Unable to view users from Windows

[milancesal]

I've been doing everything I can for 3 days and I still cannot solve this problem. Please help if you have experienced the same.

Current setup:
- FreeNAS11-U3
- Hosname is set to "freenas.local"
- SMS NetBIOS name and alias are set to "FREENAS"
- created a user "admin" in "wheel" group
- dataset "test" share type is Windows, permission type is Windows, owner is "admin", owner group is "wheel"
- there is no domain controller in the network and no domain controller service enabled on freenas
- freenas machine and this Windows PC are in the same workgroup "WORKGROUP"
- Xeon CPU. 32GB RAM. LSI 2008 IT mode mps driver. 10TB x 16 disks. 10G myricom NIC.

What I want:
- I want "admin" be able to modify Windows ACLs on that "test" share. Add more users and groups.

Problem:
- In explorer, go to "\\FREENAS". I see "test". Double click on it. Login as "FREENAS\admin".
- Checked that I can create files and folders.
- I go back to "\\FREENAS". There I see "test" again. Right click and go to properties, then security.
- I see 3 in the list. "Everyone", "Unix Group\wheel" and "FREENAS\admin"
- Then I try to add a group or a user.
- It asks me to login again. I login as "FREENAS\admin" again. (this doesn't seem to work. no matter what I type in, the same. even wrong passwords or usernames)
- I type in a user name "john". It says it cannot find it. Click on "Find" button and I don't see any user or group from FREENAS, but all the local PC users.

No firewalls on the windows PC. This is a Windows 7 client. I am logged into this windows PC with admin user. I tried to ping "freenas.local" and "FREENAS", and they all reolve to the same, correct IP address.

I've seen some videos that show this just works fine. I've found one thread that talks about this problem, but there is no solution at the end.

WHAT COULD I BE POSSIBLY DOING WRONG?

 

[SweetAndLow]

Freenas version and hardware specs are required for every new thread.

 

[milancesal]

Freenas version and hardware specs are required for every new thread.

FreeNAS version and H/W specs added.

 

[Redcoat]

see 3 in the list. "Everyone", "Unix Group\wheel" and "FREENAS\admin"
- Then I try to add a group or a user.
- It asks me to login again.

?? This couldn't be Windoze Admin Approval Mode asking you to log in, could it?

 

[milancesal]

?? This couldn't be Windoze Admin Approval Mode asking you to log in, could it?

Nope. Definitely not. I did try to login with Windows user which I am using with this windows client, but the result is the same. It is definitely trying to authenticate against the FreeNAS machine. The strange thing is that it doesn't show you if authenticated or not. However, I guess it shows the users on the Windows client only, because that authentication failed. "admin and "FREENAS\admin" both do not work. I have no idea what happens underneath when client tries to retrieve the list of users and groups on a SAMBA machine.

Anyone else?

I haven't tried this with Windows 8 or 10 though.

 

[anodos]

Nope. Definitely not. I did try to login with Windows user which I am using with this windows client, but the result is the same. It is definitely trying to authenticate against the FreeNAS machine. The strange thing is that it doesn't show you if authenticated or not. However, I guess it shows the users on the Windows client only, because that authentication failed. "admin and "FREENAS\admin" both do not work. I have no idea what happens underneath when client tries to retrieve the list of users and groups on a SAMBA machine.

Anyone else?

I haven't tried this with Windows 8 or 10 though.

Connect to share, type "smbstatus" in FN CLI. Post output.
In freenas CLI type "testparm" press enter to dump your samba config. Post output

Enclose output in code tags.

 

[milancesal]

I just did exactly the same thing on a Windows 10 machine. And, guess what? It just WORKS! It does NOT prompt again for authentication and I type in "admin", then it changes to "FREENAS\admin". I click on "Find Now" button and below, it shows all accounts and groups (including Windows local users and groups). Those videos on YouTube I mentioned use Windows 10 as well.

I have found 2 other threads in the forum which talk about exactly the same issue:
Users and groups not showing up in Windows 7
https://forums.freenas.org/index.php?threads/users-and-groups-not-showing-up-in-windows-7.46023/
Cannot Add User in Windows Security Dialog
https://forums.freenas.org/index.php?threads/cannot-add-user-in-windows-security-dialog.18572/

None of those 2 threads reach to any solution.

On Windows 7, I did try to enable Administrator and logon as Administrator, and do the same thing. Some people say this works, but it didn't work for me. Then I found something like SeDiskOperatorPrivilege privilege. On FREENAS, I checked who has that privilege with "net rpc rights list" command and it shows only "BUILTIN/Adminitrators". So I added "FREENAS/admin" which is the uesr I use to login when connecting to the share. This has no effect.

"smbstatus" shows "admin" on Win7 is using SMB2 and "admin" on Win10 is using SMB3. This is the only difference I could find. Minimum protocol is not set and maximum protocol is set to SMB3.

I'm sure a lot of people have experienced the same as they have decided to use Windows share and permission type, and let users or admins manage ACL on Windows only for more granular control of rights.

It is pretty surprising that no one has an answer to this in the forum.

Works on Windows 10 and doesn't work on Windows 7. (I haven't tested this with Windows 8, but people say it does work on Win8 as well)

I shouldn't close this thread until it gets solved clearly :)

 

[milancesal]

NOTE: I think the problem just starts with that authentication prompt. I'm already logged in and able to view and edit files and folders in that share. Why would I have to login again to view users and groups on FREENAS? On Win10, it does not prompt again.

 

[anodos]

Increase smb logging to 'debug', reproduce problem, and upload /var/log/samba4/log.smbd.

 

[milancesal]

Increase smb logging to 'debug', reproduce problem, and upload /var/log/samba4/log.smbd.

Please find attached log captured in debug mode.

Steps taken to reproduce the problem: boot FREENAS -> from Win7, locate \\FREENAS -> locate 'workboxing' shared folder -> login with 'freenas\admin', but a wrong pssword -> try again with the correct password -> got into the folder and create a sub-folder 'test' -> right click on it and view security tab -> click on Edit, click on Add -> type in 'admin' and click on Check Name -> i get prompted to login to FREENAS again -> i type in 'freenas\admin' and correct password -> it says 'admin' cannot be found -> click on Find Now -> users and groups from that Win7 only and nothing from FREENAS

 

[milancesal]

still no clue. desperately looking for a solution :(