SMB Shares Inaccessible from Windows 10 Map Network Drive

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
I've got a screen dump of a putty.log beginning in May and ending today, but PuTTY hasn't saved the log file on my PC
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Did you click Apply after setting the log options?
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
I'm not sure if this what you need. PuTTY behaves strangely - it retains the Port 24 setting, each time I start it I have to change that to 22, and it doesn't retain the option for 'Printed Log' or file save location. But here's what I was able to produce, hope it reveals something. Thanks again for your perseverance.
 

Attachments

  • puttylog.txt
    1.3 MB · Views: 360

atl_vm

Cadet
Joined
Aug 13, 2020
Messages
5
OK so I am having the same EXACT problem. While Geoff seems to be novice at using command line and putty he seems capable. I am a Linux \ Windows guru and I have to say that FREENAS is the most complicate, difficult appliance ever. I can get iSCSI to work, so obviously the other things like IP and storage is working. I have reinstalled freenas 3 times now and this is extremely frustrating. I have another device openfiler which works PERFECT, now I get freenas because interface is better and performance is better, but I can go back to openfiler not a problem.

I cannot get shares to work. I am a Windows admin going back 20 years, so this is NOT new. I do hyper-v Administration this should be VERY simple but it's not.

I have done ALL the steps looked at the manual back and fourth there ARE no options missing. It is simply NOT working. smb.log shows nothing except ready to accept connections. So why is this NOT working have no clue, but as I have Netapp, Jetstore, Convergent, VMware, vSAN, and an entire Datacenter under my belt this is the *ONLY* appliance that is giving me trouble, it's not even for work it was something I was going JUST to test.. but this seems fruitless. Can't understand why people insist on making layer upon layer of non-sense just to get a share up.. ridiculous. I can stand up ANY windows server, get shares and permissions in 20 minutes start to finish no problem. All other SAN as I mentioned working great they ALL have shares setup first time some use SAMBA, so I am also familiar with that, but this is incredibly restrictive to use FREENAS.

It's not a total loss, as iSCSI works, networking, I have Directory Services it's working great. I have installed 3 times, rebooted this appliance 4 times still nothing. As Geoff states what are we overlooking? I think it's a simply FLAW in the software. I came here not looking for support but merely to reinforce Geoff frustration, it's utterly insane that things need to be this complicated to setup. INSANE!
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
It's late here now, time to hit the sack. Goodnight and thank you

OK, you have a permissions issue with your share, because Samba can't traverse the directory structure to get to your dataset. Please display how you have the share defined, and the ACL for the share.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
@atl_vm, please start a new thread. In all likelihood, you've encountered a misunderstanding with the permissions/ACL structure.
 

atl_vm

Cadet
Joined
Aug 13, 2020
Messages
5
It doesn't matter how ACL works, it should still respond to the \\0.0.0.0 IP and at least give a blank screen or prompt for credentials. Not doing that. That's how I know SMB is NOT working, has nothing to do with credentials, permissions or share. If service is running windows should realize it's able to 'talk' to SMB server and get some valid response, even if it's blank. That's what I am talking about. It's NOT working.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Samba != Windows. What does testparm -sv show on your FreeNAS server?
 

atl_vm

Cadet
Joined
Aug 13, 2020
Messages
5
I can see a lot of output but since I can't login with SSH now either, I can't get the info to copy \ paste. I can get the shell to work but ctrl-c or right click copy doesn't work in my browser. SSH is on, I get prompt but it's not accepting root credentials.. yet another wonderful implementation of FREENAS. yay! SSH is a standard among console for anything command line. Why oh why doesn't root work....
 

atl_vm

Cadet
Joined
Aug 13, 2020
Messages
5
# Global parameters
[global]
abort shutdown script =
add group script =
additional dns hostnames =
add machine script =
addport command =
addprinter command =
add share command =
add user script =
add user to group script =
ads dns update = Yes
afs token lifetime = 604800
afs username map =
aio max threads = 2
algorithmic rid base = 1000
allow dcerpc auth level connect = No
allow dns updates = secure only
allow insecure wide links = No
allow nt4 crypto = No
allow trusted domains = Yes
allow unsafe cluster upgrade = No
apply group policies = No
async smb echo handler = No
auth event notification = No
auto services =
binddns dir = /var/run/samba4/bind-dns
bind interfaces only = Yes
browse list = Yes
cache directory = /var/run/samba4
change notify = Yes
change share command =
check password script =
cldap port = 389
client ipc max protocol = default
client ipc min protocol = default
client ipc signing = default
client lanman auth = No
client ldap sasl wrapping = sign
client max protocol = default
client min protocol = CORE
client NTLMv2 auth = Yes
client plaintext auth = No
client schannel = Yes
client signing = default
client use spnego principal = No
client use spnego = Yes
cluster addresses =
clustering = No
config backend = file
config file =
create krb5 conf = Yes
ctdbd socket =
ctdb locktime warn threshold = 0
ctdb timeout = 0
cups connection timeout = 30
cups encrypt = No
cups server =
dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver
deadtime = 0
debug class = No
debug hires timestamp = Yes
debug pid = No
debug prefix timestamp = No
debug uid = No
dedicated keytab file =
default service =
defer sharing violations = Yes
delete group script =
deleteprinter command =
delete share command =
delete user from group script =
delete user script =
dgram port = 138
disable netbios = No
disable spoolss = Yes
dns forwarder =
dns proxy = No
dns update command = /usr/local/sbin/samba_dnsupdate
dns zone scavenging = No
domain logons = No
domain master = Auto
dos charset = CP850
dsdb event notification = No
dsdb group change notification = No
dsdb password event notification = No
enable asu support = No
enable core files = Yes
enable privileges = Yes
enable web service discovery = Yes
encrypt passwords = Yes
enhanced browsing = Yes
enumports command =
eventlog list =
get quota command =
getwd cache = Yes
gpo update command = /usr/local/sbin/samba-gpupdate
guest account = root
homedir map = auto.home
host msdfs = Yes
hostname lookups = No
idmap backend = tdb
idmap cache time = 604800
idmap gid =
idmap negative cache time = 120
idmap uid =
include system krb5 conf = Yes
init logon delay = 100
init logon delayed hosts =
interfaces =
iprint server =
keepalive = 300
kerberos encryption types = all
kerberos method = default
kernel change notify = No
kpasswd port = 464
krb5 port = 88
lanman auth = No
large readwrite = Yes
ldap admin dn =
ldap connection timeout = 2
ldap debug level = 0
ldap debug threshold = 10
ldap delete dn = No
ldap deref = auto
ldap follow referral = Auto
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap max anonymous request size = 256000
ldap max authenticated request size = 16777216
ldap max search request size = 256000
ldap page size = 1000
ldap passwd sync = no
ldap replication sleep = 1000
ldap server require strong auth = Yes
ldap ssl = start tls
ldap ssl ads = No
ldap suffix =
ldap timeout = 15
ldap user suffix =
lm announce = Auto
lm interval = 60
load printers = No
local master = Yes
lock directory = /var/run/samba4
lock spin time = 200
log file =
logging = file
log level = 1
log nt token command =
logon drive =
logon home = \\%N\%U
logon path = \\%N\%U\profile
logon script =
log writeable files on exit = No
lpq cache time = 30
lsa over netlogon = No
machine password timeout = 604800
mangle prefix = 1
mangling method = hash2
map to guest = Bad User
max disk size = 0
max log size = 51200
max mux = 50
max open files = 234630
max smbd processes = 0
max stat cache size = 512
max ttl = 259200
max wins ttl = 518400
max xmit = 16644
mdns name = netbios
message command =
min receivefile size = 0
min wins ttl = 21600
mit kdc command =
multicast dns register = Yes
name cache timeout = 660
name resolve order = lmhosts wins host bcast
nbt client socket address = 0.0.0.0
nbt port = 137
ncalrpc dir = /var/run/samba4/ncalrpc
netbios aliases = freenas
netbios name = FREENAS
netbios scope =
neutralize nt4 emulation = No
NIS homedir = No
nmbd bind explicit broadcast = Yes
nsupdate command = /usr/local/bin/samba-nsupdate -g
ntlm auth = ntlmv2-only
nt pipe support = Yes
ntp signd socket directory = /var/run/samba4/ntp_signd
nt status support = Yes
null passwords = No
obey pam restrictions = No
old password allowed period = 60
oplock break wait time = 0
os2 driver map =
os level = 20
pam password change = No
panic action =
passdb backend = tdbsam
passdb expand explicit = No
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
passwd program =
password hash gpg key ids =
password hash userPassword schemes =
password server = *
perfcount module =
pid directory = /var/run/samba4
preferred master = Auto
prefork backoff increment = 10
prefork children = 4
prefork maximum backoff = 120
preload modules =
printcap cache time = 750
printcap name =
private dir = /var/db/system/samba4/private
raw NTLMv2 auth = No
read raw = Yes
realm =
registry shares = No
reject md5 clients = No
reject md5 servers = No
remote announce =
remote browse sync =
rename user script =
require strong key = Yes
reset on zero vc = No
restrict anonymous = 0
rndc command = /usr/sbin/rndc
root directory =
rpc big endian = No
rpc server dynamic port range = 49152-65535
rpc server port = 0
samba kcc command = /usr/local/sbin/samba_kcc
security = AUTO
server max protocol = SMB3
server min protocol = NT1
server multi channel support = No
server role = standalone server
server schannel = Yes
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
server signing = default
server string = FreeNAS Server
set primary group script =
set quota command =
share backend = classic
show add printer wizard = Yes
shutdown script =
smb2 leases = Yes
smb2 max credits = 8192
smb2 max read = 8388608
smb2 max trans = 8388608
smb2 max write = 8388608
smbd profiling level = off
smb passwd file = /var/db/system/samba4/private/smbpasswd
smb ports = 445 139
socket options = TCP_NODELAY
spn update command = /usr/local/sbin/samba_spnupdate
stat cache = Yes
state directory = /var/db/system/samba4
svcctl list =
syslog = 1
syslog only = No
template homedir = /home/%D/%U
template shell = /bin/false
time server = No
timestamp logs = Yes
tls cafile = tls/ca.pem
tls certfile = tls/cert.pem
tls crlfile =
tls dh params file =
tls enabled = Yes
tls keyfile = tls/key.pem
tls priority = NORMAL:-VERS-SSL3.0
tls verify peer = as_strict_as_possible
truenas passive controller = No
unicode = Yes
unix charset = UTF-8
unix extensions = Yes
unix password sync = No
use mmap = Yes
username level = 0
username map =
username map cache time = 0
username map script =
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/db/system/samba4/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
utmp = No
utmp directory =
web port = 901
winbind cache time = 300
winbindd socket directory = /var/run/samba4/winbindd
winbind enum groups = No
winbind enum users = No
winbind expand groups = 0
winbind max clients = 200
winbind max domain connections = 1
winbind nested groups = Yes
winbind netbios alias spn = Yes
winbind normalize names = No
winbind nss info = template
winbind offline logon = No
winbind reconnect delay = 30
winbind refresh tickets = No
winbind request timeout = 60
winbind rpc only = No
winbind scan trusted domains = Yes
winbind sealed pipes = Yes
winbind separator = \
winbind status fifo = No
winbind use default domain = No
winbind use krb5 enterprise principals = No
wins hook =
wins proxy = No
wins server =
wins support = No
workgroup = WORKGROUP
write raw = Yes
wtmp directory =
zeroconf name =
idmap config *: range = 90000001-100000000
idmap config * : backend = tdb
access based share enum = No
acl allow execute always = No
acl check permissions = Yes
acl group control = No
acl map full control = Yes
administrative share = No
admin users =
afs share = No
aio read size = 1
aio write behind =
aio write size = 1
allocation roundup size = 0
available = Yes
blocking locks = Yes
block size = 1024
browseable = Yes
case sensitive = Auto
check parent directory delete on close = No
comment =
copy =
create mask = 0744
csc policy = manual
cups options =
default case = lower
default devmode = Yes
delete readonly = No
delete veto files = No
dfree cache time = 0
dfree command =
directory mask = 0755
directory name cache size = 0
dmapi support = No
dont descend =
dos filemode = Yes
dos filetime resolution = No
dos filetimes = Yes
durable handles = Yes
ea support = Yes
fake directory create times = No
fake oplocks = No
follow symlinks = Yes
force create mode = 0000
force directory mode = 0000
force group =
force printername = No
force unknown acl user = No
force user =
fstype = NTFS
guest ok = No
guest only = No
hide dot files = Yes
hide files =
hide new files timeout = 0
hide special files = No
hide unreadable = No
hide unwriteable files = No
hosts allow =
hosts deny =
include = /usr/local/etc/smb4_share.conf
inherit acls = No
inherit owner = no
inherit permissions = No
invalid users =
kernel oplocks = No
kernel share modes = Yes
level2 oplocks = Yes
locking = Yes
lppause command =
lpq command = lpq -P'%p'
lpresume command =
lprm command = lprm -P'%p' %j
magic output =
magic script =
mangled names = yes
mangling char = ~
map acl inherit = No
map archive = Yes
map hidden = No
map readonly = no
map system = No
max connections = 0
max print jobs = 1000
max reported print jobs = 0
min print space = 0
msdfs proxy =
msdfs root = No
msdfs shuffle referrals = No
nt acl support = Yes
ntvfs handler = unixuid, default
oplocks = Yes
path =
posix locking = Yes
postexec =
preexec =
preexec close = No
preserve case = Yes
printable = No
print command = lpr -r -P'%p' %s
printer name =
printing = bsd
printjob username = %U
print notify backchannel = No
queuepause command =
queueresume command =
read list =
read only = Yes
root postexec =
root preexec =
root preexec close = No
short preserve case = Yes
smbd async dosmode = No
smbd getinfo ask sharemode = Yes
smbd max async dosmode = 0
smbd search ask sharemode = Yes
smb encrypt = default
spotlight = No
store dos attributes = Yes
strict allocate = No
strict locking = Auto
strict rename = No
strict sync = Yes
sync always = No
use client driver = No
use sendfile = No
valid users =
veto files =
veto oplock files =
vfs objects =
volume =
wide links = No
write cache size = 0
write list =


[shared]
aio write size = 0
ea support = No
guest ok = Yes
mangled names = illegal
path = /mnt/PERF/shared
read only = No
vfs objects = streams_xattr ixnas
nfs4:acedup = merge
nfs4:chown = true
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
I can see a lot of output but since I can't login with SSH now either, I can't get the info to copy \ paste. I can get the shell to work but ctrl-c or right click copy doesn't work in my browser. SSH is on, I get prompt but it's not accepting root credentials.. yet another wonderful implementation of FREENAS. yay! SSH is a standard among console for anything command line. Why oh why doesn't root work....

Root SSH login is disabled by default for security reasons.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
[shared]
aio write size = 0
ea support = No
guest ok = Yes
mangled names = illegal
path = /mnt/PERF/shared
read only = No
vfs objects = streams_xattr ixnas
nfs4:acedup = merge
nfs4:chown = true

OK, so you've got a guest share at \\<FreeNAS IP>\shared. What's the output of

Code:
ls -ld /mnt/PERF
ls -ld /mnt/PERF/shared


and the ACLs you've set on shared?
 

atl_vm

Cadet
Joined
Aug 13, 2020
Messages
5
ok it doesn't matter about the ACL. It's not relevant. That only thing that matters AFTER there is a connection made from Windows to that server. I can go to any windows environment and you can test this with any linux. All you have to do is enable SMB service. That's it. Now from any windows or linux machine (and this is on a LOCAL lan with no firewall in between assuming you are not in some secure site) you can go to to any server where SMB or CIFS is running and you should get some type of prompt. It will be either a blank screen or any sort of prompt for credentials. They may not work but it should still be a connection made from Windows or Linux to SMB \ CIFS service. It does not recognize there is any server running on FREENAS at all. But FREENAS is running everything is working (as far as I have tested). Ping responds to FREENAS server.

That's what I am trying to tell you. Once you get PAST credentials or prompt or a connection to a server *THEN* ACL, permissions, traverse directory etc.. will take place. If Windows can't even connect to a server at all doesn't matter what ACL or permissions you have, it's not going to work.

I can ping this server, iSCSI is currently enabled and functioning. The only thing that isn't working is SMB (which SMB = Windows is FALSE). SMB is an open source replacement for built in network \ file services in Windows, it's a hybrid rebuild to enable the same functionality but to say that SMB = Windows is like saying sugar substitute = sugar. no, not even close. One is natural the other is man made in a lab. SMB depends on version and who makes the protocol because it has many, many variations. The one include with this version of FREENAS is just plain broke.

I don't need any configuration for SMB for it to work, it should prompt or at least respond because it's a service. It's why you have the option to turn it off \ on for security, but once it's ON it should respond and identify as a functioning service, but it's not.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Your assumption that FreeNAS Samba should behave like a Linux or Windows SMB service is incorrect. You can kvetch about it as much as you like, it is what it is. The Samba service out of the box on FreeNAS is configured much more securely, and doesn't conform to your expectations from other platform. I'm trying to help you get it up and working.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
OK, you have a permissions issue with your share, because Samba can't traverse the directory structure to get to your dataset. Please display how you have the share defined, and the ACL for the share.
Is this what you mean (sorry for the delayed response, been away):
1597817408007.png

1597817284599.png

1597817354310.png
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
I need the output of:
Code:
ls -ld /mnt/Primary_Data
ls -ld /mnt/Primary_Data/Geoff
ls -ld /mnt/Primary_Data/Public
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
I need the output of:
root@freenas[~]# ls -ld /mnt/Primary_Data
drwxr-xr-x 7 root wheel 8 May 4 14:45 /mnt/Primary_Data
root@freenas[~]# ls -ld /mnt/Primary_Data/Geoff
drwxrwxrwx 13 gwhitele Geoff_private 13 May 3 13:25 /mnt/Primary_Data/Geoff
root@freenas[~]# ls -ld /mnt/Primary_Data/Public
drwxrwxrwx 9 sawit Public 9 May 8 17:46 /mnt/Primary_Data/Public
Hope this guides you to the problem, thanks again.
 
Last edited:

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
I need the output of:
Code:
ls -ld /mnt/Primary_Data
ls -ld /mnt/Primary_Data/Geoff
ls -ld /mnt/Primary_Data/Public
Hi there, I'm wondering whether I provided the information you needed from your AUG24 post (see above post). Please let me know if I've correctly answered your request.
 
Last edited:

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
What user account are you using to access these shares? According to the ls -ld output, the Geoff share is restricted to the gwhitele user or the Geoff_private group. The Public share is restricted to the sawit user or the Public group. Is your account a member of both groups?
 
Top