The LAN setup is pretty simple:
All the PCs act similarly, including clean installs, which suggests it's likely to be server-side or else something that's wrongly configured in Windows "out of the box" for this scenario. But if it is, then what have I done to get it wrong, or why isn't it automatically working?
My smb config (from testparm):
log.nmbd contains stuff like this:
smbd log after restarting Samba, then waiting a while, then opening Explorer on the client, clicking "Network Places" and right clicking "refresh". 2 network PCs showed up, the server did not.
Note: I don't understand the errors "Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER" in smbd's log. They don't seem to prevent PC->Samba access to the server though. I've logged and reviewed on debug level and thrown Wireshark at them but no idea how they get to be there, or their significance. The client seems to connect regardless but these logs might suggest some kind of auth issue, perhaps related to "dummy connections" needed to see the shares initially, so they could be relevant. Or perhaps not - its a pure guess what they mean. smbd has always had a scattering of log entries showing null user/domain login failure and the null fields also show up in Wireshark so they do look genuine. I'm not sure if it's correct and supposed to be that way or if it's a sign of a problem though. It doesn't seem to imply an issue in connectivity or Windows config, and as I said, the PC connects to the shares fine without changing the login/PW. It seems that in some cases Windows is sending CIFS requests which Wireshark dissects and says include null fields for the domain/user. I have no idea if this is relevant or how it fits in (if at all).
I don't know where to debug/troubleshoot from here, could I have help please.
- Server: FreeNAS 11.0-U4 with CIFS active, also configured to act as a WINS server for the LAN. There's no AD/LADP, there is just one workgroup, called "WORKGROUP", the server has not been configured other than using the GUI, and not much else is running (SSH+CIFS, no VMs/jails/extensions).
- Clients: A mix of Windows 8.1 + 10 professional/enterprise PCs, on various solid high-quality hardwares. None known to have any issues or AV/firewall blocking issues, and enough different installs including clean installs for testing, that I'm pretty sure I've excluded most issues due to Windows reliability.
- Network: Simple LAN, everything in this cluster is linked into a single 10G switch, no weird firewalls or boundariues in the way, and IPv6 is disabled on all devices (IPv4 only for simplicity). Jumbo frames in use, all devices Jumbo configured (9k). The local DHCP server + local resolver are run by pfSense, which passes the WINS server IP and local domain name (mysite.overhere) to all devices that run a DHCP client. (The domain is blocked from external connection, in case someone else ever creates that as a TLD)
- Hardware: A mix of: (Chelsio 10G + Intel 1G + Netgear fully managed switch) for the LAN and NICs, (Supermicro+Xeon+ECC+Intel NVMe+ENterprise HDDs) for FreeNAS, and (Asus+G.Skill) for PCs. Most have been memtested for 24+ hrs recently to exclude memory issues. No real reason to suspect hardware, software, or networking errors, or anything except config issues.
- Client network setup: On the Windows machines, ipconfig/all shows that all devices are picking up correct info from DHCP, including their host name, the local domain name, and the server IP as the WINS server IP, so the server is picking up "freenas.mysite.overhere", my workstation is picking up "mypc.mysite.overhere", and all PCs can ping the server as "freenas", or as its FQDN or as an IP.
- Server access by name/IP: The server can be accessed reliably by IP or name (typing \\freenas or \\server-ip manually works fine from all machines). All machines have credentials set up (at this stage a simple username/pw that's been created on the server) and can successfully browse the server shares and files.
- Samba config: Samba on the server defines itself as a WINS server, and local browser master/preferred browser. Testparms works fine, and SMBD/NMBD both seem to be working correctly. Samba's config is below.
- Windows NET USE/NET VIEW/Services: In Windows cmd, NET USE works, and NET VIEW with a target (computer name, server name, IP) also works, but the bare command NET VIEW with no other args, consistently fails (on all machines!) with error 71 or 53 saying "too many connections" (nbtstat -s/-S say there aren't any connections). I've never figured why, or if this is related, or what has too many connections and online info on this error is confused. I get it with clean installs of Win 8.1 as well, so it's not a configuration issue I've later created. The usual services seem to be running in Windows, but I'm open to being told an explicit list of services to check, in case I missed some.
- Wireshark: I've tried Wireshark to identify if it's a server or PC side issue, but my limited knowledge of the protocol means I've gone as far as I can, to look for anything irregular in traffic (such as hints showing why Windows machines are showing in Network Places but not the server), but not had any luck in finding anything that definitively shows a difference, probably due to lack of expertise. It does seem to confirm that it's not a firewalling or routing issue.
All the PCs act similarly, including clean installs, which suggests it's likely to be server-side or else something that's wrongly configured in Windows "out of the box" for this scenario. But if it is, then what have I done to get it wrong, or why isn't it automatically working?
My smb config (from testparm):
Code:
[global] domain master = Yes lm announce = Yes os level = 200 preferred master = Yes nsupdate command = /usr/local/bin/samba-nsupdate -g logging = file max log size = 51200 reject md5 clients = Yes async smb echo handler = Yes kernel change notify = No panic action = /usr/local/libexec/samba/samba-backtrace pid directory = /var/run/samba disable spoolss = Yes load printers = No printcap name = /dev/null max mux = 500 name resolve order = wins host bcast server min protocol = SMB3_02 time server = Yes auth methods = sam map to guest = Bad User security = USER server role = standalone server username level = 5 deadtime = 30 hostname lookups = Yes keepalive = 45 max open files = 2826902 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072 reject md5 servers = Yes dns proxy = No wins support = Yes idmap config *: range = 90000001-100000000 idmap config * : backend = tdb path = /tmp case sensitive = Yes map archive = No store dos attributes = Yes strict locking = No directory name cache size = 0 dos filemode = Yes acl allow execute always = Yes map acl inherit = Yes admin users = ******** create mask = 0666 directory mask = 0777 hosts allow = ******** hosts deny = ******** write cache size = 524288 [test_share] path = "/mnt/********" hide dot files = No veto files = /.snapshot/.windows/.mac/.zfs/ invalid users = ******** read only = No vfs objects = zfs_space zfsacl streams_xattr aio_pthread winmsa aio_fork zfsacl:acesort = dontcare nfs4:chown = true nfs4:acedup = merge nfs4:mode = special recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U
log.nmbd contains stuff like this:
Code:
[2017/12/04 16:10:10.267432, 2] ../source3/nmbd/nmbd_browsesync.c:108(announce_local_master_browser_to_domain_master_browser) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup WORKGROUP. Do not announce to ourselves. [2017/12/04 16:10:10.267733, 2] ../source3/nmbd/nmbd_browsesync.c:155(sync_with_dmb) sync_with_dmb: Initiating sync with domain master browser FREENAS<20> at IP 192.168.0.2 for workgroup WORKGROUP [2017/12/04 16:16:14.979474, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.0.2 [2017/12/04 16:16:14.979667, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.0.2 [2017/12/04 16:16:14.979734, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.0.2 [2017/12/04 16:16:14.979789, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.0.2 [2017/12/04 16:16:14.979843, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.0.2 [2017/12/04 16:16:14.979897, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout) wins_registration_timeout: WINS server 127.0.0.1 timed out registering IP 192.168.0.2 [2017/12/04 16:25:14.807945, 2] ../source3/nmbd/nmbd_browsesync.c:108(announce_local_master_browser_to_domain_master_browser) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup WORKGROUP. Do not announce to ourselves. [2017/12/04 16:25:14.808342, 2] ../source3/nmbd/nmbd_browsesync.c:155(sync_with_dmb) sync_with_dmb: Initiating sync with domain master browser FREENAS<20> at IP 192.168.0.2 for workgroup WORKGROUP [2017/12/04 16:36:40.106935, 2] ../source3/nmbd/nmbd_nameregister.c:193(wins_registration_timeout)
smbd log after restarting Samba, then waiting a while, then opening Explorer on the client, clicking "Network Places" and right clicking "refresh". 2 network PCs showed up, the server did not.
Code:
[2017/12/04 16:57:25.479578, 2] ../source3/param/loadparm.c:2771(lp_do_section) Processing section "[********]" [2017/12/04 16:57:25.480230, 2] ../source3/lib/interface.c:345(add_interface) added interface cxgbe1 ip=192.168.0.2 bcast=192.168.255.255 netmask=255.255.0.0 [2017/12/04 16:57:25.480308, 1] ../source3/profile/profile_dummy.c:30(set_profile_level) INFO: Profiling support unavailable in this build. [2017/12/04 16:57:25.481289, 2] ../source3/passdb/pdb_interface.c:161(make_pdb_method_name) No builtin backend found, trying to load plugin [2017/12/04 16:57:25.481558, 2] ../lib/util/modules.c:196(do_smb_load_module) Module 'tdbsam' loaded [2017/12/04 16:57:25.489496, 1] ../source3/smbd/files.c:218(file_init_global) file_init_global: Information only: requested 2826902 open files, 59392 are available. [2017/12/04 16:57:25.491481, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connections [2017/12/04 16:57:25.491533, 2] ../lib/util/util_net.c:1128(set_socket_options) Failed to set socket option IPTOS_LOWDELAY (Error Invalid argument) [2017/12/04 16:57:25.491659, 2] ../source3/smbd/server.c:1388(smbd_parent_loop) waiting for connections [2017/12/04 16:58:34.438619, 2] ../source3/param/loadparm.c:2771(lp_do_section) Processing section "[********]" [2017/12/04 16:58:34.440346, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2017/12/04 16:58:34.474367, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:34.474465, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:34.483384, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:34.483491, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:34.494079, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:34.494177, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:34.520315, 2] ../source3/param/loadparm.c:2771(lp_do_section) Processing section "[********]" [2017/12/04 16:58:34.522036, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2017/12/04 16:58:34.530677, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:34.530775, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:34.539737, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:34.539838, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:52.028341, 2] ../source3/param/loadparm.c:2771(lp_do_section) Processing section "[********]" [2017/12/04 16:58:52.028954, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2017/12/04 16:58:52.034196, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:52.034243, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:52.039978, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:52.040030, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:52.045701, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:52.045750, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:52.055111, 2] ../source3/param/loadparm.c:2771(lp_do_section) Processing section "[********]" [2017/12/04 16:58:52.055713, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER [2017/12/04 16:58:52.060563, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:52.060608, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 16:58:52.065916, 2] ../source3/smbd/reply.c:705(reply_special) netbios connect: name1=FREENAS 0x20 name2=TESTPC 0x0 [2017/12/04 16:58:52.065958, 2] ../source3/smbd/reply.c:746(reply_special) netbios connect: local=freenas remote=testpc, name type = 0 [2017/12/04 17:01:10.495957, 2] ../source3/param/loadparm.c:2771(lp_do_section) Processing section "[********]" [2017/12/04 17:01:10.497029, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password) check_ntlm_password: authentication for user [testadmin] -> [testadmin] -> [testadmin] succeeded [2017/12/04 17:01:10.504649, 2] ../source3/smbd/uid.c:270(check_user_ok) check_user_ok: user testadmin is an admin user. Setting uid as 0 [2017/12/04 17:01:10.572928, 1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record! [2017/12/04 17:01:10.572953, 1] ../source3/smbd/server_reload.c:69(delete_and_reload_printers) pcap cache not loaded
Note: I don't understand the errors "Authentication for user [] -> [] FAILED with error NT_STATUS_NO_SUCH_USER" in smbd's log. They don't seem to prevent PC->Samba access to the server though. I've logged and reviewed on debug level and thrown Wireshark at them but no idea how they get to be there, or their significance. The client seems to connect regardless but these logs might suggest some kind of auth issue, perhaps related to "dummy connections" needed to see the shares initially, so they could be relevant. Or perhaps not - its a pure guess what they mean. smbd has always had a scattering of log entries showing null user/domain login failure and the null fields also show up in Wireshark so they do look genuine. I'm not sure if it's correct and supposed to be that way or if it's a sign of a problem though. It doesn't seem to imply an issue in connectivity or Windows config, and as I said, the PC connects to the shares fine without changing the login/PW. It seems that in some cases Windows is sending CIFS requests which Wireshark dissects and says include null fields for the domain/user. I have no idea if this is relevant or how it fits in (if at all).
I don't know where to debug/troubleshoot from here, could I have help please.
Last edited: