FreeNAS w/remote server NFS mount, CIFS share shows empty

[idbill]

I'm attempting to replace generic CentOS 6 server that has Samba installed with a FreeNAS installation.

Presently several VM's are NFS mounted to this Samba server, which are then shared out to various desktops (via Samba). This all works really well, and I've been able to get this to work with SELinux (enforcing) and proper user permissions. (So I'm believe the exports are correct and I have an idea what the smb.conf file should look like.)

Now, with FreeNAS, I've manually mounted a test NFS partition in /mnt/D1/test and made it available via CIFS. (Latest version of Mac OS won't connect via smb.) I can see it and mount it, but it is empty (on Mac)... On the FreeNAS server, (ssh'd as an authorized user) I see all the files and directories and can edit them to my hearts content.

Here are some interesting differences:

my server | FreeNAS 9.2.1

NFS4 | NFS3

Samba 3.5 | Samba 4.1

Any tips on what configuration I may have missed or other troubleshooting techniques?

 

[anodos]

Post the following:

• /usr/local/etc/smb4.conf
• Hardware details of server
• Exact freenas version
• getfacl output for a shared folder

 

[idbill]

[root@freenas] /mnt/D1# cat /usr/local/etc/smb4.conf
[global]
server max protocol = SMB2
interfaces = 127.0.0.1 172.16.11.244
bind interfaces only = yes
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 11070
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = Yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
local master = yes
idmap config *:backend = tdb
idmap config *:range = 90000000-100000000
server role = standalone
netbios name = FREENAS
workgroup = WORKGROUP
security = user
pid directory = /var/run/samba
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1

[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = no
path = /mnt/D1/%U

[test]
path = /mnt/D1/test
printable = no
veto files = /.snap/.windows/.zfs/
comment = Test Websites
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = zfsacl streams_xattr aio_pthread
hide dot files = no
hosts allow = 172.16.10.15
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare

[public]
path = /mnt/D1/public
printable = no
veto files = /.snap/.windows/.zfs/
comment = Public files
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = yes
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare
create mask = 0777
directory mask = 0777

Hardware:
Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz
Memory: 8169MB
Storage: (currently) (1) 500GB drive

Version:
[root@freenas] ~# cat /etc/version
FreeNAS-9.2.1.8-RELEASE-x64 (e625626)

[root@freenas] /mnt/D1# getfacl test
# file: test
# owner: root
# group: wheel
user::rwx
group::r-x
other::r-x
[root@freenas] /mnt/D1# getfacl public
# file: public
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow
[root@freenas] /mnt/D1# getfacl idbill
# file: idbill
# owner: idbill
# group: idbill
owner@:rwxp--aARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:------a-R-c--s:------:allow

Notes:
172.16.11.x is the server network
172.16.10.x is a workstation network
172.16.10.15 is my Mac

I tried to enable NFS4 options at some point.

apache user/group was added to FreeNAS and is uid/gid 48/48 which matches the remote NFS server.

For comparison, below is the smb.conf on my current server for that same directory:
[websites]
comment = Websites
path = /home/websites
public = no
#browseable = no
writeable = yes
printable = no
read only = no
force user = apache
force group = apache
write list = +users
strict locking = no
create mask = 0666
directory mask = 0775

[root@main ~]# getfacl /home/websites/
getfacl: Removing leading '/' from absolute path names
# file: home/websites/
# owner: root
# group: apache
user::rwx
group::rwx
other::r-x

 

[anodos]

A few thoughts:
1) Your hardware isn't a good choice for running FreeNAS. ECC memory is highly recommended because of the way ZFS works.
2) The permissions issues you are having are most likely due to NFSv4 permissions. They function differently than traditional unix user/group/other rights. When a user lacks the appropriate privileges, files are invisible in samba shares. But I can't be sure because...
3) It sounds like you are mounting NFS shares and re-sharing them via samba. Never experimented with this, but doesn't sound particularly stable.

 

[idbill]

In other words... FreeNAS doesn't support this scenario.

 

[anodos]

In other words... FreeNAS doesn't support this scenario.

I'm not entirely sure what that means.

I understood your goal was as follows:

Code:

[Centos Server] -->NFS--> [FreeNAS Server] --> Samba --> [Clients]

[data stored on Centos Server]
This doesn't sound like a particularly good idea.

Alternatively, you might have meant:

Code:

[FreeNAS Server Dataset] ---> NFS ---> [VMs]
              |
               -------------> Samba -> [Clients]

Which isn't as terrible, but you can still run into problems with file locking and permissions. You need to probably do more reading regarding ACLs (perhaps starting with the setfacl and getfacl manpages).

Both of the above are somewhat unusual configurations and so I wouldn't hold my breath for a lot of help.