So far, I've been running my FreeNAS as a pure backup server that fetches data automatically from my cloud. In the rare cases that I had to actually access data, I used SSH / WinSCP and the root user. Around 3 weeks ago, I've upgraded to 11.3 (Train STABLE) (from 11.2).
I have a Pool DATAPOOL with two subpools that I would like to share: Crypt via SMB and Test1 via Webdav (or anything else - it's only for testing).
Now I'm trying to get some SMB shares up and running. I can log in with my SMB user "CB" in windows (win 10 Pro build 18362) and I see my shares. However, I always got a permission denied, although I've followed instructions in your Video (LINK).
To debug, I set up the WebDav Test share Test1 and again I'm getting "FORBIDDEN: You don't have access to this source".
Finally, I tried to login via SSH with my SMB user "CB" and access the data using Putty. I could login, but when I tried to cd to the shared folder I got again: Permission Denied.
I'm now officially stuck and would really appreciate some help.
Here are my CHMOD Permissions (ls -l):
drwxrwx---+ 11 root wheel 12 Mar 28 16:40 Datapool
drwxrwxr--+ 3 cb cb 8 Feb 23 21:59 Crypt
drwxrwxrwx 2 webdav webdav 2 Mar 28 16:40 Test1
And here my ACL:
# file: Datapool
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
# file: Crypt
# owner: cb
# group: cb
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:r-----a-R-c--s:-------:allow
everyone@:--------------:fd-----:allow
# file: Test1
# owner: webdav
# group: webdav
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:rwxp--a-R-c--s:-------:allow
The SMB Debug Log says (excerpt, I don't wanna spam the forum):
I have a Pool DATAPOOL with two subpools that I would like to share: Crypt via SMB and Test1 via Webdav (or anything else - it's only for testing).
Now I'm trying to get some SMB shares up and running. I can log in with my SMB user "CB" in windows (win 10 Pro build 18362) and I see my shares. However, I always got a permission denied, although I've followed instructions in your Video (LINK).
To debug, I set up the WebDav Test share Test1 and again I'm getting "FORBIDDEN: You don't have access to this source".
Finally, I tried to login via SSH with my SMB user "CB" and access the data using Putty. I could login, but when I tried to cd to the shared folder I got again: Permission Denied.
I'm now officially stuck and would really appreciate some help.
Here are my CHMOD Permissions (ls -l):
drwxrwx---+ 11 root wheel 12 Mar 28 16:40 Datapool
drwxrwxr--+ 3 cb cb 8 Feb 23 21:59 Crypt
drwxrwxrwx 2 webdav webdav 2 Mar 28 16:40 Test1
And here my ACL:
# file: Datapool
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow
# file: Crypt
# owner: cb
# group: cb
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:r-----a-R-c--s:-------:allow
everyone@:--------------:fd-----:allow
# file: Test1
# owner: webdav
# group: webdav
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:rwxp--a-R-c--s:-------:allow
The SMB Debug Log says (excerpt, I don't wanna spam the forum):
Code:
[2020/04/04 16:16:02.211523, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit) smb2_set_operation_credit: smb2_set_operation_credit: requested 8, charge 1, granted 8, current possible/max 8121/8192, total granted/max/low/range 79/8192/20/79 [2020/04/04 16:16:02.213697, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2020/04/04 16:16:02.213721, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number) smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 20 (position 20) from bitmap [2020/04/04 16:16:02.213741, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 20 [2020/04/04 16:16:02.213763, 5, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate) change_to_user_impersonate: Skipping user change - already user [2020/04/04 16:16:02.213786, 4, pid=30184, effective(1001, 1002), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir) vfs_ChDir to /mnt/Datapool/Crypt [2020/04/04 16:16:02.213810, 3, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service) chdir (/mnt/Datapool/Crypt) failed, reason: Permission denied [2020/04/04 16:16:02.213831, 0, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal) change_to_user_internal: chdir_current_service() failed! [2020/04/04 16:16:02.213852, 3, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542 [2020/04/04 16:16:02.213874, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261 [2020/04/04 16:16:02.213897, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit) smb2_set_operation_credit: smb2_set_operation_credit: requested 7, charge 1, granted 7, current possible/max 8114/8192, total granted/max/low/range 85/8192/21/85 [2020/04/04 16:16:04.329771, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2020/04/04 16:16:04.329846, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number) smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 21 (position 21) from bitmap [2020/04/04 16:16:04.329871, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 21 [2020/04/04 16:16:04.329897, 5, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/uid.c:326(change_to_user_impersonate) change_to_user_impersonate: Skipping user change - already user [2020/04/04 16:16:04.329919, 4, pid=30184, effective(1001, 1002), real(0, 0), class=vfs] ../../source3/smbd/vfs.c:805(vfs_ChDir) vfs_ChDir to /mnt/Datapool/Crypt [2020/04/04 16:16:04.329958, 3, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/service.c:157(chdir_current_service) chdir (/mnt/Datapool/Crypt) failed, reason: Permission denied [2020/04/04 16:16:04.329978, 0, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/uid.c:448(change_to_user_internal) change_to_user_internal: chdir_current_service() failed! [2020/04/04 16:16:04.329998, 3, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:2542 [2020/04/04 16:16:04.330021, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3104(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../../source3/smbd/smb2_server.c:3261 [2020/04/04 16:16:04.330042, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:956(smb2_set_operation_credit) smb2_set_operation_credit: smb2_set_operation_credit: requested 6, charge 1, granted 6, current possible/max 8108/8192, total granted/max/low/range 90/8192/22/90 [2020/04/04 16:16:15.972796, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:3979(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2020/04/04 16:16:15.972905, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2_credits] ../../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number) smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 22 (position 22) from bitmap [2020/04/04 16:16:15.972932, 10, pid=30184, effective(1001, 1002), real(0, 0), class=smb2] ../../source3/smbd/smb2_server.c:2343(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_TDIS] mid = 22 [2020/04/04 16:16:15.972973, 4, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (1001, 1002) - sec_ctx_stack_ndx = 0 [2020/04/04 16:16:15.972998, 5, pid=30184, effective(1001, 1002), real(0, 0)] ../../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (11): SID[ 0]: S-1-5-21-3838610737-2821999733-1669627128-1007 SID[ 1]: S-1-5-21-3838610737-2821999733-1669627128-513 SID[ 2]: S-1-22-2-1002 SID[ 3]: S-1-22-2-1001 SID[ 4]: S-1-1-0 SID[ 5]: S-1-5-2 SID[ 6]: S-1-5-11 SID[ 7]: S-1-22-1-1001 SID[ 8]: S-1-22-2-90000004 SID[ 9]: S-1-22-2-90000005 SID[ 10]: S-1-22-2-90000007 Privileges (0x 0): Rights (0x 0): [2020/04/04 16:16:15.973149, 5, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 1001 Primary group is 1002 and contains 5 supplementary groups Group[ 0]: 1002 Group[ 1]: 1001 Group[ 2]: 90000004 Group[ 3]: 90000005 Group[ 4]: 90000007 [2020/04/04 16:16:15.973288, 5, pid=30184, effective(1001, 1002), real(0, 0)] ../../source3/smbd/uid.c:300(print_impersonation_info) print_impersonation_info: Impersonated user: uid=(0,1001), gid=(0,1002), cwd=[/var/tmp]