CIFS- the service could not be started

[Nick Howard]

I've recently upgraded to 9.2.1.8 and it seems since this I'm unable to start my CIFS service. Not sure quite whats happened to be honest but this is what I'm seeing in the footer:

Oct 23 19:14:57 freenas notifier: winbindd not running? (check /var/run/samba/winbindd.pid).
Oct 23 19:14:57 freenas notifier: smbd not running? (check /var/run/samba/smbd.pid).
Oct 23 19:14:57 freenas notifier: nmbd not running? (check /var/run/samba/nmbd.pid).
Oct 23 19:14:57 freenas notifier: Performing sanity check on Samba configuration: FAILED


I've not actually touched anything with it for over 6 months, so I'm a little rusty. I've searched similar issue's but can't seem to find anything. Any help would be appreciated.

 

[anodos]

Your smb4.conf file has problems. Run "testparm" and post the output enclosed in code brackets. Be sure to press enter to see a dump of your service definitions.

 

[Nick Howard]

[root@freenas ~]# testparm
Load smb config files from /usr/local/etc/smb4.conf
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
Processing section "[freenasshare]"
Loaded services file OK.
WARNING: lock directory /var/db/samba4 should have permissions 0755 for browsing
to work
WARNING: state directory /var/db/samba4 should have permissions 0755 for browsin
g to work
WARNING: cache directory /var/db/samba4 should have permissions 0755 for browsin
g to work
Server role: ROLE_STANDALONE


Pressing enter gives me the following but I can't scroll any further up to see what else it says, is there a way to do this from the shell?

directory mask = 0777
ea support = Yes
directory name cache size = 0
kernel change notify = No
store dos attributes = Yes
strict locking = No

[freenasshare]
path = /mnt/volume
read only = No
guest only = Yes
guest ok = Yes
veto files = /.snap/.windows/.zfs/
vfs objects = zfsacl, streams_xattr, aio_pthread
zfsacl:acesort = dontcare
nfs4:chown = yes
nfs4:acedup = merge
nfs4:mode = special
recycle:subdir_mode = 0700
recycle:directory_mode = 0777
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/%U
[root@freenas ~]#

 

[anodos]

In console type "chmod 0755 /var/db/samba4" then start CIFS.

This problem happened because you have improperly configured your shares. You are sharing your entire zpool rather than sharing a dataset.

 

[Nick Howard]

Just tried that and I still can't start CIFS.

 

[anodos]

review /var/log/samba4/log.smbd and /var/log/messages for interesting error messages and post them.

Post output of following:

• ls -l /mnt/volume
• zfs get aclmode volume/.system
• getfacl /mnt/volume/.system

If you log in via SSH/putty then you can run all the commands and copy the content of your scrollback buffer.

 

[cyberjock]

no, do this.. you fubared your .system dataset permissions. Most likely trying to do permissions stuff on your server.

Do this:

# zfs destroy -fR <poolname>/.system (don't screw this up and do zpool destroy).
reboot the server

voila... it is fixed.

 

[anodos]

no, do this.. you fubared your .system dataset permissions. Most likely trying to do permissions stuff on your server.

Do this:

# zfs destroy -fR <poolname>/.system (don't screw this up and do zpool destroy).
reboot the server

voila... it is fixed.

I'll have to remember this one. Elegant, but, wow - talk about playing with fire. FreeNAS needs a "I screwed up, nuke my system dataset please" button.

 

[cyberjock]

It's actually been fixed in 9.2.1.9 (if its released) and 9.3.

The .system dataset is no longer mounted under /mnt/<pool>. It's mounted under /. So unless you try to change the permissions on your whole entire server (and if you are that stupid you deserve *exactly* what happens) you shouldn't have a problem. The problem is that people think they want to give everyone full permissions, so they do something like chmod 777 -R /mnt/<pool>. This gives them full permissions (if talking about Unix permissions) but totally fubars the .system dataset. Since Samba will not work with full permissions to all files for security reasons it poops all over itself once it realizes what you've done.

Easy problem and not-so-obvious solution, which is why it had to be fixed.

 

[Nick Howard]

no, do this.. you fubared your .system dataset permissions. Most likely trying to do permissions stuff on your server.

Do this:

# zfs destroy -fR <poolname>/.system (don't screw this up and do zpool destroy).
reboot the server

voila... it is fixed.

OK so just to make sure I don't destroy everything, it should look like this:

# zfs destroy -fR Volume/.system

 

[anodos]

OK so just to make sure I don't destroy everything, it should look like this:

# zfs destroy -fR Volume/.system

View attachment 5273

zfs destroy -fR volume/.system

 

[Nick Howard]

OK thanks I've done that and now rebooting the system. Fingers crossed.

So from now on I shouldn't set up a share from /volume but create another dataset called lets say "share" and then put all my other datasets under that. I can then set permissions for "share" without affecting system files?

 

[cyberjock]

So from now on I shouldn't set up a share from /volume but create another dataset called lets say "share" and then put all my other datasets under that. I can then set permissions for "share" without affecting system files?

That is the recommended way.

You can still share /mnt/volume if you desire. But you'll have to be all-pro and not bugger up things that don't need buggered up. Datasets are the "easy mode".

 

[anodos]

OK thanks I've done that and now rebooting the system. Fingers crossed.

So from now on I shouldn't set up a share from /volume but create another dataset called lets say "share" and then put all my other datasets under that. I can then set permissions for "share" without affecting system files?

Correct

 

[Nick Howard]

Many thanks guys that's worked, I can now turn CIFS service back on. One last question if I can and without me looking through the guide. Is it possible for me to create this "share" dataset and then move all my other datasets under it? I'm guessing not but it's worth asking. : )