SMB Sharing Issues on Windows Domain (Post 11.3)

jzollo · Feb 6, 2020

Hi All! I could really use some help on this.

After updating to FreeNAS 11.3 I am unable to access any SMB file shares. I've actually deleted all but one just to have some focused testing: //hostname/testing (mapped to /mnt/vol4/testing)

I suspected an AD related issue so I actually unjoined, then rejoined the machine - this did not fix the issue. I have two domain controllers running Windows Server 2019.

I've tweaked my permissions according to the various threads i've read, i've tried to make them wide open where any user would have permission, but i've not been successful. At this point I really just want the share fully accessible by domain users as a first step, then I can move on to group based permissions.

Here's the output of getfacl:

Code:

root@san01[~]# getfacl /mnt/vol4/testing
# file: /mnt/vol4/testing
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
group:domain users:rwxpDdaARWcCos:fd-----:allow
         everyone@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow

Here's the output of testparm -s

Code:

root@san01[/var/log]# testparm -s
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

# Global parameters
[global]
        aio max threads = 2
        allow trusted domains = No
        bind interfaces only = Yes
        client ldap sasl wrapping = plain
        disable spoolss = Yes
        dns proxy = No
        domain master = No
        enable web service discovery = Yes
        interfaces = 127.0.0.1 192.168.130.45 192.168.30.45
        kerberos method = secrets and keytab
        kernel change notify = No
        load printers = No
        local master = No
        logging = file
        max log size = 51200
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        preferred master = No
        realm = HOME.DOMAIN.NET
        restrict anonymous = 2
        security = ADS
        server min protocol = SMB2_02
        server role = member server
        server string = FreeNAS Server
        template shell = /bin/sh
        unix extensions = No
        username map = /usr/local/etc/smbusername.map
        username map cache time = 60
        winbind cache time = 7200
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind max domain connections = 10
        winbind use default domain = Yes
        workgroup = DOMAIN
        idmap config *: range = 90000001-100000000
        idmap config domain: range = 20000-90000000
        idmap config domain: backend = rid
        idmap config * : backend = tdb
        aio read size = 0
        aio write size = 0
        allocation roundup size = 0
        directory name cache size = 0
        dos filemode = Yes
        include = /usr/local/etc/smb4_share.conf


[testing]
        ea support = No
        mangled names = illegal
        path = /mnt/vol4/testing
        read only = No
        vfs objects = shadow_copy_zfs zfs_space zfsacl streams_xattr
        nfs4:acedup = merge

The following is from log.smbd - I captured this portion when I tried to access the share from a domain joined Windows PC.

Code:

[2020/02/06 09:51:36.819712,  4, pid=79283, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2020/02/06 09:51:36.819804,  5, pid=79283, effective(0, 0), real(0, 0)] ../../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2020/02/06 09:51:36.819889,  5, pid=79283, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:866(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2020/02/06 09:51:36.820060,  5, pid=79283, effective(0, 0), real(0, 0)] ../../source3/smbd/uid.c:504(smbd_change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2020/02/06 09:53:13.109323,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.109449,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.109528,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.109619,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.109713, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.109805, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/69/109
[2020/02/06 09:53:13.810588, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.810741, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 69 (position 69) from bitmap
[2020/02/06 09:53:13.810850, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 69
[2020/02/06 09:53:13.810951,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.811040,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.811165,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.811244,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.811333,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.811415, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.811507, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/70/109
[2020/02/06 09:53:13.812802, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.812886, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 70 (position 70) from bitmap
[2020/02/06 09:53:13.812977, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 70
[2020/02/06 09:53:13.813072,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.813161,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.813269,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.813344,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.813436,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.813524, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.813614, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/71/109
[2020/02/06 09:53:13.814302, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.814386, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 71 (position 71) from bitmap
[2020/02/06 09:53:13.814477, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 71
[2020/02/06 09:53:13.814569,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.814659,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.814766,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.814842,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.814929,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.815020, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.815110, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/72/109
[2020/02/06 09:53:13.820599, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.820682, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 72 (position 72) from bitmap
[2020/02/06 09:53:13.820771, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 72
[2020/02/06 09:53:13.820849,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.820925,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.821022,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.821091,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.821167,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.821258, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.821338, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/73/109
[2020/02/06 09:53:13.822103, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.822179, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 73 (position 73) from bitmap
[2020/02/06 09:53:13.822257, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 73
[2020/02/06 09:53:13.822335,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.822402,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.822500,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.822568,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.822643,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.822722, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.822813, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/74/109
[2020/02/06 09:53:13.823747, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.823823, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 74 (position 74) from bitmap
[2020/02/06 09:53:13.823899, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 74
[2020/02/06 09:53:13.823979,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.824047,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.824140,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.824211,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.824287,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.824364, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.824461, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/75/109
[2020/02/06 09:53:13.829001, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.829083, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 75 (position 75) from bitmap
[2020/02/06 09:53:13.829190, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 75
[2020/02/06 09:53:13.829283,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.829374,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.829484,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.829561,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.829650,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.829745, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.829833, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/76/109
[2020/02/06 09:53:13.830500, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.830584, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 76 (position 76) from bitmap
[2020/02/06 09:53:13.830685, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 76
[2020/02/06 09:53:13.830776,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.830862,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.830966,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.831039,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.831126,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.831215, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.831304, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/77/109
[2020/02/06 09:53:13.857840, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.857944, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 77 (position 77) from bitmap
[2020/02/06 09:53:13.858036, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 77
[2020/02/06 09:53:13.858129,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.858218,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.858325,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.858401,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.858494,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.858586, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.858676, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/78/109
[2020/02/06 09:53:13.923991, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler)
  smbd_smb2_request idx[1] of 5 vectors
[2020/02/06 09:53:13.924094, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number)
  smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 78 (position 78) from bitmap
[2020/02/06 09:53:13.924198, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 78
[2020/02/06 09:53:13.924291,  5, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate)
  change_to_user_impersonate: Skipping user change - already user
[2020/02/06 09:53:13.924389,  4, pid=83633, effective(21142, 20513), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir)
  vfs_ChDir to /mnt/vol4/testing
[2020/02/06 09:53:13.924501,  3, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service)
  chdir (/mnt/vol4/testing) failed, reason: Permission denied
[2020/02/06 09:53:13.924579,  0, pid=83633, effective(21142, 20513), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!
[2020/02/06 09:53:13.924672,  3, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542
[2020/02/06 09:53:13.924761, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261
[2020/02/06 09:53:13.924849, 10, pid=83633, effective(21142, 20513), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit)
  smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/79/109

geoff.jukes · Feb 6, 2020

@jzollo we are having similar issues. We have a couple of servers, all upgraded from 11.2 to 11.3

After the upgrade, one of the 2 keeps throwing permission errors. Restarting Samba fixes the issue immediately. I've enabled NTLM and SMBv1, just in case (our network is secure enough for testing)

I've started watching the logs, but can't see anything specific (yet). If I do, I'll post here, but otherwise I'm just lurking this thread :)

jzollo · Feb 6, 2020

geoff.jukes said:
@jzollo we are having similar issues. We have a couple of servers, all upgraded from 11.2 to 11.3

After the upgrade, one of the 2 keeps throwing permission errors. Restarting Samba fixes the issue immediately. I've enabled NTLM and SMBv1, just in case (our network is secure enough for testing)

I've started watching the logs, but can't see anything specific (yet). If I do, I'll post here, but otherwise I'm just lurking this thread :)

Thank You!

jzollo · Feb 6, 2020

I'm on to something here, it looks like my root volume mount point (/mnt/xyz) has incorrect permissions. I seemingly can't chmod in a terminal session. I may have to recreate the pool.

jzollo · Feb 6, 2020

Code:

root@san01[/mnt]# ls -al
total 34
drwxr-xr-x   6 root  wheel  320 Jan 28 20:03 .
drwxr-xr-x  22 root  wheel   29 Jan 28 20:03 ..
-rw-r--r--   1 root  wheel    5 Jan 28 19:40 md_size
drwxr-xr-x   4 root  wheel    4 Jan 17 10:28 vol1
drwxr-xr-x   2 root  wheel    2 Dec 29 10:50 vol2
drwxr-xr-x   8 root  wheel    9 Feb  6 20:51 vol3
drwxrwx---+  6 root  wheel    7 Feb  6 19:41 vol4

SMB shares work fine on vol1/2/3 - not on 4.

geoff.jukes · Feb 6, 2020

@jzollo Check the permissions in the GUI, or use `getfacl` on vol4. I’m assuming you leave the User and Group as local users, removed ‘everyone’ permissions, then (possibly) added your groups with specific permissions.
From your first post, it looks like you gave duplicate (and conflicting) permissions for the ‘everyone’ entry.

jzollo · Feb 6, 2020

Actually, chmod 755 vol4 worked!

geoff.jukes · Feb 6, 2020

@jzollo So your issue is fixed?

geoff.jukes · Feb 6, 2020

This may be relevant to you. https://www.ixsystems.com/community...e-in-windows-no-permissions.81991/post-567604

jzollo · Feb 6, 2020

@geoff.jukes - Correct! Everything is working perfectly. I'm not sure how the permissions got changed to 770 on that root share, but setting 755 fixed it!

geoff.jukes · Feb 6, 2020

Glad you found your issue @jzollo :)
I’ll keep trawling the boards for hints on mine.

geoff.jukes · Feb 6, 2020

jzollo said:

@jzollo I think I’m zeroing in on my issue being permissions related too. In your `ls` above, I note that the only pool with ACLs enabled, is vol4 (indicates by the + in the permissions). So it’s interesting that a `chmod` fixed it for you. Hopefully someone else will be able to explain why.

anodos · Feb 6, 2020

geoff.jukes said:
@jzollo I think I’m zeroing in on my issue being permissions related too. In your `ls` above, I note that the only pool with ACLs enabled, is vol4 (indicates by the + in the permissions). So it’s interesting that a `chmod` fixed it for you. Hopefully someone else will be able to explain why.

The e(x)ecute bit is required in order to traverse a directory. If you chmod a directory to 770 and it's owned by root:wheel, then only members of wheel will be able to access anything under the directory. The middleware in 11.3 does not allow permissions changes to root-level dataset (i.e. vol4 here), and so this change would only be possible under 11.2.

Important Announcement for The TrueNAS Community.

SMB Sharing Issues on Windows Domain (Post 11.3)

jzollo

Cadet

geoff.jukes

Dabbler

jzollo

Cadet

jzollo

Cadet

jzollo

Cadet

geoff.jukes

Dabbler

jzollo

Cadet

geoff.jukes

Dabbler

geoff.jukes

Dabbler

jzollo

Cadet

geoff.jukes

Dabbler

geoff.jukes

Dabbler

anodos

Sambassador

Similar threads

Important Announcement for The TrueNAS Community.