nitromaroder
Cadet
- Joined
- Apr 11, 2014
- Messages
- 2
Dear Freenas Community!
I've upgraded my environment to the current 11.2U2 release and noticed, that my samba home shares for the AD users stopped working - but all other samba shares are working fine (i.e. permissions resp. acl's). I've tried also to reset the permissions and acl's but this didn't solve the problem. More over, I've upgraded my 2nd FreeNAS (and zfs pool), and the home-sharing stopped working there as well! #ClassicHomerEffect
Any ideas and hints? The domain joined worked fine, I can list users and group using "wbinfo -u|g", access the normal shares (not inclided in the below config), set acl's using Windows Server (i.e. share type = windows, owner = AD\administrator), and from the smbd log it tries to access the right directory as well: I've created even a new share, assigned "use as home share" - and the home directory for the user also being created, as soon as I try to access "\\FREENAS\userhomedir", but Windows client asks for credentials and the log below shows access denied.
Any help is appreciated!
* /var/log/samba4/log.smbd:
* /usr/local/etc/smb4.conf:
Best regards,
Nitro
I've upgraded my environment to the current 11.2U2 release and noticed, that my samba home shares for the AD users stopped working - but all other samba shares are working fine (i.e. permissions resp. acl's). I've tried also to reset the permissions and acl's but this didn't solve the problem. More over, I've upgraded my 2nd FreeNAS (and zfs pool), and the home-sharing stopped working there as well! #ClassicHomerEffect
Any ideas and hints? The domain joined worked fine, I can list users and group using "wbinfo -u|g", access the normal shares (not inclided in the below config), set acl's using Windows Server (i.e. share type = windows, owner = AD\administrator), and from the smbd log it tries to access the right directory as well: I've created even a new share, assigned "use as home share" - and the home directory for the user also being created, as soon as I try to access "\\FREENAS\userhomedir", but Windows client asks for credentials and the log below shows access denied.
Any help is appreciated!
* /var/log/samba4/log.smbd:
Code:
[2019/02/20 17:15:05.093461, 1] ../source3/smbd/service.c:357(create_connection_session_info) create_connection_session_info: user 'HOME\administrator' (from session setup) not permitted to access this share (administrator) [2019/02/20 17:15:05.093498, 1] ../source3/smbd/service.c:529(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
* /usr/local/etc/smb4.conf:
Code:
[global]
server min protocol = SMB2_02
server max protocol = SMB3
interfaces = 127.0.0.1 192.168.154.11
bind interfaces only = yes
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 116732
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
obey pam restrictions = yes
ntlm auth = no
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = yes
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
workgroup = HOME
realm = HOME.LOCAL
security = ADS
client use spnego = yes
local master = no
domain master = no
preferred master = no
ads dns update = yes
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = no
winbind refresh tickets = yes
idmap config HOME: backend = rid
idmap config HOME: range = 20000-90000000
allow trusted domains = yes
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /mnt/data/homes/%D/%U
netbios name = TROLL
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[homes]
valid users = %D\%U
path = "/mnt/data/homes/%D/%U"
comment = Home Directories
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = shadow_copy zfs_space zfsacl streams_xattr recycle
hide dot files = no
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcareBest regards,
Nitro
