No access SMB share after update to FreeNas 11 from 9.10.2

[Borja]

Hello. I have updated my freenas machine to FreeNas 11 mainly because the new VM support. But after updating im unable to access SMB share. My domain controller is an old W2k3 server and i think this could be the reason. I tried adding ntlm auth = true aux parameter to SMB service but didnt work.
I can see the smb share but i get bad user or password for any user i tried. I tried from different machines and rebooting but nothing worked. Its an authentication problem but i dont know how to resolve it.

Thanks

 

[Borja]

this are some messages from log:

- Bind NACK received from host server.domain.local!
- cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED

 

[Borja]

Could be a problem if i boot in 9.10.2 intead of 11 now?

 

[anodos]

Could be a problem if i boot in 9.10.2 intead of 11 now?

Shouldn't be a problem, but can you post the contents of following first:

Code:

/usr/local/etc/smb4.conf
/var/log/samba4/log.smbd
/var/log/messages

 

[Borja]

Shouldn't be a problem, but can you post the contents of following first:

Code:

/usr/local/etc/smb4.conf
/var/log/samba4/log.smbd
/var/log/messages

root@NAS2:~ # cat /usr/local/etc/smb4.conf
[global]
server min protocol = NT1
server max protocol = SMB2
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 469595
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
ntlm auth = yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = yes
domain logons = no
local master = yes
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = standalone
netbios name = NAS2
workgroup = WORKGROUP
security = user
pid directory = /var/run/samba
create mask = 0666
directory mask = 0777
client ntlmv2 auth = no
dos charset = CP437
unix charset = UTF-8
log level = 2


[BBD]
path = "/mnt/BBD1Z2"
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
vfs objects = zfs_space zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare


/var/log/samba4/log.smbd:

create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2017/09/12 08:18:22.703352, 2] ../source3/smbd/sesssetup.c:563(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2017/09/12 08:18:22.704054, 2] ../source3/smbd/sesssetup.c:563(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2017/09/12 08:18:22.704821, 2] ../source3/param/loadparm.c:2771(lp_do_section)
Processing section "[BBD]"
[2017/09/12 08:18:22.705058, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [dinosaurio] -> [dinosaurio] FAILED with error NT_STATUS_NO_SUCH_USER
[2017/09/12 08:18:22.705523, 2] ../source3/smbd/service.c:319(create_connection_session_info)
guest user (from session setup) not permitted to access this share (BBD)
[2017/09/12 08:18:22.705545, 1] ../source3/smbd/service.c:502(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

In /var/log/messages there are only arp messages.

Thanks

 

[Borja]

Could be because workgroup is workgroup and should be domain name?

 

[Borja]

Problem is active directory service is not working.

[Middleware:exception:36][Middleware b'active directory start timed out after seconds] I tried to connect again and same error.

 

[Borja]

So i couldnt join the domain i followed the command on the guide. It fails in service ix-pam start with this error.
I read its a bug on 9.10.2 but im on freenas 11.0 U3
Please help!

root@NAS2:~ # service ix-pam start
Traceback (most recent call last):
File "/usr/local/bin/midclt", line 10, in <module>
sys.exit(main())
File "/usr/local/lib/python3.6/site-packages/middlewared/client/client.py", line 325, in main
with Client(uri=args.uri) as c:
File "/usr/local/lib/python3.6/site-packages/middlewared/client/client.py", line 117, in __init__
raise ClientException('Failed connection handshake')
middlewared.client.client.ClientException: Failed connection handshake

 

[Borja]

I created a bug report https://bugs.freenas.org/issues/25847

 

[Borja]

I had to reboot in 9.10.2 U2 environment to restore access, i read about this bug present on this version and fixed on 11 RC but in my case is upside down