Henning Kessler
Contributor
- Joined
- Feb 10, 2015
- Messages
- 143
Hello,
I have update a FreeNAS system from 9.10.1 (d989edd) to 9.10.1-U2 and shortly after this several user were complaining about that they could not modify or delete older files. Clients are mostly OS X (10.12, 10.11.6 or 10.10.5). New created files could be modified and deleted as usual. As soon as I reverted the system back to 9.10.1 the issue disappeared.
The system is bound AD and users could authenticate without any issues.
this the smb4.conf:
POSIX permission on problematic file:
ACLs on problematic file
resetting the ACLs with winacl did not help:
After reverting the system to 9.10.1 everything worked as it should. Could this be a bug or am I holding it wrong ;-)?
I have update a FreeNAS system from 9.10.1 (d989edd) to 9.10.1-U2 and shortly after this several user were complaining about that they could not modify or delete older files. Clients are mostly OS X (10.12, 10.11.6 or 10.10.5). New created files could be modified and deleted as usual. As soon as I reverted the system back to 9.10.1 the issue disappeared.
The system is bound AD and users could authenticate without any issues.
this the smb4.conf:
Code:
[global] server max protocol = SMB3 encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 942833 logging = file load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = yes directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g server string = FreeNAS Server ea support = yes store dos attributes = yes lm announce = yes acl allow execute always = true dos filemode = yes multicast dns register = yes domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server workgroup = DOMAIN realm = DOMAIN.COM security = ADS client use spnego = yes cache directory = /var/tmp/.cache/.samba local master = no domain master = no preferred master = no ads dns update = yes winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = no winbind refresh tickets = yes idmap config DOMAIN: backend = rid idmap config DOMAIN: range = 20000-90000000 allow trusted domains = no client ldap sasl wrapping = plain template shell = /bin/sh template homedir = /home/%D/%U netbios name = BER0NAS01 pid directory = /var/run/samba create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 1 [Transfer] path = /mnt/extpool/Transfer printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes shadow:snapdir = .zfs/snapshot shadow:sort = desc shadow:localtime = yes shadow:format = auto-%Y%m%d.%H%M-1w shadow:snapdirseverywhere = yes vfs objects = shadow_copy2 zfs_space zfsacl streams_xattr fruit catia hide dot files = yes guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare
POSIX permission on problematic file:
Code:
-r-xrwxr-x+ 1 DOMAIN\domainuser DOMAIN\domaingroup 109992 Oct 20 09:14 FL_HourTracking.xlsx
ACLs on problematic file
Code:
# file: FL_HourTracking.xlsx # owner: DOMAIN\domainuser # group: DOMAIN\domaingroup group:DOMAIN\domaimuser:rwxpDdaARWcCo-:-------:allow group@:rwxpDdaARWcCo-:-------:allow everyone@:r-x---a-R-c---:-------:allow
resetting the ACLs with winacl did not help:
Code:
sudo winacl -O 'DOMAIN\domainuser' -G 'DOMAIN\domaingroup' -v -p /PATH/TO/FILE
After reverting the system to 9.10.1 everything worked as it should. Could this be a bug or am I holding it wrong ;-)?