FreeNAS CIFS with HYPER-V CORE

[Alexandre Trevizoli]

Hi.
I'm one week working to get HYPER-V CORE(2016) connect on freenas smb share. I know that I should ask on some Microsoft forum, but I don't know anyone. So maybe someone can see this post and help me or give some suggestion.

Hyper-V Core( name WCA-CLOUD2) machine is being managed from a Windows 2016 Standard using Hyper-V Manager.
So when I try to create a virtual machine or hard disk that have be write on Freenas SMB Share it's return error.
I debug SMB communication and found that HYPER-V Core not sending domain nor username in SMB communication.
The strange thing is that I have a Windows 2012 Standard machine(not CORE) that have same problem, but after a lot of Windows Update, this start to works.
If someone can help me I appreciate so much.
Sorry for my english, I'm Brazilian.

See debug of CORE trying to authenticate on FREENAS.

[2017/07/05 20:42:35.991737, 3] ../source3/param/loadparm.c:1586(lp_add_ipc)
adding IPC service
[2017/07/05 20:42:35.991776, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user []\[]@[WCA-CLOUD2] with the new password interface
[2017/07/05 20:42:35.991832, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [WCA-STORAGE2]\[]@[WCA-CLOUD2]
[2017/07/05 20:42:35.991894, 3] ../source3/auth/auth.c:249(auth_check_ntlm_password)
check_ntlm_password: guest authentication for user [] succeeded
[2017/07/05 20:42:35.997219, 3] ../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
[2017/07/05 20:42:35.999371, 3] ../source3/lib/util_procid.c:54(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory


See debug of Windows 2012 (this works):
[2017/07/05 15:35:45.735997, 1] ../lib/param/loadparm.c:1729(lpcfg_do_global_parameter)
WARNING: The "null passwords" option is deprecated
[2017/07/05 15:35:45.736702, 2] ../source3/param/loadparm.c:2686(lp_do_section)
Processing section "[CIFS]"
[2017/07/05 15:35:45.737342, 3] ../source3/param/loadparm.c:1586(lp_add_ipc)
adding IPC service
[2017/07/05 15:35:45.737419, 3] ../source3/auth/auth.c:178(auth_check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WCA]\[Administrator]@[WCA-CLOUD1] with the new password interface
[2017/07/05 15:35:45.737474, 3] ../source3/auth/auth.c:181(auth_check_ntlm_password)
check_ntlm_password: mapped user is: [WCA-STORAGE2]\[Administrator]@[WCA-CLOUD1]
[2017/07/05 15:35:45.737604, 3] ../source3/auth/check_samsec.c:400(check_sam_security)
check_sam_security: Couldn't find user 'Administrator' in passdb.
[2017/07/05 15:35:45.737663, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [Administrator] -> [Administrator] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/07/05 15:35:45.737728, 3] ../source3/auth/auth_util.c:1611(do_map_to_guest_server_info)
No such user Administrator [WCA] - using guest account
[2017/07/05 15:35:45.738817, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from wca-cloud1.wca.local (172.31.200.5)
[2017/07/05 15:35:45.738968, 3] ../source3/smbd/service.c:576(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2017/07/05 15:35:45.739078, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2017/07/05 15:35:45.739144, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2017/07/05 15:35:45.739478, 3] ../source3/smbd/service.c:822(make_connection_snum)
wca-cloud1 (ipv4:172.31.200.5:62934) connect to service IPC$ initially as user root (uid=0, gid=0) (pid 29141)
[2017/07/05 15:35:45.740478, 3] ../source3/smbd/msdfs.c:1010(get_referred_path)
get_referred_path: |cifs| in dfs path \wca-storage2\cifs is not a dfs root.
[2017/07/05 15:35:45.740550, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309
[2017/07/05 15:35:45.741445, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from wca-cloud1.wca.local (172.31.200.5)
[2017/07/05 15:35:45.741568, 3] ../source3/smbd/service.c:576(make_connection_snum)
Connect path is '/mnt/VMS/CIFS' for service [CIFS]
[2017/07/05 15:35:45.741665, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2017/07/05 15:35:45.741719, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2017/07/05 15:35:45.741789, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [aio_pthread]
[2017/07/05 15:35:45.742128, 2] ../lib/util/modules.c:196(do_smb_load_module)
Module 'aio_pthread' loaded
[2017/07/05 15:35:45.742213, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [streams_xattr]
[2017/07/05 15:35:45.742587, 2] ../lib/util/modules.c:196(do_smb_load_module)
Module 'streams_xattr' loaded
[2017/07/05 15:35:45.742654, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [zfsacl]
[2017/07/05 15:35:45.743561, 2] ../lib/util/modules.c:196(do_smb_load_module)
Module 'zfsacl' loaded
[2017/07/05 15:35:45.743632, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [zfs_space]
[2017/07/05 15:35:45.764032, 2] ../lib/util/modules.c:196(do_smb_load_module)
Module 'zfs_space' loaded
[2017/07/05 15:35:45.764395, 2] ../source3/smbd/service.c:822(make_connection_snum)
wca-cloud1 (ipv4:172.31.200.5:62934) connect to service CIFS initially as user root (uid=0, gid=0) (pid 29141)
[2017/07/05 15:35:45.768346, 3] ../source3/rpc_server/srv_pipe.c:733(api_pipe_bind_req)
api_pipe_bind_req: srvsvc -> srvsvc rpc service
[2017/07/05 15:35:45.768422, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
check_bind_req for srvsvc context_id=0
[2017/07/05 15:35:45.768490, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
check_bind_req: srvsvc -> srvsvc rpc service
[2017/07/05 15:35:45.769097, 3] ../source3/rpc_server/srv_pipe.c:1455(api_rpcTNP)
api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO
[2017/07/05 15:35:45.771826, 3] ../source3/smbd/dir.c:656(dptr_create)
creating new dirptr 0 for path ., expect_close = 0
[2017/07/05 15:35:45.771973, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found . fname=. (.)
[2017/07/05 15:35:45.772135, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found .. fname=.. (..)
[2017/07/05 15:35:45.772324, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found glance fname=glance (glance)
[2017/07/05 15:35:45.774314, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found VMS fname=VMS (VMS)
[2017/07/05 15:35:45.774625, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[STATUS_NO_MORE_FILES] || at ../source3/smbd/smb2_query_directory.c:155
[2017/07/05 15:35:45.776916, 3] ../source3/smbd/dir.c:656(dptr_create)
creating new dirptr 0 for path VMS, expect_close = 0
[2017/07/05 15:35:45.777164, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found VMS/. fname=. (.)
[2017/07/05 15:35:45.777463, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found VMS/.. fname=.. (..)
[2017/07/05 15:35:45.777816, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found VMS/New Virtual Hard Disk.vhdx fname=New Virtual Hard Disk.vhdx (New Virtual Hard Disk.vhdx)
[2017/07/05 15:35:45.778231, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found VMS/New Virtual Hard Disk5.vhdx fname=New Virtual Hard Disk5.vhdx (New Virtual Hard Disk5.vhdx)
[2017/07/05 15:35:45.778643, 3] ../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
smbd_dirptr_get_entry mask=[*] found VMS/New Text Document.txt fname=New Text Document.txt (New Text Document.txt)
[2017/07/05 15:35:45.778927, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[9] status[STATUS_NO_MORE_FILES] || at ../source3/smbd/smb2_query_directory.c:155
[2017/07/05 15:35:48.004945, 2] ../source3/smbd/open.c:1322(open_file)
root opened file VMS/New Virtual Hard Disk44.vhdx read=Yes write=Yes (numopen=3)
[2017/07/05 15:35:48.007771, 3] ../source3/smbd/trans2.c:3422(smbd_do_qfsinfo)
smbd_do_qfsinfo: level = 1001
[2017/07/05 15:35:48.007933, 3] ../source3/smbd/trans2.c:3422(smbd_do_qfsinfo)
smbd_do_qfsinfo: level = 1005
.....

 

[anodos]

Post contents of /usr/local/etc/smb4.conf and the ACL on your share (from the freenas side - "getfacl /mnt/pool/share").

 

[Alexandre Trevizoli]

smb4.conf
--------------------------------------------

[global]
server max protocol = SMB2_02
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 1414442
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = root
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
null passwords = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = no
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
workgroup = WCA
realm = WCA.LOCAL
security = ADS
client use spnego = yes
cache directory = /var/tmp/.cache/.samba
local master = no
domain master = no
preferred master = no
ads dns update = yes
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = no
winbind refresh tickets = yes
idmap config WCA: backend = rid
idmap config WCA: range = 20000-90000000
allow trusted domains = no
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /home/%D/%U
netbios name = WCA-STORAGE2
pid directory = /var/run/samba
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 3


[CIFS]
path = /mnt/VMS/CIFS
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
vfs objects = zfs_space zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare

----------------------------------------------------------------------------
getfacl /mnt/VMS/CIFS
# file: /mnt/VMS/CIFS
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:r-x---a-R-c---:fd-----:allow

-----------------------------------------------------------------------------

 

[anodos]

Reproduce the problem with Server Core with logging set to "debug" in the FreeNAS webui 'services -> SMB', then reproduce the problem and post the contents of /var/log/samba4/log.smbd here, and please enclose in [ code ] tags.

And please don't set your guest account to root. You can have the dataset owned by one of your AD users.

 

[zoomzoom]

If WCA-CLOUD2 is running Windows, has it had smbv1 disabled? If so, that's likely the issue, if not, disregard =]

 

[Alexandre Trevizoli]

Zoomzoom , I checked about smbV1 and it's enabled.
anodos, only you can read it....I can't.

I tried to paste here, but it's very big and gave error on post....

I clean files....put debug on log, restart SMB service and reproduce the error.

https://pastebin.com/bJTAseWQ