FreeNAS-11.1-U3

[A Bull With Yogurts]

Mod note:

Other threads discussing this:
https://forums.freenas.org/index.ph...ll-permissions-on-shares-don't-upgrade.62519/
https://forums.freenas.org/index.php?threads/11-1-u3-user-passwords-reset.62527

If you see interesting information there that is missing in this thread, please report it so that we can copy it over. Same goes for other threads not yet linked. Thanks.

- Ericloewe



Updated from FreeNAS-11.1-U2 -> FreeNAS-11.1-U3 and verified the install.

Now cannot authenticate to access Samba shares. Obviously related to the fact that in U3 "Samba has been patched to address CVE-2018-1050 and CVE-2018-1057."

Possible bug or is there a manual step I need to perform after the update?

Thanks in advance for any help.

 

[dlavigne]

What errors appear in the logs when you try to access a formerly working share?

 

[A Bull With Yogurts]

Dunno, can't SSH in anymore either. :(

 

[dlavigne]

Sounds like your IP changed....

 

[mnemonic]

Also on my NAS. There is something broken or something has changed with this update. Going back to u2 until fixed/explained.

 

[A Bull With Yogurts]

Sounds like your IP changed....

Nope. Can see the box and access the UI.

 

[A Bull With Yogurts]

Also on my NAS. There is something broken or something has changed with this update. Going back to u2 until fixed/explained.

Rolling back to U2 has not fixed the problem for me. Which is very odd.

 

[mnemonic]

Rolling back for me worked. Sometimes in error situation people add errors. Did you change somewhere something whilte trying to fix it?

 

[A Bull With Yogurts]

Rolling back for me worked. Sometimes in error situation people add errors. Did you change somewhere something whilte trying to fix it?

Rolled back to U2 again and this time all working fine again (thankfully).

 

[A Bull With Yogurts]

What errors appear in the logs when you try to access a formerly working share?

Unfortunately I don't have much time to dig into this but it was an authentication error (across all users including root). Should be fairly easy to replicate if both myself and mnemonic are experiencing it. Good luck!

 

[ReadyNAS2018]

I found the same thing when I've just updated to U3, but after re-setting the user passwords everything now seems normal.

 

[andrea.bonaldo]

I confirn samba issue ... and solution by ReadyNAS2018
thanks!

 

[dlavigne]

I confirn samba issue ... and solution by ReadyNAS2018
thanks!

More likely a config issue. But until we get the exact error, it's impossible to figure out which configuration knob the fix does not like :-(

 

[MrToddsFriends]

More likely a config issue. But until we get the exact error, it's impossible to figure out which configuration knob the fix does not like :-(

I can confirm access problems to Samba shares with 11.1-U3. These shares worked like a charm in 11.1-U2 and for at least the last three years (shares were created in FreeNAS 9.3 with hardly any manual interference since then IIRC).

Using 11.1-U3
- I'm able to access the FreeNAS GUI as usual
- I'm able to SSH login using PuTTY as usual
- I'm not able to access Samba shares (that is: any Samba shares that do exist on this FreeNAS machine), irrespective of whether I'm using data from the "Windows credentials" store or not.

I'm attaching three screenshots using a German Windows 10 instance, hoping that this rings some bell even for non-German readers.

The update to 11.1-U3 entailed the following change to smb4.conf on my system:

Code:

~/althome/smb4 # diff smb4.conf_11.1-U2 smb4.conf_11.1-U3
9a10
>	 private dir = /root/samba/private

I'm happy to answer further questions / provide more information.

Side notes: In 11.1-U3 using the classic GUI login the username root is not pre-populated as usual (i.e. has to be typed in manually). Going back to 11.1-U2 works without further problems on my system.

 

[ReadyNAS2018]

I can confirm access problems to Samba shares with 11.1-U3. These shares worked like a charm in 11.1-U2 and for at least the last three years (Shares were created in FreeNAS 9.3 with hardly any manual interference since then IIRC).

Using 11.1-U3
- I'm able to access the FreeNAS GUI as usual
- I'm able to SSH login using PuTTY as usual
- I'm not able to access SAMBA shares, irrespective of whether I'm using data from the "Windows credentials" store or not.

I'm attaching three screenshots using a German Windows 10 instance, hoping that this rings some bell even for non-German readers.

The update to 11.1-U3 entailed the following change to smb4.conf on my system:

Code:

~/althome/smb4 # diff smb4.conf_11.1-U2 smb4.conf_11.1-U3
9a10
>	 private dir = /root/samba/private

I'm happy to answer further question / provide more information.

Side notes: In 11.1-U3 using the classic GUI login the username root is not pre-populated as usual (i.e. has to be typed in manually). Going back to 11.1-U2 works without further problems on my system.

View attachment 23497
View attachment 23498
View attachment 23499

That's the same errors that I had and was fixed by re-setting the user passwords. It looks like there should have been a conversion between the new version when the update was done, but none took place. So the only way to get around this at the moment would be to force a manual update of the password. I would have thought though this would have been picked up in the nightlies prior to being released.

 

[Rick Johnson]

That's the same errors that I had and was fixed by re-setting the user passwords. It looks like there should have been a conversion between the new version when the update was done, but none took place. So the only way to get around this at the moment would be to force a manual update of the password. I would have thought though this would have been picked up in the nightlies prior to being released.

+1 - if smbpasswd hashing changed, it should have been converted. Fortunately in my case it's a home server and there's only a few users to reapply passwords on. If this were a larger org w/o a directory server (or worse, if this was the directory server), asking everyone to reset their passwords would be out of line.

 

[MrToddsFriends]

What errors appear in the logs when you try to access a formerly working share?

From ixdiagnose\fndeug\SMB\dump.txt, seems to be irrespective of having made an attempt to access or not:

Code:

+--------------------------------------------------------------------------------+
+						  net usersidlist @1521524968						   +
+--------------------------------------------------------------------------------+
Environment LOGNAME is not defined. Trying anonymous access.
Could not get the user/sid list
debug finished in 0 seconds for net usersidlist
command used:
/usr/local/bin/../libexec/freenas-debug/smb.sh

Complete -U3 DEBUG available.

 

[rick.n.thailand]

+2 on password change... Last night lost access to all my SMB shares... Was baffled for a while on why I was being denied access... My "owner" of the share was denied even set by FreeNAS... In my troubleshooting, I made sure the passwords were correct by setting it again (even same password) through the GUI... This seemed to work. Only error I see in the log is for "minio" and don't have configured and not used. Lucky I have less than 10 user accounts to update. Root seemed to be fine. I think the System Accounts might be ok then... 11.1 U3... I will revert to U2 until we know more ;)

-Update- Reverting to U2 caused some User/Pwd problems on SMB shares. Went back to U3 :S

 

[FreeN@s!]

Same problem for me.

Reverted to 11.1-u2 , works fine again

 

[A Bull With Yogurts]

I've got a load of shares, accessed by multiple users across a load different devices. Really loathed to go down the password reset route unless there is no other option. Will await official guidance on this and remain on U2.