Problems when writing from Mac to SMB share, ACL questions

[Patrick M. Hausen]

@anodos, do you have an ETA when your changes will be done and ready for testing?
In the meantime I tried the workaround but only removing the freebsd_aio vfs object seems not to be enough. Does one need both, this and strict locking = no for shares to work?

Second it seems that whenever I set auxiliary parameters the next time I invoke the UI on the share in question, that section is empty again. They seem to make it into smb4_shares.conf but they are definitely not preserved in the UI.

And last, what's the recommended configuration today if one wants to deal with all this ACL stuff as little as possible? In the good old days I simply used permit group and force user and force group for all my shares, specifically at work, because I feel like "whoever authenticates to a share should have full access". And on the target system the files should just be plain "unixy" as much as possible, because that causes the least trouble.
What's the state of the art today? I never access the shares from Windows, it is only Macs here and as I wrote I would really prefer to not worry about that ACL stuff at all ...

Thanks!
Patrick

 

[anodos]

@anodos, do you have an ETA when your changes will be done and ready for testing?
In the meantime I tried the workaround but only removing the freebsd_aio vfs object seems not to be enough. Does one need both, this and strict locking = no for shares to work?

Second it seems that whenever I set auxiliary parameters the next time I invoke the UI on the share in question, that section is empty again. They seem to make it into smb4_shares.conf but they are definitely not preserved in the UI.

And last, what's the recommended configuration today if one wants to deal with all this ACL stuff as little as possible? In the good old days I simply used permit group and force user and force group for all my shares, specifically at work, because I feel like "whoever authenticates to a share should have full access". And on the target system the files should just be plain "unixy" as much as possible, because that causes the least trouble.
What's the state of the art today? I never access the shares from Windows, it is only Macs here and as I wrote I would really prefer to not worry about that ACL stuff at all ...

Thanks!
Patrick

I merged in some changes yesterday. Seems like my Mac is working fine. Unfortunately, some other aspect of build is broken so you'll probably have to wait until Monday or Tuesday.

 

[anodos]

Tomorrow morning I'll tweak our samba port so that it's better behaved when running in a jail, and you can test the fix independently if there are still build issues.

 

[Patrick M. Hausen]

This is the situation with the last nightly (Monday evening):

Copying a file to the SMB share takes "forever" even for a small (1.7 M) file end results in an error message.
The file is copied nonetheless, it seems.
The file cannot be deleted because "the object is in use".

Mac OS version is Mojave, no authentication, all guest access at home.

Ejecting the mounted volume takes multiple attempts and "forever", too, but eventually works.



testparm -v output:

Code:

# Global parameters
[global]
    abort shutdown script =
    add group script =
    additional dns hostnames =
    add machine script =
    addport command =
    addprinter command =
    add share command =
    add user script =
    add user to group script =
    ads dns update = Yes
    afs token lifetime = 604800
    afs username map =
    aio max threads = 2
    algorithmic rid base = 1000
    allow dataset creation = Yes
    allow dcerpc auth level connect = No
    allow dns updates = secure only
    allow insecure wide links = No
    allow nt4 crypto = No
    allow trusted domains = Yes
    allow unsafe cluster upgrade = No
    apply group policies = No
    async smb echo handler = No
    auth event notification = No
    auto services =
    binddns dir = /var/run/samba4/bind-dns
    bind interfaces only = Yes
    browse list = Yes
    cache directory = /var/run/samba4
    change notify = Yes
    change share command =
    check password script =
    cldap port = 389
    client ipc max protocol = default
    client ipc min protocol = default
    client ipc signing = default
    client lanman auth = No
    client ldap sasl wrapping = sign
    client max protocol = default
    client min protocol = SMB2_02
    client NTLMv2 auth = Yes
    client plaintext auth = No
    client schannel = Yes
    client signing = default
    client use spnego principal = No
    client use spnego = Yes
    cluster addresses =
    clustering = No
    config backend = file
    config file =
    create krb5 conf = Yes
    ctdbd socket =
    ctdb locktime warn threshold = 0
    ctdb timeout = 0
    cups connection timeout = 30
    cups encrypt = No
    cups server =
    dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
    deadtime = 10080
    debug class = No
    debug encryption = No
    debug hires timestamp = Yes
    debug pid = No
    debug prefix timestamp = No
    debug uid = No
    dedicated keytab file =
    default service =
    defer sharing violations = Yes
    delete group script =
    deleteprinter command =
    delete share command =
    delete user from group script =
    delete user script =
    dgram port = 138
    disable netbios = No
    disable spoolss = Yes
    dns forwarder =
    dns proxy = No
    dns update command = /usr/local/sbin/samba_dnsupdate
    dns zone scavenging = No
    domain logons = No
    domain master = Auto
    dos charset = CP850
    dsdb event notification = No
    dsdb group change notification = No
    dsdb password event notification = No
    enable asu support = No
    enable core files = Yes
    enable privileges = Yes
    enable web service discovery = Yes
    encrypt passwords = Yes
    enhanced browsing = Yes
    enumports command =
    eventlog list =
    get quota command =
    getwd cache = Yes
    gpo update command = /usr/local/sbin/samba-gpupdate
    guest account = nobody
    homedir map = auto.home
    host msdfs = Yes
    hostname lookups = No
    idmap backend = tdb
    idmap cache time = 604800
    idmap gid =
    idmap negative cache time = 120
    idmap uid =
    include system krb5 conf = Yes
    init logon delay = 100
    init logon delayed hosts =
    interfaces =
    iprint server =
    keepalive = 300
    kerberos encryption types = all
    kerberos method = default
    kernel change notify = No
    kpasswd port = 464
    krb5 port = 88
    lanman auth = No
    large readwrite = Yes
    ldap admin dn =
    ldap connection timeout = 2
    ldap debug level = 0
    ldap debug threshold = 10
    ldap delete dn = No
    ldap deref = auto
    ldap follow referral = Auto
    ldap group suffix =
    ldap idmap suffix =
    ldap machine suffix =
    ldap page size = 1000
    ldap passwd sync = no
    ldap replication sleep = 1000
    ldap server require strong auth = Yes
    ldap ssl = start tls
    ldap ssl ads = No
    ldap suffix =
    ldap timeout = 15
    ldap user suffix =
    lm announce = Auto
    lm interval = 60
    load printers = No
    local master = Yes
    lock directory = /var/run/samba4
    lock spin time = 200
    log file =
    logging = file
    log level = 1
    log nt token command =
    logon drive =
    logon home = \\%N\%U
    logon path = \\%N\%U\profile
    logon script =
    log writeable files on exit = No
    lpq cache time = 30
    lsa over netlogon = No
    machine password timeout = 604800
    mangle prefix = 1
    mangling method = hash2
    map to guest = Bad User
    max disk size = 0
    max log size = 51200
    max mux = 50
    max open files = 1883097
    max smbd processes = 0
    max stat cache size = 512
    max ttl = 259200
    max wins ttl = 518400
    max xmit = 16644
    mdns name = netbios
    message command =
    min receivefile size = 0
    min wins ttl = 21600
    mit kdc command =
    multicast dns register = Yes
    name cache timeout = 660
    name resolve order = lmhosts wins host bcast
    nbt client socket address = 0.0.0.0
    nbt port = 137
    ncalrpc dir = /var/run/samba4/ncalrpc
    netbios aliases =
    netbios name = FREENAS-PMH
    netbios scope =
    neutralize nt4 emulation = No
    NIS homedir = No
    nmbd bind explicit broadcast = Yes
    nsupdate command = /usr/local/bin/samba-nsupdate -g
    ntlm auth = ntlmv2-only
    nt pipe support = Yes
    ntp signd socket directory = /var/run/samba4/ntp_signd
    nt status support = Yes
    null passwords = No
    obey pam restrictions = No
    old password allowed period = 60
    oplock break wait time = 0
    os2 driver map =
    os level = 20
    pam password change = No
    panic action =
    passdb backend = tdbsam
    passdb expand explicit = No
    passwd chat = *new*password* %n\n *new*password* %n\n *changed*
    passwd chat debug = No
    passwd chat timeout = 2
    passwd program =
    password hash gpg key ids =
    password hash userPassword schemes =
    password server = *
    perfcount module =
    pid directory = /var/run/samba4
    preferred master = Auto
    prefork backoff increment = 10
    prefork children = 4
    prefork maximum backoff = 120
    preload modules =
    printcap cache time = 750
    printcap name =
    private dir = /var/db/system/samba4/private
    raw NTLMv2 auth = No
    read raw = Yes
    realm =
    registry shares = Yes
    reject md5 clients = No
    reject md5 servers = No
    remote announce =
    remote browse sync =
    rename user script =
    require strong key = Yes
    reset on zero vc = No
    restrict anonymous = 0
    root directory =
    rpc big endian = No
    rpc server dynamic port range = 49152-65535
    rpc server port = 0
    samba kcc command = /usr/local/sbin/samba_kcc
    security = AUTO
    server max protocol = SMB3
    server min protocol = SMB2_02
    server multi channel support = No
    server role = standalone server
    server schannel = Yes
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
    server signing = default
    server string = FreeNAS Server
    set primary group script =
    set quota command =
    share backend = classic
    show add printer wizard = Yes
    shutdown script =
    smb2 leases = Yes
    smb2 max credits = 8192
    smb2 max read = 8388608
    smb2 max trans = 8388608
    smb2 max write = 8388608
    smbd profiling level = off
    smb passwd file = /var/db/system/samba4/private/smbpasswd
    smb ports = 445 139
    socket options = TCP_NODELAY
    spn update command = /usr/local/sbin/samba_spnupdate
    stat cache = Yes
    state directory = /var/db/system/samba4
    svcctl list =
    syslog = 1
    syslog only = No
    template homedir = /home/%D/%U
    template shell = /bin/false
    time server = No
    timestamp logs = Yes
    tls cafile = tls/ca.pem
    tls certfile = tls/cert.pem
    tls crlfile =
    tls dh params file =
    tls enabled = Yes
    tls keyfile = tls/key.pem
    tls priority = NORMAL:-VERS-SSL3.0
    tls verify peer = as_strict_as_possible
    truenas passive controller = No
    unicode = Yes
    unix charset = UTF-8
    unix extensions = No
    unix password sync = No
    use mmap = Yes
    username level = 0
    username map =
    username map cache time = 0
    username map script =
    usershare allow guests = No
    usershare max shares = 0
    usershare owner only = Yes
    usershare path = /var/db/system/samba4/usershares
    usershare prefix allow list =
    usershare prefix deny list =
    usershare template share =
    utmp = No
    utmp directory =
    winbind cache time = 300
    winbindd socket directory = /var/run/samba4/winbindd
    winbind enum groups = No
    winbind enum users = No
    winbind expand groups = 0
    winbind max clients = 200
    winbind max domain connections = 1
    winbind nested groups = Yes
    winbind netbios alias spn = Yes
    winbind normalize names = No
    winbind nss info = template
    winbind offline logon = No
    winbind reconnect delay = 30
    winbind refresh tickets = No
    winbind request timeout = 60
    winbind rpc only = No
    winbind scan trusted domains = Yes
    winbind sealed pipes = Yes
    winbind separator = \
    winbind status fifo = No
    winbind use default domain = No
    winbind use krb5 enterprise principals = No
    wins hook =
    wins proxy = No
    wins server =
    wins support = No
    workgroup = WORKGROUP
    write raw = Yes
    wtmp directory =
    zeroconf name =
    idmap config *: range = 90000001-100000000
    fruit:nfs_aces = No
    idmap config * : backend = tdb
    access based share enum = No
    acl allow execute always = No
    acl check permissions = Yes
    acl group control = No
    acl map full control = Yes
    administrative share = No
    admin users =
    afs share = No
    aio read size = 1
    aio write behind =
    aio write size = 1
    allocation roundup size = 0
    available = Yes
    blocking locks = Yes
    block size = 1024
    browseable = Yes
    case sensitive = Auto
    check parent directory delete on close = No
    comment =
    copy =
    create mask = 0744
    csc policy = manual
    cups options =
    default case = lower
    default devmode = Yes
    delete readonly = No
    delete veto files = No
    dfree cache time = 0
    dfree command =
    directory mask = 0755
    directory name cache size = 0
    dmapi support = No
    dont descend =
    dos filemode = Yes
    dos filetime resolution = No
    dos filetimes = Yes
    durable handles = Yes
    ea support = Yes
    fake directory create times = No
    fake oplocks = No
    follow symlinks = Yes
    force create mode = 0000
    force directory mode = 0000
    force group =
    force printername = No
    force unknown acl user = No
    force user =
    fstype = NTFS
    guest ok = No
    guest only = No
    hide dot files = Yes
    hide files =
    hide new files timeout = 0
    hide special files = No
    hide unreadable = No
    hide unwriteable files = No
    hosts allow =
    hosts deny =
    include =
    inherit acls = No
    inherit owner = no
    inherit permissions = No
    invalid users =
    kernel oplocks = No
    kernel share modes = Yes
    level2 oplocks = Yes
    locking = Yes
    lppause command =
    lpq command = lpq -P'%p'
    lpresume command =
    lprm command = lprm -P'%p' %j
    magic output =
    magic script =
    mangled names = illegal
    mangling char = ~
    map acl inherit = No
    map archive = Yes
    map hidden = No
    map readonly = no
    map system = No
    max connections = 0
    max print jobs = 1000
    max reported print jobs = 0
    min print space = 0
    msdfs proxy =
    msdfs root = No
    msdfs shuffle referrals = No
    nt acl support = Yes
    ntvfs handler = unixuid, default
    oplocks = Yes
    path =
    posix locking = Yes
    postexec =
    preexec =
    preexec close = No
    preserve case = Yes
    printable = No
    print command = lpr -r -P'%p' %s
    printer name =
    printing = bsd
    printjob username = %U
    print notify backchannel = No
    queuepause command =
    queueresume command =
    read list =
    read only = Yes
    root postexec =
    root preexec =
    root preexec close = No
    short preserve case = Yes
    smbd async dosmode = No
    smbd getinfo ask sharemode = Yes
    smbd max async dosmode = 0
    smbd search ask sharemode = Yes
    smb encrypt = default
    spotlight = No
    spotlight backend = noindex
    store dos attributes = Yes
    strict allocate = No
    strict locking = Auto
    strict rename = No
    strict sync = Yes
    sync always = No
    use client driver = No
    use sendfile = No
    valid users =
    veto files =
    veto oplock files =
    vfs objects =
    volume =
    wide links = No
    write list =


[Medien]
    ea support = No
    guest ok = Yes
    level2 oplocks = No
    oplocks = No
    path = /mnt/hdd/share/medien
    read only = No
    strict locking = Yes
    vfs objects = fruit ixnas
    fruit:resource = stream
    fruit:metadata = stream
    nfs4:chown = true


[Backup]
    ea support = No
    guest ok = Yes
    kernel share modes = No
    path = /mnt/hdd/share/backup
    posix locking = No
    read only = No
    vfs objects = aio_fbsd fruit streams_xattr ixnas
    fruit:resource = stream
    fruit:metadata = stream
    fruit:time machine = yes
    nfs4:chown = true


[Archiv]
    ea support = No
    guest ok = Yes
    kernel share modes = No
    path = /mnt/hdd/share/archiv
    posix locking = No
    read only = No
    vfs objects = aio_fbsd fruit streams_xattr ixnas
    fruit:resource = stream
    fruit:metadata = stream
    nfs4:chown = true

 

[anodos]

This is the situation with the last nightly (Monday evening):

Copying a file to the SMB share takes "forever" even for a small (1.7 M) file end results in an error message.
The file is copied nonetheless, it seems.
The file cannot be deleted because "the object is in use".

Mac OS version is Mojave, no authentication, all guest access at home.

Ejecting the mounted volume takes multiple attempts and "forever", too, but eventually works.

View attachment 39357 View attachment 39358

testparm -v output:

Code:

# Global parameters
[global]
    abort shutdown script =
    add group script =
    additional dns hostnames =
    add machine script =
    addport command =
    addprinter command =
    add share command =
    add user script =
    add user to group script =
    ads dns update = Yes
    afs token lifetime = 604800
    afs username map =
    aio max threads = 2
    algorithmic rid base = 1000
    allow dataset creation = Yes
    allow dcerpc auth level connect = No
    allow dns updates = secure only
    allow insecure wide links = No
    allow nt4 crypto = No
    allow trusted domains = Yes
    allow unsafe cluster upgrade = No
    apply group policies = No
    async smb echo handler = No
    auth event notification = No
    auto services =
    binddns dir = /var/run/samba4/bind-dns
    bind interfaces only = Yes
    browse list = Yes
    cache directory = /var/run/samba4
    change notify = Yes
    change share command =
    check password script =
    cldap port = 389
    client ipc max protocol = default
    client ipc min protocol = default
    client ipc signing = default
    client lanman auth = No
    client ldap sasl wrapping = sign
    client max protocol = default
    client min protocol = SMB2_02
    client NTLMv2 auth = Yes
    client plaintext auth = No
    client schannel = Yes
    client signing = default
    client use spnego principal = No
    client use spnego = Yes
    cluster addresses =
    clustering = No
    config backend = file
    config file =
    create krb5 conf = Yes
    ctdbd socket =
    ctdb locktime warn threshold = 0
    ctdb timeout = 0
    cups connection timeout = 30
    cups encrypt = No
    cups server =
    dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
    deadtime = 10080
    debug class = No
    debug encryption = No
    debug hires timestamp = Yes
    debug pid = No
    debug prefix timestamp = No
    debug uid = No
    dedicated keytab file =
    default service =
    defer sharing violations = Yes
    delete group script =
    deleteprinter command =
    delete share command =
    delete user from group script =
    delete user script =
    dgram port = 138
    disable netbios = No
    disable spoolss = Yes
    dns forwarder =
    dns proxy = No
    dns update command = /usr/local/sbin/samba_dnsupdate
    dns zone scavenging = No
    domain logons = No
    domain master = Auto
    dos charset = CP850
    dsdb event notification = No
    dsdb group change notification = No
    dsdb password event notification = No
    enable asu support = No
    enable core files = Yes
    enable privileges = Yes
    enable web service discovery = Yes
    encrypt passwords = Yes
    enhanced browsing = Yes
    enumports command =
    eventlog list =
    get quota command =
    getwd cache = Yes
    gpo update command = /usr/local/sbin/samba-gpupdate
    guest account = nobody
    homedir map = auto.home
    host msdfs = Yes
    hostname lookups = No
    idmap backend = tdb
    idmap cache time = 604800
    idmap gid =
    idmap negative cache time = 120
    idmap uid =
    include system krb5 conf = Yes
    init logon delay = 100
    init logon delayed hosts =
    interfaces =
    iprint server =
    keepalive = 300
    kerberos encryption types = all
    kerberos method = default
    kernel change notify = No
    kpasswd port = 464
    krb5 port = 88
    lanman auth = No
    large readwrite = Yes
    ldap admin dn =
    ldap connection timeout = 2
    ldap debug level = 0
    ldap debug threshold = 10
    ldap delete dn = No
    ldap deref = auto
    ldap follow referral = Auto
    ldap group suffix =
    ldap idmap suffix =
    ldap machine suffix =
    ldap page size = 1000
    ldap passwd sync = no
    ldap replication sleep = 1000
    ldap server require strong auth = Yes
    ldap ssl = start tls
    ldap ssl ads = No
    ldap suffix =
    ldap timeout = 15
    ldap user suffix =
    lm announce = Auto
    lm interval = 60
    load printers = No
    local master = Yes
    lock directory = /var/run/samba4
    lock spin time = 200
    log file =
    logging = file
    log level = 1
    log nt token command =
    logon drive =
    logon home = \\%N\%U
    logon path = \\%N\%U\profile
    logon script =
    log writeable files on exit = No
    lpq cache time = 30
    lsa over netlogon = No
    machine password timeout = 604800
    mangle prefix = 1
    mangling method = hash2
    map to guest = Bad User
    max disk size = 0
    max log size = 51200
    max mux = 50
    max open files = 1883097
    max smbd processes = 0
    max stat cache size = 512
    max ttl = 259200
    max wins ttl = 518400
    max xmit = 16644
    mdns name = netbios
    message command =
    min receivefile size = 0
    min wins ttl = 21600
    mit kdc command =
    multicast dns register = Yes
    name cache timeout = 660
    name resolve order = lmhosts wins host bcast
    nbt client socket address = 0.0.0.0
    nbt port = 137
    ncalrpc dir = /var/run/samba4/ncalrpc
    netbios aliases =
    netbios name = FREENAS-PMH
    netbios scope =
    neutralize nt4 emulation = No
    NIS homedir = No
    nmbd bind explicit broadcast = Yes
    nsupdate command = /usr/local/bin/samba-nsupdate -g
    ntlm auth = ntlmv2-only
    nt pipe support = Yes
    ntp signd socket directory = /var/run/samba4/ntp_signd
    nt status support = Yes
    null passwords = No
    obey pam restrictions = No
    old password allowed period = 60
    oplock break wait time = 0
    os2 driver map =
    os level = 20
    pam password change = No
    panic action =
    passdb backend = tdbsam
    passdb expand explicit = No
    passwd chat = *new*password* %n\n *new*password* %n\n *changed*
    passwd chat debug = No
    passwd chat timeout = 2
    passwd program =
    password hash gpg key ids =
    password hash userPassword schemes =
    password server = *
    perfcount module =
    pid directory = /var/run/samba4
    preferred master = Auto
    prefork backoff increment = 10
    prefork children = 4
    prefork maximum backoff = 120
    preload modules =
    printcap cache time = 750
    printcap name =
    private dir = /var/db/system/samba4/private
    raw NTLMv2 auth = No
    read raw = Yes
    realm =
    registry shares = Yes
    reject md5 clients = No
    reject md5 servers = No
    remote announce =
    remote browse sync =
    rename user script =
    require strong key = Yes
    reset on zero vc = No
    restrict anonymous = 0
    root directory =
    rpc big endian = No
    rpc server dynamic port range = 49152-65535
    rpc server port = 0
    samba kcc command = /usr/local/sbin/samba_kcc
    security = AUTO
    server max protocol = SMB3
    server min protocol = SMB2_02
    server multi channel support = No
    server role = standalone server
    server schannel = Yes
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
    server signing = default
    server string = FreeNAS Server
    set primary group script =
    set quota command =
    share backend = classic
    show add printer wizard = Yes
    shutdown script =
    smb2 leases = Yes
    smb2 max credits = 8192
    smb2 max read = 8388608
    smb2 max trans = 8388608
    smb2 max write = 8388608
    smbd profiling level = off
    smb passwd file = /var/db/system/samba4/private/smbpasswd
    smb ports = 445 139
    socket options = TCP_NODELAY
    spn update command = /usr/local/sbin/samba_spnupdate
    stat cache = Yes
    state directory = /var/db/system/samba4
    svcctl list =
    syslog = 1
    syslog only = No
    template homedir = /home/%D/%U
    template shell = /bin/false
    time server = No
    timestamp logs = Yes
    tls cafile = tls/ca.pem
    tls certfile = tls/cert.pem
    tls crlfile =
    tls dh params file =
    tls enabled = Yes
    tls keyfile = tls/key.pem
    tls priority = NORMAL:-VERS-SSL3.0
    tls verify peer = as_strict_as_possible
    truenas passive controller = No
    unicode = Yes
    unix charset = UTF-8
    unix extensions = No
    unix password sync = No
    use mmap = Yes
    username level = 0
    username map =
    username map cache time = 0
    username map script =
    usershare allow guests = No
    usershare max shares = 0
    usershare owner only = Yes
    usershare path = /var/db/system/samba4/usershares
    usershare prefix allow list =
    usershare prefix deny list =
    usershare template share =
    utmp = No
    utmp directory =
    winbind cache time = 300
    winbindd socket directory = /var/run/samba4/winbindd
    winbind enum groups = No
    winbind enum users = No
    winbind expand groups = 0
    winbind max clients = 200
    winbind max domain connections = 1
    winbind nested groups = Yes
    winbind netbios alias spn = Yes
    winbind normalize names = No
    winbind nss info = template
    winbind offline logon = No
    winbind reconnect delay = 30
    winbind refresh tickets = No
    winbind request timeout = 60
    winbind rpc only = No
    winbind scan trusted domains = Yes
    winbind sealed pipes = Yes
    winbind separator = \
    winbind status fifo = No
    winbind use default domain = No
    winbind use krb5 enterprise principals = No
    wins hook =
    wins proxy = No
    wins server =
    wins support = No
    workgroup = WORKGROUP
    write raw = Yes
    wtmp directory =
    zeroconf name =
    idmap config *: range = 90000001-100000000
    fruit:nfs_aces = No
    idmap config * : backend = tdb
    access based share enum = No
    acl allow execute always = No
    acl check permissions = Yes
    acl group control = No
    acl map full control = Yes
    administrative share = No
    admin users =
    afs share = No
    aio read size = 1
    aio write behind =
    aio write size = 1
    allocation roundup size = 0
    available = Yes
    blocking locks = Yes
    block size = 1024
    browseable = Yes
    case sensitive = Auto
    check parent directory delete on close = No
    comment =
    copy =
    create mask = 0744
    csc policy = manual
    cups options =
    default case = lower
    default devmode = Yes
    delete readonly = No
    delete veto files = No
    dfree cache time = 0
    dfree command =
    directory mask = 0755
    directory name cache size = 0
    dmapi support = No
    don't descend =
    dos filemode = Yes
    dos filetime resolution = No
    dos filetimes = Yes
    durable handles = Yes
    ea support = Yes
    fake directory create times = No
    fake oplocks = No
    follow symlinks = Yes
    force create mode = 0000
    force directory mode = 0000
    force group =
    force printername = No
    force unknown acl user = No
    force user =
    fstype = NTFS
    guest ok = No
    guest only = No
    hide dot files = Yes
    hide files =
    hide new files timeout = 0
    hide special files = No
    hide unreadable = No
    hide unwriteable files = No
    hosts allow =
    hosts deny =
    include =
    inherit acls = No
    inherit owner = no
    inherit permissions = No
    invalid users =
    kernel oplocks = No
    kernel share modes = Yes
    level2 oplocks = Yes
    locking = Yes
    lppause command =
    lpq command = lpq -P'%p'
    lpresume command =
    lprm command = lprm -P'%p' %j
    magic output =
    magic script =
    mangled names = illegal
    mangling char = ~
    map acl inherit = No
    map archive = Yes
    map hidden = No
    map readonly = no
    map system = No
    max connections = 0
    max print jobs = 1000
    max reported print jobs = 0
    min print space = 0
    msdfs proxy =
    msdfs root = No
    msdfs shuffle referrals = No
    nt acl support = Yes
    ntvfs handler = unixuid, default
    oplocks = Yes
    path =
    posix locking = Yes
    postexec =
    preexec =
    preexec close = No
    preserve case = Yes
    printable = No
    print command = lpr -r -P'%p' %s
    printer name =
    printing = bsd
    printjob username = %U
    print notify backchannel = No
    queuepause command =
    queueresume command =
    read list =
    read only = Yes
    root postexec =
    root preexec =
    root preexec close = No
    short preserve case = Yes
    smbd async dosmode = No
    smbd getinfo ask sharemode = Yes
    smbd max async dosmode = 0
    smbd search ask sharemode = Yes
    smb encrypt = default
    spotlight = No
    spotlight backend = noindex
    store dos attributes = Yes
    strict allocate = No
    strict locking = Auto
    strict rename = No
    strict sync = Yes
    sync always = No
    use client driver = No
    use sendfile = No
    valid users =
    veto files =
    veto oplock files =
    vfs objects =
    volume =
    wide links = No
    write list =


[Medien]
    ea support = No
    guest ok = Yes
    level2 oplocks = No
    oplocks = No
    path = /mnt/hdd/share/medien
    read only = No
    strict locking = Yes
    vfs objects = fruit ixnas
    fruit:resource = stream
    fruit:metadata = stream
    nfs4:chown = true


[Backup]
    ea support = No
    guest ok = Yes
    kernel share modes = No
    path = /mnt/hdd/share/backup
    posix locking = No
    read only = No
    vfs objects = aio_fbsd fruit streams_xattr ixnas
    fruit:resource = stream
    fruit:metadata = stream
    fruit:time machine = yes
    nfs4:chown = true


[Archiv]
    ea support = No
    guest ok = Yes
    kernel share modes = No
    path = /mnt/hdd/share/archiv
    posix locking = No
    read only = No
    vfs objects = aio_fbsd fruit streams_xattr ixnas
    fruit:resource = stream
    fruit:metadata = stream
    nfs4:chown = true

Can you PM me a debug please?

 

[Paul Martin]

I can reproduce the exact same problem on macOS 10.15 Catalina as well.

 

[anodos]

Yeah, I fixed it about a few minutes ago. Because of where the problem was in the samba code, you'll have to wait until the next nightly build before you have the fix (not easy to hotpatch).

 

[Paul Martin]

Can confirm that this worked on both of my test systems. Thank you for all of your hard work!