Unable to login to freenas after initial setup

[semaj]

Hello. I am trying to setup a primary freenas and a secondary as a backup via rsysnc. I want to have all users authenticate but all have access to the same files and share. I have been studying up a lot and trying many different ways of setting up but i am running into an issue.

I cannot log into the share. I unlock the pool after reboot and try to connect through windows. I see the share but i am not able to log in.

To login:
on windows go to windows explorer
\\freenas05bk

enter username:user1
enter password: password

The username and password of the login is the same as the pc.

Below is how i setup the machine i am trying to log into.

System
-machine name

Settings
-timezone
> Advanced
Enable "Show console messages in the footer:"
Update MOTD Banner

Network
-Update IPv4 Default Gateway 192.168.1.1
-Update "Nameserver 1:" to 192.168.1.1
>Interfaces
-Add interface
--NIC = EM0
--Interface Name= mainnic
--IPv4 Address:=192.168.1.241
--IPv4 Netmask:= /24 (255:255:255:0)

Storage
-ZFS Volume Manager
--Volume Name = mainfs
--encryption - enable
--Add 4 disks
--Drag 4 disks out on line one
--Change to RaidZ
--Click Add Volume

-Click on mainfs
-Click on icon to create new ZFS dataset (calendar icon with plus sign at top right)
--Dataset Name:=files
--ZFS Deduplication:=Off

-Click on mainfs
-Click on icon to create new ZFS dataset (calendar icon with plus sign at top right)
--Dataset Name:=jails
--ZFS Deduplication:=Off

-Click on mainfs
--Click on Wrench icon
--ZFS Deduplication:=Off

-Click on mainfs
-click on key
--Enter passphrase
--Enter confirm passphrase
--Click OK
--Select mainfs
-Click on Key download (key with down arrow)
--enter root password
--click ok
-Click recovery (key with plus sign)
--enter root password
--Click Continue

-Click mainfs
--Click Cylinder with key on top
--enable mode=group enables
--owner=root
--owner=wheel
--enable Set permission recursively

account
-add users
-username=user1
-full name=user1
-password=password
-password confirmation=password
-auxiliary groups=wheel
-click ok

-add users
-username=user2
-full name=user2
-password=password
-password confirmation=password
-auxiliary groups=wheel
-click ok



-Sharing
-Windows (CIFS) Shares
-Add Windows (CIFS) Share
-name=mainfs
-path=/mnt/mainfs/files
-enable Inherit Owner
-enable Inherit Permissions
-enable show hidden files
-click ok
-Yes enable service

Jails
-Browse for Jail Root
-Path=/mnt/mainfs/jails
-Click Save

Plugin
-Click Plug ins
--Click Refresh

Reboot Freenas


RSYNC - Server Side (on pc .240)
System
--Rsync Tasks
--Add Rsync Task
---Path=/mnt/mainfs/files/
---Remote Host=192.168.1.241
---Rsync mode=Rsync module
---Direction=Push
---Short description=Main RSYNC
---Minute=Every 15 minute
---User=root

RSYNC - Client Side (on pc .241)
-Services
-Rsync
-Rsync Modules
--Add Rsync Module
---Module name = freenasbackup
---Path=/mnt/mainfs/files/
---User=root
---Group=Wheel
---Hosts allow=192.168.1.240


S.M.A.R.T. Tests
-Add S.M.A.R.T. Test
--Select all disks
--Type=Short Test
--Each n hour=0
--Every n day of month=1


Storage
-ZFS Scrubs
-Add ZFS Scrub
-Each selected minute=00
-Each selected hours=00
-Day of the week=Sunday

 

[anodos]

Please post the following information:

• Version of FreeNAS
• Hardware specifications of your computer (RAM, CPU, Hard Drives, Network Cards, etc.)
• File sharing protocols you are using (CIFS, NFS, etc)
• Smb4.conf file (located at /usr/local/etc/smb4.conf)
• Output of 'testparm'

 

[semaj]

Version of FreeNAS:
FreeNAS v9.2.1.5-RELEASE-x64 originally test
FreeNAS v9.2.1.6-BETA-x64 tested as possible fix, no change

HDD: 4x HGST Deskstar NAS H3IKNAS40003272SN(0S03664) 4TB 7200 RPM 64MB
RAM: Crucial 16GB (2 x 8GB) 240-Pin DDR3 SDRAM ECC Unbuffered DDR3 1600 (PC3 12800) Server Memory
CPU: Intel Intel Xeon E3-1220V3 Haswell 3.1GHz 8MB L3 Cache LGA 1150 80W Quad-Core Server Processor
Motherboard: SUPERMICRO MBD-X10SAE-O ATX Server Motherboard LGA 1150 Intel
Case: SUPERMICRO CSE-825TQ-563LPB Black 2U Rackmount Server Case 560W
NIC: Intel I210-AT (ONBOARD)

File Sharing Protocol: CIFS

Smb4.conf
[global]
server max protocol = SMB3
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 11070
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = Yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
hostname lookups = yes
time server = yes
acl allow execute always = true
local master = yes
server role = standalone
netbios name = FREENAS05BK
workgroup = WORKGROUP
security = user
pid directory = /var/run/samba
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1


[mainfs]
path = /mnt/mainfs/files
printable = no
veto files = /.snap/.windows/.zfs/
writeable = yes
browseable = yes
inherit owner = no
inherit permissions = no
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
vfs objects = zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = no
inherit acls = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare

"Output of 'testparm'" Not exactly sure what you are asking for. If it is to rerun login and paste console errors... i can try that after work today

 

[anodos]

Testparm is an internal testing program that is part of samba. You run it by typing "testparm" in the console.
Please also attach your samba log file ( located at /var/log/samba4/log.smbd ).

Does it work if you navigate to the server by ipaddress? (i.e. "\\192.168.1.241\mainfs" in Windows Explorer)
If you enable guest access are you able to open your share?

By the way, please enclose output in code brackets if you paste it in the body of your message.

 

[semaj]

Testparm

Code:

[root@freenas05bk] ~# testparm
Load smb config files from /usr/local/etc/smb4.conf
max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
Processing section "[mainfs]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
 
[global]
        dos charset = CP437
        server string = FreeNAS Server
        server role = standalone server
        map to guest = Bad User
        obey pam restrictions = Yes
        smb passwd file = /var/etc/private/smbpasswd
        private dir = /var/etc/private
        max log size = 51200
        time server = Yes
        deadtime = 15
        max open files = 11070
        hostname lookups = Yes
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes
        dns proxy = No
        pid directory = /var/run/samba
        panic action = /usr/local/libexec/samba/samba-backtrace
        idmap config * : backend = tdb
        acl allow execute always = Yes
        create mask = 0666
        directory mask = 0777
        ea support = Yes
        directory name cache size = 0
        kernel change notify = No
        store dos attributes = Yes
        strict locking = No
 
[mainfs]
        path = /mnt/mainfs/files
        read only = No
        veto files = /.snap/.windows/.zfs/
        vfs objects = zfsacl, streams_xattr, aio_pthread
        zfsacl:acesort = dontcare
        nfs4:chown = yes
        nfs4:acedup = merge
        nfs4:mode = special
        recycle:subdir_mode = 0700
        recycle:directory_mode = 0777
        recycle:touch = yes
        recycle:versions = yes
        recycle:keeptree = yes
        recycle:repository = .recycle/%U

In the past it did not work any better if I go by IP address. At first i did have problem connecting by name but a quick reboot of the router fixed that.

Enabling guest access and testing access:
-From contron panel click on sharing
-Click on windows cifs sharing
-click on share
-click edit button
-enable "allow guest access"
-click ok
-go to services
-stop cifs
-start cifs

TEST:
PASS attempt login to server at address \\freenas05bk\mainfs with guest enabled
PASS attempt login to server at address \\192.168.1.241\mainfs with guest enabled
FAIL attempt login to server at address \\freenas05bk\mainfs with guest disabled
PASS attempt login to server at address \\192.168.1.241\mainfs with guest disabled
NOTE:This is new. I will do more testing on this.

Samba log file attached. Note: 192.168.1.35 is the IP of my machine

 

[semaj]

If you can suggest a better way to configure please let me know. It seems that i can sometimes get to the machine by ip and log in automatically on two other computers besides my main .35 machine. The other 2 machines are windows 8.1 and mine is still 8.0. if it is just a dns issue i guess i can live with that. The files that i drop on the server have full privileged to me on that machine but not the wheel group that all users are a part of. In the cifs share i set the directory mask to 0770 and the dataset owner and group is root and wheel so i would assume this woudn't happen. I am researching how to set the wheel permissions and owner on all files (chown and chmod) as in the past (on my old freenas boxes) i could log in (probably as root) and change the permissions across the board but not now. I am still learning. i am not sure how to get all new files to be fully read write and execute upon initial storage onto the share.

 

[anodos]

Don't add all users to the "wheel" group. That's bad practice because "wheel" is allowed to su to root.
Don't change directory mask. Leave it at 0777.
Don't chmod or chown your samba shares (unless you want to break permissions, your samba config, or both).

Create new groups for your users. Set dataset acl type to "Windows / Mac" and don't mess with it further. Configure permissions from your windows workstation by right-clicking on the share, clicking on properties, and then clicking on the security tab.

Samba permissions are complex. You have interactions between (a) unix file directory permissions [users and groups], (b) share definition access controls, (c) access controls on shares, and (d) file ACLs. Best practice (IMHO) is to leave (a) and (b) open - no restrictions, and define your permissions using (c) and (d).

 

[semaj]

ok so i will create a new group. Add all users except an admin user to the new group. Change the dataset owner group to the new group and leave owner to root and set recursively. remove mask for files in cifs configuration. Then try testing again and see how things work. Once i do that i will work on how to reset windows permissions on all files so all users of the new group have full privileges.

 

[semaj]

ok i did all of that but i have two concerns:
1) How can i change permissions on the existing files so the authenticated users (or all users in my new group "fileserver") have full access to files no matter which user creates it?
2.) How do i set it so all files going forward are accessible to the authenticated users (or all users in my new group "fileserver")?

Right now in windows when i look at a file i just added it shows everyone, user i am logged in as, and account unknown. If i switch it back to wheel group then the wheel group shows up.
I also see this error in the console:

Code:

Jun 17 23:13:20 freenas05bk winbindd[26729]:  sam_sid_to_name: possible deadlock - trying to lookup SID S-1-5-21-3897057096-30879240-2091198215-1005

if i try to add the user group "fileserver" in windows on a file or folder the group does not show only the normal windows ones and the users on the freenas05bk

if i tried to edit a file i can but then after save the unknown account is gone and i can no longer edit it.

 

[Hyperion]

My only suggestion
Is
Start again.