Can't acces cifs share with new user until samba is restarted

[BTrewern]

Hi all, this is my first post so be kind!!

Using FreeNAS-9.1.1-RELEASE-x64 on an HP Microserver with 8GB memory and 2 x 2tb hdd.

I've set up a FreeNAS box for our office here. It seems to work well except for this issue: Whenever I create a new user account it cannot access cifs shares until I restart samba.

On the FreeNAS box itself I tried "# smbclient //localhost/share_name --user=new_username"
I get:
WARNING: The "null passwords" option is deprecated
Enter new_username's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.17]
tree connect failed: NT_STATUS_ACCESS_DENIED

I've tried "# service samba reload" but that doesn't help.

If I do "# service samba restart" my user can login but I get file access problems from other users on the network.

Is this by design? I'm sure I haven't had this same problem running samba on a Linux server.

Any help would be most appreciated.

BTW I'm using the following general settings:

[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = 1
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = guest
map to guest = Bad Password
obey pam restrictions = Yes
# NOTE: read smb.conf.
directory name cache size = 0
max protocol = SMB2
netbios name = dbcserver
workgroup = WORKGROUP
server string = DBC File Server
store dos attributes = yes
unix extensions = no
null passwords = yes
security = user
create mask = 0664
directory mask = 0774
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
os level = 99
wins support = yes
name resolve order = wins lmhosts hosts bcast
domain master = yes
preferred master = yes


Thanks,

Ben

 

[BTrewern]

I've found these posts: http://forums.freenas.org/threads/add-user-or-change-permissions-requires-cifs-restart.5642/ where someone has the same issue. He didn't ever get a solution and came to the conclusion it was a Samba issue but I've just tried the following on Ubuntu 12.04 on another server:

ben@test-server:~$ sudo adduser testuser
Adding user `testuser' ...
Adding new group `testuser' (1010) ...
Adding new user `testuser' (1010) with group `testuser' ...
Creating home directory `/home/testuser' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for testuser
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
ben@test-server:~$ sudo smbpasswd -a testuser
New SMB password:
Retype new SMB password:
Added user testuser.
ben@test-server:~$ smbclient //localhost/testuser --user=testuser
Enter testuser's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.3]
smb: \>

So is this a FreeNAS / FreeBSD issue? I'm going to move over to Active Directory soon. Does anyone have this problem in that configuration?

TIA,

Ben

 

[dlavigne]

I've set up a FreeNAS box for our office here. It seems to work well except for this issue: Whenever I create a new user account it cannot access cifs shares until I restart samba.

Sounds like a bug. Please create an issue at bugs.freenas.org and post the issue number here.

 

[jyavenard]

Found this thread via google as I'm experiencing a similar issue.
However, for me it's much worse. I can't authenticate on any samba share using my username/password.

example:
username: jyavenard created via web interface.

I created a dataset pool/test ; and set ownership to jyavenard

created a "test" share
data share created via UI, /usr/local/etc/smb.conf contains:

[test]
path = /mnt/pool/test
printable = no
veto files = /.snap/.windows/.zfs/
writeable = yes
browseable = yes
inherit owner = no
inherit permissions = no
shadow: snapdir = .zfs/snapshot
shadow: sort = desc
shadow: localtime = yes
shadow: format = auto-%Y%m%d.%H%M-1m
vfs objects = shadow_copy2 zfsacl
guest ok = no
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes

# smbclient -U jyavenard //localhost/test
WARNING: The "null passwords" option is deprecated
Enter jyavenard's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.17]
tree connect failed: NT_STATUS_ACCESS_DENIED

jyavenard doesn't seem to have been created in the smb password file, are you supposed to manually create it with smbpasswd ?

So far the only share I've managed to access are those that have guest access enabled....

Any ideas?

Edit: Found the problem... I had checked in the user account setup "Disable password login" . I thought it only prevented people to login to FreeNAS with a password (so they could only connect using a RSA/DSA key); but this actually prevent the user to be created in the samba password file.
Once I had it unchecked, the users appeared in samba (verified with pdbedit -L).. then only faced the issue mentioned above: must restart CIFS service for user to work

 

[dlavigne]

Thanks for the update. A note has been added to Table 3.2b at http://doc.freenas.org/index.php/Users.

 

[Knowltey]

Yep, ran into this quite a while back and kept bashing my head on the issue until I noticed that restarting the server suddenly allowed the user that was absolutely not working to work just fine with no changes to the user or shares other than the restart. I went ahead after that and tested by creating another new user and then restarted CIFS and it worked fine. So now I just always restart VIFS after making a new user in the event that I need to.

 

[Dusan]

So now I just always restart VIFS after making a new user in the event that I need to.

It seems this will be fixed in 9.2.0: https://bugs.freenas.org/issues/3435
You may want to download the BETA and test your scenario.

 

[Knowltey]

It seems this will be fixed in 9.2.0: https://bugs.freenas.org/issues/3435
You may want to download the BETA and test your scenario.

*Shrug* I never add users, it was just that one time and then another time later, my NAS is mainly just for sharing between my own computers, I was just making an account specifially for my webserver at the time I discovered it. I never even thought about it being a bug, figured it was ust how things were. That'll definitely help people though since it was rather confusing.