SteveBallantyne
Cadet
- Joined
- Jul 18, 2017
- Messages
- 6
Hello all,
I have a FreeNAS box that I recently had to "rebuild". That is, I tried to run an update, ended up in a boot loop, and ended up having to boot to a CD and install a new boot environment. My data was in tact (many, many terabytes of backups). But my AD permissions are all missing/broken.
I have since deleted the computer object from my AD for the FreeNAS server, and re-initialized the computer account. It appears that AD is functional. I can do a kinit, log in with a username/password, and then pull user and group lists without a problem.
When I right click on a directory or a file from one of the shares and try to alter the AD permissions, I am getting this error from the MS Windows side, "Unable to save permission changes on ______. The parameter is incorrect". On the FreeNAS side, I am seeing this error message pop up in /var/log/samba4/log.smbd ... "[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_setinfo.c:132".
I have spent a couple of hours reading through semi-related threads and Samba bug reports - to no avail! Anyone have any ideas for me?
Here is some basic info:
Build FreeNAS-11.0-U4 (54848d13b)
Platform Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Memory 16129MB
Log snippet from log.smbd (this is when I am trying to change file permissions) ...
/usr/local/etc/smb4.conf:
I have a FreeNAS box that I recently had to "rebuild". That is, I tried to run an update, ended up in a boot loop, and ended up having to boot to a CD and install a new boot environment. My data was in tact (many, many terabytes of backups). But my AD permissions are all missing/broken.
I have since deleted the computer object from my AD for the FreeNAS server, and re-initialized the computer account. It appears that AD is functional. I can do a kinit, log in with a username/password, and then pull user and group lists without a problem.
When I right click on a directory or a file from one of the shares and try to alter the AD permissions, I am getting this error from the MS Windows side, "Unable to save permission changes on ______. The parameter is incorrect". On the FreeNAS side, I am seeing this error message pop up in /var/log/samba4/log.smbd ... "[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_setinfo.c:132".
I have spent a couple of hours reading through semi-related threads and Samba bug reports - to no avail! Anyone have any ideas for me?
Here is some basic info:
Build FreeNAS-11.0-U4 (54848d13b)
Platform Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Memory 16129MB
Log snippet from log.smbd (this is when I am trying to change file permissions) ...
Code:
[2017/12/01 08:49:02.852857, 3] ../source3/smbd/dir.c:656(dptr_create) creating new dirptr 0 for path ., expect_close = 0 [2017/12/01 08:49:02.852977, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry) smbd_dirptr_get_entry mask=[readme.txt] found readme.txt fname=readme.txt (readme.txt) [2017/12/01 08:49:02.856572, 3] ../source3/smbd/trans2.c:3427(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 1001 [2017/12/01 08:49:02.856654, 3] ../source3/smbd/trans2.c:3427(smbd_do_qfsinfo) smbd_do_qfsinfo: level = 1005 [2017/12/01 08:49:02.863014, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=Yes write=No (numopen=2) [2017/12/01 08:49:02.866014, 3] ../source3/smbd/smb2_read.c:413(smb2_read_complete) smbd_smb2_read: fnum 2618575286, file readme.txt, length=76 offset=0 read=76 [2017/12/01 08:49:02.869174, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=Yes write=No (numopen=3) [2017/12/01 08:49:02.873481, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=Yes write=No (numopen=4) [2017/12/01 08:49:02.880005, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=No write=No (numopen=5) [2017/12/01 08:49:02.885177, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.10.10.9 (10.10.10.9) [2017/12/01 08:49:02.885254, 3] ../source3/smbd/service.c:576(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2017/12/01 08:49:02.885281, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2017/12/01 08:49:02.885356, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2017/12/01 08:49:02.885534, 3] ../source3/smbd/service.c:822(make_connection_snum) dt-914t4v1 (ipv4:10.10.10.9:53070) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 95832) [2017/12/01 08:49:02.892092, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:02.892121, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for dssetup context_id=0 [2017/12/01 08:49:02.892150, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:02.895503, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP) api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2017/12/01 08:49:02.911586, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:02.911627, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for dssetup context_id=0 [2017/12/01 08:49:02.911643, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:02.915186, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP) api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2017/12/01 08:49:02.961737, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=No write=No (numopen=6) [2017/12/01 08:49:02.963561, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=5) NT_STATUS_OK [2017/12/01 08:49:02.971440, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at ../source3/smbd/smb2_create.c:293 [2017/12/01 08:49:04.098483, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:04.098527, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for dssetup context_id=0 [2017/12/01 08:49:04.098539, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:04.107217, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP) api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2017/12/01 08:49:04.128253, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=No write=No (numopen=6) [2017/12/01 08:49:04.130282, 3] ../source3/smbd/nttrans.c:2034(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 120. [2017/12/01 08:49:05.308425, 3] ../source3/smbd/nttrans.c:2034(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 120. [2017/12/01 08:49:07.677598, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:07.677640, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for dssetup context_id=0 [2017/12/01 08:49:07.677653, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: dssetup -> dssetup rpc service [2017/12/01 08:49:07.680918, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP) api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION [2017/12/01 08:49:07.696307, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: wkssvc -> wkssvc rpc service [2017/12/01 08:49:07.696348, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for wkssvc context_id=0 [2017/12/01 08:49:07.696360, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: wkssvc -> wkssvc rpc service [2017/12/01 08:49:07.700801, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP) api_rpcTNP: rpc command: WKSSVC_NETWKSTAGETINFO [2017/12/01 08:49:07.709814, 3] ../source3/rpc_server/srv_pipe.c:732(api_pipe_bind_req) api_pipe_bind_req: netlogon -> netlogon rpc service [2017/12/01 08:49:07.709837, 3] ../source3/rpc_server/srv_pipe.c:355(check_bind_req) check_bind_req for netlogon context_id=0 [2017/12/01 08:49:07.709858, 3] ../source3/rpc_server/srv_pipe.c:398(check_bind_req) check_bind_req: netlogon -> netlogon rpc service [2017/12/01 08:49:07.717733, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP) api_rpcTNP: rpc command: NETR_DSRGETDCNAMEEX2 [2017/12/01 08:49:14.584288, 2] ../source3/smbd/open.c:1362(open_file) root opened file readme.txt read=No write=No (numopen=7) [2017/12/01 08:49:14.587323, 3] ../source3/smbd/nttrans.c:2034(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 176. [2017/12/01 08:49:14.591311, 2] ../source3/smbd/posix_acls.c:3004(set_canon_ace_list) set_canon_ace_list: sys_acl_set_file type file failed for file readme.txt (Invalid argument). [2017/12/01 08:49:14.591349, 3] ../source3/smbd/posix_acls.c:3888(set_nt_acl) set_nt_acl: failed to set file acl on file readme.txt (Invalid argument). [2017/12/01 08:49:14.591366, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_PARAMETER] || at ../source3/smbd/smb2_setinfo.c:132 [2017/12/01 08:49:15.462046, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.30.10.96 (10.30.10.96) [2017/12/01 08:49:15.462129, 3] ../source3/smbd/oplock.c:1328(init_oplocks) init_oplocks: initializing messages. [2017/12/01 08:49:15.462179, 3] ../source3/smbd/process.c:1957(process_smb) Transaction 0 of length 159 (0 toread) [2017/12/01 08:49:15.462196, 3] ../source3/smbd/process.c:1538(switch_message) switch message SMBnegprot (pid 97655) conn 0x0 [2017/12/01 08:49:15.462747, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2017/12/01 08:49:15.462765, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LANMAN1.0] [2017/12/01 08:49:15.462782, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2017/12/01 08:49:15.462889, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LM1.2X002] [2017/12/01 08:49:15.463046, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [LANMAN2.1] [2017/12/01 08:49:15.463136, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [NT LM 0.12] [2017/12/01 08:49:15.463156, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [SMB 2.002] [2017/12/01 08:49:15.463170, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [SMB 2.???] [2017/12/01 08:49:15.463290, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB2_FF [2017/12/01 08:49:15.463684, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'gssapi_spnego' registered [2017/12/01 08:49:15.463701, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'gssapi_krb5' registered [2017/12/01 08:49:15.463721, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2017/12/01 08:49:15.463736, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'spnego' registered [2017/12/01 08:49:15.463753, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'schannel' registered [2017/12/01 08:49:15.463766, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2017/12/01 08:49:15.463782, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2017/12/01 08:49:15.463795, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'ntlmssp' registered [2017/12/01 08:49:15.463811, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2017/12/01 08:49:15.463823, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'http_basic' registered [2017/12/01 08:49:15.463840, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'http_ntlm' registered [2017/12/01 08:49:15.463853, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'krb5' registered [2017/12/01 08:49:15.463869, 3] ../auth/gensec/gensec_start.c:918(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2017/12/01 08:49:15.791372, 3] ../source3/smbd/negprot.c:744(reply_negprot) Selected protocol SMB 2.??? [2017/12/01 08:49:15.794254, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB2_10 [2017/12/01 08:49:16.377209, 3] ../source3/smbd/nttrans.c:2034(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 120. [2017/12/01 08:49:16.469665, 3] ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) Found account name from PAC: priestdd [Priest, Debra D.] [2017/12/01 08:49:16.469708, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) Kerberos ticket principal name is [priestdd@KCH.LOCAL] [2017/12/01 08:49:16.469919, 3] ../source3/auth/user_krb5.c:164(get_user_from_kerberos_info) get_user_from_kerberos_info: Username KCHDOM\priestdd is invalid on this system [2017/12/01 08:49:16.469944, 3] ../source3/auth/auth_generic.c:145(auth3_generate_session_info_pac) auth3_generate_session_info_pac: Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE) [2017/12/01 08:49:16.469998, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_sesssetup.c:134 [2017/12/01 08:49:16.471588, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) [2017/12/01 08:49:16.471895, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (termination signal) [2017/12/01 08:49:16.472228, 2] ../source3/smbd/service.c:1098(close_cnum) 10.2.19.102 (ipv4:10.2.19.102:51285) closed connection to service BIGDATA [2017/12/01 08:49:16.472266, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=6) NT_STATUS_OK [2017/12/01 08:49:16.472324, 3] ../source3/smbd/service.c:1098(close_cnum) 10.2.19.102 (ipv4:10.2.19.102:51285) closed connection to service IPC$ [2017/12/01 08:49:16.472360, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=5) NT_STATUS_OK [2017/12/01 08:49:16.472425, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=4) NT_STATUS_OK [2017/12/01 08:49:16.472494, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=3) NT_STATUS_OK [2017/12/01 08:49:16.472556, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=2) NT_STATUS_OK [2017/12/01 08:49:16.472640, 2] ../source3/smbd/close.c:798(close_normal_file) root closed file readme.txt (numopen=1) NT_STATUS_OK [2017/12/01 08:49:16.472705, 2] ../source3/smbd/service.c:1098(close_cnum) dt-914t4v1 (ipv4:10.10.10.9:53070) closed connection to service Paragon [2017/12/01 08:49:16.472774, 3] ../source3/smbd/service.c:1098(close_cnum) dt-914t4v1 (ipv4:10.10.10.9:53070) closed connection to service IPC$ [2017/12/01 08:49:16.474906, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (termination signal) [2017/12/01 08:49:16.475170, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (termination signal)
/usr/local/etc/smb4.conf:
Code:
[global] server min protocol = NT1 server max protocol = SMB3 interfaces = 127.0.0.1 10.200.200.72 bind interfaces only = yes encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 464492 logging = file load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = yes ntlm auth = yes directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g server string = FreeNAS Server ea support = yes store dos attributes = yes lm announce = yes acl allow execute always = true dos filemode = yes multicast dns register = yes domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server workgroup = KCHDOM realm = KCH.LOCAL security = ADS client use spnego = yes local master = no domain master = no preferred master = no ads dns update = yes winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes winbind refresh tickets = yes idmap config KCHDOM: backend = rid idmap config KCHDOM: range = 20000-90000000 allow trusted domains = no client ldap sasl wrapping = seal template shell = /bin/sh template homedir = /home/%D/%U netbios name = BIGNAS pid directory = /var/run/samba create mask = 0666 directory mask = 0777 client ntlmv2 auth = no dos charset = CP437 unix charset = UTF-8 log level = 3 [BIGDATA] path = "/mnt/BIGDATA" printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes hide dot files = yes guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare [Paragon] path = "/mnt/PARAGON" printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes hide dot files = yes guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare