Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Can't login to CIFS share with new user

Status
Not open for further replies.

David47295

Junior Member
Joined
Apr 14, 2017
Messages
20
Hey everyone,

So a while back I created a Windows share on my FreeNAS machine by following this tutorial: https://www.youtube.com/watch?v=RxggaE935PM

Everything went well and the share with all its permissions and what not worked great. So I left my NAS alone for a bit, until now. Today I tried to add a new user and followed the above tutorial to set him up. But for some reason, when I try to log in as that new user on my Windows computer, I can't log in. And when I try to find the new user to set the permissions for various folders, I can't find that new user, and I have no idea why since my set up for the users and groups is identical to the tutorial. Any ideas on why this might be happening? P.S I'm currently running FreeNAS 9.2.1.9.

users2.png

Users and Groups of my FreeNAS system. All of them have the users group as their primary group and family as an auxiliary group

users.png

Here's the new user's configuration

users1.png

The configuration of my dataset

user3.png

This is when I try to search for the new user. Note how the user 'Sidney' is missing when it should show up.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,423
Hey everyone,

So a while back I created a Windows share on my FreeNAS machine by following this tutorial: https://www.youtube.com/watch?v=RxggaE935PM

Everything went well and the share with all its permissions and what not worked great. So I left my NAS alone for a bit, until now. Today I tried to add a new user and followed the above tutorial to set him up. But for some reason, when I try to log in as that new user on my Windows computer, I can't log in. And when I try to find the new user to set the permissions for various folders, I can't find that new user, and I have no idea why since my set up for the users and groups is identical to the tutorial. Any ideas on why this might be happening? P.S I'm currently running FreeNAS 9.2.1.9.

View attachment 22204
Users and Groups of my FreeNAS system. All of them have the users group as their primary group and family as an auxiliary group

View attachment 22202
Here's the new user's configuration

View attachment 22203
The configuration of my dataset

View attachment 22201
This is when I try to search for the new user. Note how the user 'Sidney' is missing when it should show up.
Post output of pdbedit -Lv.
 

David47295

Junior Member
Joined
Apr 14, 2017
Messages
20
Here it is

Code:
Unix username:		root
NT username:		 
Account Flags:		[U		  ]
User SID:			 S-1-5-21-120364989-1995950420-1375991979-1000
Primary Group SID:	S-1-5-21-120364989-1995950420-1375991979-513
Full Name:			root
Home Directory:	   \\freenas\root
HomeDir Drive:		
Logon Script:		 
Profile Path:		 \\freenas\root\profile
Domain:			   FREENAS
Account desc:		 
Workstations:		 
Munged dial:		 
Logon time:		   0
Logoff time:		  Sun, 04 Dec 219250468 07:30:07 PST
Kickoff time:		 Sun, 04 Dec 219250468 07:30:07 PST
Password last set:	Fri, 28 Apr 2017 08:19:47 PDT
Password can change:  Fri, 28 Apr 2017 08:19:47 PDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username:		David
NT username:		 
Account Flags:		[U		  ]
User SID:			 S-1-5-21-120364989-1995950420-1375991979-3002
Primary Group SID:	S-1-5-21-120364989-1995950420-1375991979-513
Full Name:			David Wan
Home Directory:	   \\freenas\david
HomeDir Drive:		
Logon Script:		 
Profile Path:		 \\freenas\david\profile
Domain:			   FREENAS
Account desc:		 
Workstations:		 
Munged dial:		 
Logon time:		   0
Logoff time:		  Sun, 04 Dec 219250468 07:30:07 PST
Kickoff time:		 Sun, 04 Dec 219250468 07:30:07 PST
Password last set:	Fri, 29 Dec 2017 09:09:25 PST
Password can change:  Fri, 29 Dec 2017 09:09:25 PST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username:		Andrew
NT username:		 
Account Flags:		[U		  ]
User SID:			 S-1-5-21-120364989-1995950420-1375991979-3004
Primary Group SID:	S-1-5-21-120364989-1995950420-1375991979-513
Full Name:			Andrew Wan
Home Directory:	   \\freenas\andrew
HomeDir Drive:		
Logon Script:		 
Profile Path:		 \\freenas\andrew\profile
Domain:			   FREENAS
Account desc:		 
Workstations:		 
Munged dial:		 
Logon time:		   0
Logoff time:		  Sun, 04 Dec 219250468 07:30:07 PST
Kickoff time:		 Sun, 04 Dec 219250468 07:30:07 PST
Password last set:	Fri, 28 Apr 2017 09:07:04 PDT
Password can change:  Fri, 28 Apr 2017 09:07:04 PDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username:		Leonard
NT username:		 
Account Flags:		[U		  ]
User SID:			 S-1-5-21-120364989-1995950420-1375991979-3006
Primary Group SID:	S-1-5-21-120364989-1995950420-1375991979-513
Full Name:			Leonard Wan
Home Directory:	   \\freenas\leonard
HomeDir Drive:		
Logon Script:		 
Profile Path:		 \\freenas\leonard\profile
Domain:			   FREENAS
Account desc:		 
Workstations:		 
Munged dial:		 
Logon time:		   0
Logoff time:		  Sun, 04 Dec 219250468 07:30:07 PST
Kickoff time:		 Sun, 04 Dec 219250468 07:30:07 PST
Password last set:	Fri, 28 Apr 2017 09:07:52 PDT
Password can change:  Fri, 28 Apr 2017 09:07:52 PDT
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
---------------
Unix username:		Lisa
NT username:		 
Account Flags:		[U		  ]
User SID:			 S-1-5-21-120364989-1995950420-1375991979-3008
Primary Group SID:	S-1-5-21-120364989-1995950420-1375991979-513
Full Name:			Lisa Wan
Home Directory:	   \\freenas\lisa
HomeDir Drive:		
Logon Script:		 
Profile Path:		 \\freenas\lisa\profile
Domain:			   FREENAS
Account desc:		 
Workstations:		 
Munged dial:		 
Logon time:		   0
Logoff time:		  Sun, 04 Dec 219250468 07:30:07 PST
Kickoff time:		 Sun, 04 Dec 219250468 07:30:07 PST
Password last set:	Wed, 03 Jan 2018 09:42:15 PST
Password can change:  Wed, 03 Jan 2018 09:42:15 PST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

 

David47295

Junior Member
Joined
Apr 14, 2017
Messages
20
Hey sorry for the long response time! I tried recreating the user "Sidney" but the user still doesn't show up when I call pdbedit
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,423
Hey sorry for the long response time! I tried recreating the user "Sidney" but the user still doesn't show up when I call pdbedit
Sounds like something is broken. Is there any particular reason why you're running 9.2.1.9? You can manually add the user to Samba's passdb database via pdbedit -a sidney, then use the same password that you've input into the UI, but I'm somewhat concerned about what other things may be broken. At a minimum, you may want to save your config then reinstall.
 

David47295

Junior Member
Joined
Apr 14, 2017
Messages
20
I'm running 9.2.1.9 because anything later than this version just doesn't boot with the hardware I'm using. The parts I'm using for my FreeNAS machine are OLD (it's using some EVGA motherboard from the early 2000s). I've been planing to upgrade to at least a modern consumer motherboard when I get the money.

And on a related note, I did modify with the way my FreeNAS machine connects to my network. Before I had the machine connect to a network hub which was then connected to a network switch (which was an incredibly stupid idea in hindsight) but recently I removed the network hub entirely and just had my FreeNAS box connect directly to my network switch. Not sure if this could be the source of the issues though.

EDIT: Just tried your suggestion and it seems to have worked. I can log in and see the new user when search for it in Windows,
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,423
EDIT: Just tried your suggestion and it seems to have worked. I can log in and see the new user when search for it in Windows,
Good. That change will persist across reboots and so that user should be good to go. You may or may not need to repeat the procedure for adding users in the future.

There are some nasty samba bugs in 9.2.1.9 (including arbitrary code execution as root via "sambacry"). The mitigation options for this are somewhat limited. Can you post output of "zfs list"?
 

David47295

Junior Member
Joined
Apr 14, 2017
Messages
20
Got it


NAME USED AVAIL REFER MOUNTPOINT
Vol1 123G 1.66T 176K /mnt/Vol1
Vol1/.system 1.54M 1.66T 176K /mnt/Vol1/.system
Vol1/.system/cores 144K 1.66T 144K /mnt/Vol1/.system/cores
Vol1/.system/rrd-f6da24756e2f4dee86c3a9c9fb75829f 144K 1.66T 144K /mnt/Vol1/.system/rrd-f6da24756e2f4dee86c3a9c9fb75829f
Vol1/.system/samba4 432K 1.66T 432K /mnt/Vol1/.system/samba4
Vol1/.system/syslog-f6da24756e2f4dee86c3a9c9fb75829f 676K 1.66T 676K /mnt/Vol1/.system/syslog-f6da24756e2f4dee86c3a9c9fb75829f
Vol1/jails 1.32G 1.66T 272K /mnt/Vol1/jails
Vol1/jails/.warden-template-pluginjail 721M 1.66T 721M /mnt/Vol1/jails/.warden-template-pluginjail
Vol1/jails/nextcloud_1 628M 1.66T 1.31G /mnt/Vol1/jails/nextcloud_1
Vol1/nasDataset 122G 1.66T 122G /mnt/Vol1/nasDataset
Vol1/nextcloud 148K 1.66T 148K /mnt/Vol1/nextcloud
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
6,423
I haven't tested it personally, but based on posts from samba developers in the samba mailing lists I believe the following may be a sufficient mitigation for the vulnerability I mentioned above:

zfs set exec=off Vol1/nasDataset

This is equivalent to mounting a filesystem "noexec". You'll need to verify that it's appropriate for your environment.
 

David47295

Junior Member
Joined
Apr 14, 2017
Messages
20
Ohh I see. The nasDataset Dataset is really just there to store files and stuff. From a quick readup on ZFS commands, exec seems to just be a boolean for enabling program execution within the dataset. So I guess it should be alright... I'll give it a shot.
 
Status
Not open for further replies.
Top