changed uid+gid number, samba won't allow login anymore

ikke

Contributor
Joined
Apr 22, 2012
Messages
124
Hi,

any idea where samba would store the uid of user or which file permissions would be wrong?

I tried to unify my user credentials in home network by changing my uid+gid to the same value on few machines. I replaced uid/gid on filesystem using find. Everything is fine now but freenas smb. For some reason I get permission denied immediately before asking pwd. I have setting that only my username may use the share. This is the login result now (samba restarted):

$ smbclient //tahkanas.tahkanet/user/ -o username=user
Domain=[TAHKANET] OS=[Unix] Server=[Samba 3.6.5]
tree connect failed: NT_STATUS_ACCESS_DENIED

where as by using the other username for other share everything is fine. Also ssh works fine using any username. Any leads?
 

paleoN

Wizard
Joined
Apr 22, 2012
Messages
1,403
any idea where samba would store the uid of user or which file permissions would be wrong?
The ones underneath, up two and on the right.

Any leads?
I'm not clear on what you actually did. The generated smb.conf file is located at /etc/local/smb.conf. Maybe you are looking for this /etc/local/samba/secrets.tdb instead?
 

ikke

Contributor
Joined
Apr 22, 2012
Messages
124
Thanks, for some rason the freenas smb paaswd.tdb had lost mu uid. Adding it back with pdbedit -a -u got it working again.

For the question what I did, here it is:
1. changed uid from gui
2. Added new group to match the uid
3. Deleted the old group
4. Modified the user to have the new group as the primary group
5. Modified the geoup name to be the same as the original
7. Used find / -uid -exec chown and respectively for the gid to update the file ownership

Steps 1 to 5 were done in webgui. I'm not 100% sure about the order. There are extra steps due the gui not allowing gid number change.

But somewhere in between of those steps is a bug in freenas. It looses the uid from smb passwd.tdb.
 

ikke

Contributor
Joined
Apr 22, 2012
Messages
124
and more info if someone runs to this issue... The bsd uid is stored in the database, it needs to be altered there too, otherwise passwd.tdb gets regenerated wrongly at the next boot:

Get your smb passwd entry from database, change your_username to be your username:

Code:
select bsdusr_smbhash from account_bsdusers where bsdusr_username='your_username';


and notice the entry has invalid uid number, get the returned string and update it back with changed uid number. Replace *** below with the string got above with valid uid changed within:

Code:
update account_bsdusers set bsdusr_smbhash='***' where bsdusr_username='your_username';
 

ikke

Contributor
Joined
Apr 22, 2012
Messages
124
I got asked by a user how to get to the database in above commands. Here's the trick:

Log into shell as root. Normally "ssh freenas", and "su -" will do it. You enter to database like this:

Just in case, copy it, and check from copy:

cp /data/freenas-v1.db /tmp/ sqlite3 /tmp/freenas-v1.db SQLite version 3.20.1 2017-08-24 16:21:36 Enter ".help" for usage hints. sqlite> select bsdusr_smbhash from account_bsdusers where bsdusr_username='your_username';

You will get out of that sqlite by pressing control-d.

When you are absolutely sure you want to mess with it, take a backup of original database, and execute any database commands directly to real database. Or better yet, do it elsewhere, and just upload the database via gui. You perhaps need to restart services, or reboot, depending on your changes. Somehow you need to ensure the changes come into effect in freenas userspace.
 

Digitaldreams

Explorer
Joined
Mar 7, 2017
Messages
80
This is great. Thank you for posting.
 
Top