Hello all,
I setup FreeNAS as part of a Samba domain (Samba 4.6.3) running on two other computers. Replication and everything works fine. I have a workstation (Windows 7) joined to the domain and can administer anything from there. I have setup several ZFS datasets with windows permissions and shared these through SMB in Freenas. Owner of the datasets is the adminstrator account setup for freenas and group owner is an AD group of which my personal account and the freenas admin account are a member.
I can open the shares from the Windows 7 domain joined workstation by IP and hostname and logged in as a user with access to the shares. But when I try to access the shares from another windows computer (Windows 10 and a Windows 2012R2 server) I can enumerate the shares but opening a share asks for my credentials and when I either input my own account or the freenas admin account (prefixed with <domain>\, \, or nothing) I can't get in and an error in the \var\log\samba4\log.smbd is thrown:
I really wouldn't know where to look to get this fixed. Could any of you point me in the right direction? I'm running FreeNAS 11-RC3.
EDIT: Did some testing from the domain controller and try to access FreeNAS SMB shares. Strange thing is that it does access denied when accessed on it's IP and allows connections using DNS name (see log below). Next step was changing DNS on my two non domain clients to domain DNS and accessing freenas by FQND, now I can authenticate. So for some reason FreeNAS Samba only works when accessed through FQDN/DNS and not by IP.
I setup FreeNAS as part of a Samba domain (Samba 4.6.3) running on two other computers. Replication and everything works fine. I have a workstation (Windows 7) joined to the domain and can administer anything from there. I have setup several ZFS datasets with windows permissions and shared these through SMB in Freenas. Owner of the datasets is the adminstrator account setup for freenas and group owner is an AD group of which my personal account and the freenas admin account are a member.
I can open the shares from the Windows 7 domain joined workstation by IP and hostname and logged in as a user with access to the shares. But when I try to access the shares from another windows computer (Windows 10 and a Windows 2012R2 server) I can enumerate the shares but opening a share asks for my credentials and when I either input my own account or the freenas admin account (prefixed with <domain>\, \, or nothing) I can't get in and an error in the \var\log\samba4\log.smbd is thrown:
Code:
[2017/05/25 14:32:38.174030, 1] ../source3/smbd/service.c:502(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
I really wouldn't know where to look to get this fixed. Could any of you point me in the right direction? I'm running FreeNAS 11-RC3.
EDIT: Did some testing from the domain controller and try to access FreeNAS SMB shares. Strange thing is that it does access denied when accessed on it's IP and allows connections using DNS name (see log below). Next step was changing DNS on my two non domain clients to domain DNS and accessing freenas by FQND, now I can authenticate. So for some reason FreeNAS Samba only works when accessed through FQDN/DNS and not by IP.
Code:
pi@dc1:~ $ kinit freenas-admin Password for freenas-admin@DOMAIN.X.NL: pi@dc1:~ $ smbclient -k -L //192.168.1.10 Kerberos auth with 'freenas-admin@DOMAIN.X.NL' (DOMAIN\pi) to access '192.168.1.10' not possible session setup failed: NT_STATUS_ACCESS_DENIED pi@dc1:~ $ smbclient -k -L //freenas.DOMAIN.X.NL Sharename Type Comment --------- ---- ------- backup Disk documents Disk downloads Disk music Disk pictures Disk software Disk testshare Disk videos Disk IPC$ IPC IPC Service (FreeNAS Server) Server Comment --------- ------- Workgroup Master --------- ------- DOMAIN pi@dc1:~ $ smbclient -k -L //freenas Sharename Type Comment --------- ---- ------- backup Disk documents Disk downloads Disk music Disk pictures Disk software Disk testshare Disk videos Disk IPC$ IPC IPC Service (FreeNAS Server) Server Comment --------- ------- Workgroup Master --------- ------- DOMAIN pi@dc1:~ $ smbclient -k -L //192.168.1.10 Kerberos auth with 'freenas-admin@DOMAIN.X.NL' (DOMAIN\pi) to access '192.168.1.10' not possible session setup failed: NT_STATUS_ACCESS_DENIED
Last edited:
