Lost access to SMB share "Permission Denied"

[Cascadoo]

Hi, I am relatively new to Freenas (11.3) and currently having some difficulties accessing a windows share. Initially I had setup a SMB share and was able to connect to it via my Ubuntu client. Also successfully tested connection from a windows 7 machine. After copying my data across to the share I decided to create individual user accounts under one group that had access to the SMB share.....and that's when all my difficulties began.

Current dataset in question is "Mediaset":

ACL for SMB share in question:

*mediashare group was created with one user that has access to the mediashare group as an auxillary group.

I have since striped the ACL of the share/mediaset, deleted the original share and created a new share checking the "apply permissions recursively" checkbox.

Permission of the share folder matches the ACL:

When trying to access the share from Ubuntu or windows I am prompted for credentials which I then enter with the user account that was created under the mediashare group. I am then able to see the mediashare folder but cannot access anything inside of it. When trying to access the mediashare folder I get a permission denied error on both Ubuntu and Windows.

Initially when I first had access I had an individual user that I gave full control via the ACL. I tried recreating this with no success. I also tried creating a new dataset and share but still no luck accessing it. I have been going through the user guide and video tutorials but I can't see any stepped I have missed. Maybe it's something very simple that I am missing?

 

[Basil Hendroff]

Flags = Inherit

 

[Cascadoo]

Flags = Inherit

I set the flags to inherit on the ACL but unfortunately, still no access. I see the ACL mode of the dataset is "restricted", should this be pass-through? I don't recall messing with the dataset settings though.

 

[Basil Hendroff]

Did you then apply permissions recursively?

 

[Cascadoo]

Did you then apply permissions recursively?

Yes, both recursively and to child datasets.

 

[Basil Hendroff]

Can you provide a screenshot of the Windows 7 ACL for the share (Right-click share > Properties > Security > Advanced)?

 

[Cascadoo]

I don't have access to the windows 7 PC at the moment but testing windows connection via a win10 VM:

 

[Basil Hendroff]

Is the user you are logging into the Win 7 PC as in the group mediashare? If not, include yourself in it, log out and log back in on the PC and redo the screenshot, just for the Permissions tab.

 

[Cascadoo]

Is the user you are logging into the Win 7 PC as in the group mediashare? If not, place yourself in it, log out and log back in on the PC and redo the screenshot, just for the Permissions tab.

The win10 user has the same name but different password, just changed the password to match the share account. Logged out and back in but the permissions tab is the same as before. This is on the win10 VM, did not try on the win7 PC as yet.

 

[Basil Hendroff]

This is on the win10 VM, did not try on the win7 PC as yet

win7 PC, please. With win8+, Microsoft moved from using local accounts to the Microsoft account. This caused additional samba authentication problems for FreeNAS, which were subsequently resolved, but that's a problem for another day.

 

[Cascadoo]

Still don't have access to the physical Win7 PC, however I fired up a win7 VM with the same user and credentials as the share:
* The user on the win10vm was created as local too.

Tested accessing the files via the shell logged in as the user (marlon) which is a member of mediashare group. I have access to all the files and directories under the Mediaset folder as the marlon user.

I tried creating another share to one of the files under the mediashare as a test but still getting permission denied both on ubuntu and windows.

 

[Basil Hendroff]

What changes if you make marlon instead of root the owner of the dataset?

 

[Cascadoo]

What changes if you make marlon instead of root the owner of the dataset?

I had tried that before but attempted it again with current ACL but still no difference. I then reverted the owner to root and added the marlon user to the ACL with full control, applied recursively to child datasets, reset the SMB service on freenas but still no luck.

 

[Basil Hendroff]

That is unexpected. Is there anything in the Windows Credential Manager that is preventing you from accessing the share?

 

[Basil Hendroff]

I had tried that before but attempted it again with current ACL but still no difference. I then reverted the owner to root and added the marlon user to the ACL with full control, applied recursively to child datasets, reset the SMB service on freenas but still no luck.

Did you remember to log out of Windows and log back in before trying to access the share?

 

[Cascadoo]

Did you remember to log out of Windows and log back in before trying to access the share?

Yes, I did a reboot as well.

I just removed the marlon user from the ACL and reverted to marlon as the owner just to double check that it took effect which it did:

*Was having some difficulties to copy all of the text from the shell.

I am trying to recall what I did initially when the share worked on both Ubuntu and Windows. I believe the user I created had the home directory set to the mediashare directory and then afterwards I had removed the user from freenas. I then created a group instead with the user being part of the group and of course having the group on the ACL. I do recall manually deleting the previous user home directory from the mediashare folder as it was not removed after deleting it on Freenas. Not sure if this had any effect but just tyring to retrace my steps to when it worked.

 

[Basil Hendroff]

Anything that shouldn't be there in the Windows Credential Manager?

Have you tried mapping the share using different credentials?

 

[Cascadoo]

Anything that shouldn't be there in the Windows Credential Manager?

Have you tried mapping the share using different credentials?

Yep, tried that as well. Credential manager was bare, I just added an entry to test:

Under the advanced security settings I can see the Freenas marlon user but unable to add it:

 

[Basil Hendroff]

...and what does the Permissions tab show?

 

[Cascadoo]

same as before "You do not have permissions to view or edit this object's permission settings"