user is asking password; but guest without password) which allows me writing to this share - this is when I got into security tab and changed permission for Everyone."
(essentially what you were saying but wasn't possible unless I uncheck "allow guest access")

Once unchecked, I accessed share from Windows PC which now asked me to enter my user name password (user: guest ; pass: empty ) and I was finally allowed to right click on folder and change permission for "everyone".


Now I found out if I access to this folder from my mac through NFS I am not allowed to write to it anymore. I was under impression that you can have one dataset shared through more protocols.

 

[SweetAndLow]

You can share the same dataset through multiple protocols but you probably shouldn't because they would each use their own locking system and editing the same file at the same time can be problematic. The reason you can't write is because you are authenticating as the wrong user. Basically guest access is hard for people to deal with and it makes things complicated because of the words it uses. You should just get things working with users that have password then go from there or just always login as root. And also just use cifs from your osx client to keep it simple.