Macs have full access to my SMB partitions

[danquixote]

On testing FreeNAS 8, I set up permissions on my volume/dataset to use my user and unique group. When I connect via SMB (with only the CFIS service on), from my Windows machine it asks for proper authentication, and when I connect it gives me proper permissions.

However, when I connect from a Mac (on 10.7, using SMB) it doesn't even ask for authentication, and connects automatically. Plus, it then gives me full read/write control on the Mac, which is definitely troubling.

Anyone know what may be wrong?

Here are my permission settings settings:

 

[pauldonovan]

However, when I connect from a Mac (on 10.7, using SMB) it doesn't even ask for authentication, and connects automatically. Plus, it then gives me full read/write control on the Mac, which is definitely troubling.

Anyone know what may be wrong?

A bug in an unreleased OS that significantly re-wrote its SMB support? :p

 

[danquixote]

A bug in an unreleased OS that significantly re-wrote its SMB support? :p

So this is an issue with Macs and not FreeNAS? It seems a pretty huge bug when it gives complete w/r access to my share.

 

[matthewowen01]

That's not an apple bug. the permissions should be enforced by the host, not the client.

Do you use the same username and password on your mac as your FreeNAS box? maybe it's cached on your mac and being supplied automagicaly.

 

[danquixote]

That's not an apple bug. the permissions should be enforced by the host, not the client.

Do you use the same username and password on your mac as your FreeNAS box? maybe it's cached on your mac and being supplied automagicaly.

Nope, I made sure the keychain was zeroed out, and I've only ever connected to my other Win2003 box from my Mac using a read only account/share.

 

[matthewowen01]

can we see your smb config on that share and in general.

 

[danquixote]

Here is my CIFS config and share config.

The only service I have online is CIFS.

 

[matthewowen01]

can we get bigger pictures, those are a strain to read.

Can you post the contents of /etc/local/smb.conf and the output of the command 'groups www'

 

[danquixote]

smb.conf:

[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = www
map to guest = Bad Password
netbios name = Dan-NAS
workgroup = Dan
server string = Dan's FreeNAS
use sendfile = yes
large readwrite = no
store dos attributes = yes
local master = yes
time server = yes
security = user
create mask = 0666
create mask = 0666
directory mask = 0777
dos charset = CP437
unix charset = UTF-8
log level = 1


[Archive]
path = /mnt/volume1/Archive
printable = no
veto files = /.snap/
comment = Archive share
writeable = yes
browseable = no
inherit permissions = no
vfs objects = recycle
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700


"groups www"
www

 

[danquixote]

Sorry for the smaller photos before. When attaching them via using the attachment system here seemed to resize them.

 

[danquixote]

 

[matthewowen01]

shot in the dark, can give the output of

ls -l /mnt/
ls -l /mnt/volume1

 

[danquixote]

Thanks for baring with me here, however I think I solved the problem.

In Mac 10.7, they apparently changed a default desktop preference to not have servers/connected drives show up on the desktop-- they are hidden. So apparently the Mac had been trying to keep the network connection alive from a previous incarnation of when I tested out WHS2011 on the NAS, before being frustrated with DE replacements and switching to trying out freeNAS.

However, I had zeroed out the credentials for that old thing from the keychain, but somehow it was trying to keep the credentials saved somewhere since I thought the network drive was disconnected when really Mac OS had it still connected (just hidden on the desktop).

Or something. It seems to work now, with asking for the proper authentication now that I tried it from another Mac. I'm going to nuke the keychain on the previous mac-- but I think turning on the 'show network drives on desktop' and then making sure the drive manually disconnects will do the trick.

Thanks guys!