9.2.1.8 cifs "Apply Default Permissions" on share?

[RegularJoe]

Help,

What does this mean? Does it save(stomp) the existing permissions each time I press the OK button? Should I uncheck the box after I have verified I can connect and add new active directory groups to the Samba ACL?

Lets say I connect via computer management from a Windows machine and make it so my Samba ACL permission for graphics designers and cad designers to have change access and domain users read access(Domain Admins and Administrator have Full control from the storage/volume/dataset permissions). I want to make all the changes in Windows.

I have seen where the first share will survive a reboot but the second share gets confused and reverts back to root/wheel permissions.

I really can't have a FreeNAS server have a brain dump at reboot and then have my users locked out of their data. I have followed this guide : https://forums.freenas.org/index.ph...directory-folder-file-user-permissions.20610/

I have written down ALL my steps and wonder if things change too much in FreeNAS for the documentation to be valid/ i would suggest the version 4.0 of SAMBA to NEVER change except for Bug Fixes(4.0.x) and that when SAMBA 4.1 does change the version of FreeNAS changes from 9.2 to 9.3 as all the configuration scripts and settings may no longer work.

Thanks,
Joe

 

[cyberjock]

I'll try to keep this short:

1. If permissions are changing, then it's likely you've set something wrong and don't know it. I can't say much more than that because it's easy to have randomly changing permissions as a result of many different reasons.
2. Samba changes are coming along with bug fixes, so we can't necessarily exclude some while including others.
3. The version numbers won't mean much when 9.3 comes out because after you switch to 9.3 there will be updates that you install from the WebGUI that will update it. 9.3 only represents the kernel version from FreeBSD and little else.

 

[RegularJoe]

I saved the settings after making all my changes so I can restore them. What I see is that from the Storage/Volumes/Change Permissions that just the group has Read, Write and execute. For some reason the owner and other are now un-checked.

So I guess I have to ask how to I re-check the owner and other. This make the change on both of my CIFS shares

 

[RegularJoe]

The other setting that I un-checked that was a default was under CIFS for Unix Extensions since I will never have a UNIX machine talking to this host over CIFS. And if the UNIX machine is it would be using an AD user and password so it would show up on the FS as a Samba/AD user for owner and permissions.

 

[RegularJoe]

in the console window I am getting these errors:

Nov 14 13:22:22 Freenasb smbd[9152]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/FREENASB.biz.com@BIZ.COM(kvno 29) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Nov 14 13:22:22 freenasb smbd[9153]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/FREENASB.biz.com@biz.COM(kvno 29) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Stop refresh

 

[RegularJoe]

so now I check the box in CIFS "UNIX Extensions" and reboot.

Now the shares have different permissions even though I configured them identically from a Windows host:

Storeage/Volumes/mnt/vol/gallery : 775
Storeage/Volumes/mnt/vol/data : 070

 

[RegularJoe]

When I try to connect from a windows server 2008r2 domain controller with "Computer Management" I get the error :

Event viewer cannot connect to computer "FREENASB", The error reported is : The RPC server is unavailable

The "Computer Management" does allow me(as the domain administrator) to navigate to the shares and then I get an error:

Shared Folders

You do not have permissions to see the list of shares for Windows clients.

 

[RegularJoe]

Now after rebooting this freeNAS box the "Directory Service" will not start and neither does "CIFS"

When I try to manually start "Directory Services" it will not start

Doing another restore of my config

 

[RegularJoe]

NFG, now I cannot even get the Directory Service or CIFS to auto start.

 

[cyberjock]

I bet you shared your pool and screwed up the permissions on your .system dataset. You shouldn't share out the entire pool, and you will have to fix the .system dataset permissions by destroying the .system dataset. You should be able to destroy the dataset with a command like "zfs destroy <pool>/.system -fR"

 

[RegularJoe]

nope, I did not share the pool but made 2 data sets and shared those. I booted with a virtual CD from my KVM and upgraded to 9.3 so we will just have to start over and if I can't get it to work I will be posing in the Beta 9.3 forums.

Thanks,
Joe