"Connect using different credentials" on Windows 10 doesn't work

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
Hi everyone,

I'm running Veeam on my Windows 10 clients to backup the OS drive to a FreeNAS dataset. To make it harder for my family to accidentally remove / damage backups, I wanted to let Veeam use a different account for accessing the backups-dataset.

However, I'm having trouble connecting to my SMB share using different credentials... Veeam can't connect to it and also when I try to map the drive myself, it doesn't work. Below is how I try to connect. This is while being logged in as my own account, 'm4st4'.
1595862357285.png

1595862388756.png
1595862458157.png



For testing purposes, I've temporarily created an local windows account called 'backup', but even then I still can't connect to the share when I'm logged as myself (m4st4). However, when I login on Windows as user 'backup', then I can map the network drive...

I've tried a lot of settings in FreeNAS. At one point I even cleared all ACLs and I've set the "default ACL options" to 'open'. But even then it doesn't work when I'm logged in as myself (m4st4). Only when I login as user 'backup' I can map the network drive.

Below some screenshots of the configuration in FreeNAS
1595863021081.png

1595862915482.png

1595863268322.png


Is this normal behaviour? Is there any advised method for doing this?

Thanks!
 

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
I'm also having trouble getting anything of this logged...

I've tried setting the log level of the SMB service to full and I also tried setting the auxiliary parameters to "log level = 1 auth_audit:3"
But still NOTHING appears in the samba log file (/var/log/samba4/log.smbd) when I try to login :(
 

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
anyone?
 

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
found it, details in the link below:

Conclusion:
  • It is possible to map a FreeNAS SMB Share in Windows 10 using "different credentials"
  • It is even possible to do this without creating this user as a Windows user
  • I don't know why and if this is also a bug, but somehow it is required to fill in your credentials twice to map the drive to Windows
  • There is some weird bug in FreeNAS11 and/or Windows10 which causes Windows10 to think that a "similarly named", but 100% different, mapped drive is the drive you're trying to map, which causes the drive mapping to fail if they use different credentials. For example:
    • Have a shared named testshare mapped with credentials for testuser and then try to map a share named testshare2 with credentials for testuser2
    • Have a shared named tshare3 mapped with credentials for tuser3 and then try to map a share named tshare31 with credentials for tuser31
 
Last edited:

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
Last edited:

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
Thanks for the feedback!

But isn't that simply a confirmation that he was able to replicate my issue on Windows Server 2016?
Why would he be interested in PCAPs if there is "different behaviour" (aka not able to replicate the issue)? Is that a question to me?
I guess I'm missing / misunderstanding something...
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
No. Question was of you to provide comparative pcaps. Windows server 2016 was throwing same error in same circumstances for me. The status error was also not being returned by the Windows and Samba SMB servers.

I need to understand the sequence of SMB2 requests to determine whether this is a Windows kernel SMB client quirk or whether it's a limitation in Samba. Do note that Linux SMB clients communicating with samba do not face this same limitation.

So... I need:
1) pcap of successful mount from Windows SMB client (one with one set of creds, one with second).
2) pcap of failure from perhaps same client of failure to do same to a Samba server
 
Last edited:

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
Thanks for the clarification!

I don't have much experience with Wireshark, but I'll try to give it a shot anyway (hopefully somewhere this weekend)

I'll try the below:
1) setup dataset (testds, testds2), share (testshare, testshare2), users (testuser, testuser2)
2) start monitoring with Wireshark
3) successfully mount testshare
4) stop monitoring with Wireshark
5) start monitoring with Wireshark
6) fail to mount testshare2
7) stop monitoring with Wireshark
8) unmount testshare
9) start monitoring with Wireshark
10) successfully mount testshare2
11) stop monitoring with Wireshark

That will give you 3 PCAPs with hopefully the data that you need...
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Thanks for the clarification!

I don't have much experience with Wireshark, but I'll try to give it a shot anyway (hopefully somewhere this weekend)

I'll try the below:
1) setup dataset (testds, testds2), share (testshare, testshare2), users (testuser, testuser2)
2) start monitoring with Wireshark
3) successfully mount testshare
4) stop monitoring with Wireshark
5) start monitoring with Wireshark
6) fail to mount testshare2
7) stop monitoring with Wireshark
8) unmount testshare
9) start monitoring with Wireshark
10) successfully mount testshare2
11) stop monitoring with Wireshark

That will give you 3 PCAPs with hopefully the data that you need...
The key point is to capture Windows Server behavior (shares on a Windows server) when it's behaving differently than FreeNAS.
 

Mastakilla

Patron
Joined
Jul 18, 2019
Messages
202
Sorry, I think I'm still not following 100%...

Do you mean I should be mounting the FreeNAS shares on Windows Server instead of Windows 10?
Or do you mean I should create shares on Windows Server and then mount those on my Windows 10 to see if there is any difference to when mounting shares from FreeNAS?

I don't really have Windows Server at hand, so I'd had to set on up on VMware or something.
 
Top