Error loading FreeNAS CIFS share to Ubuntu. Worked before move to FreeNAS 9.10

[Estropelic]

mount error(13): Permission denied
FreeNAS-9.10.2-U2 (e1497f2)

Was working on FreeNAS 10. Downgraded to 9.10 and now I get an error. I use a mount point in fstab to send crashplan my backups. Anyone else having issues mounting CIFS shares. Maybe I had a setting in my prior build that was not setup correctly. Any suggestions?

 

[Ericloewe]

So fix the permissions. If needed, set sane defaults and work from there.

 

[Estropelic]

So I tried to change the owner of the dataset to the user I want the mount poin set. I used recursive and the owner will not change from root. That normal?

 

[Ericloewe]

Did you select Windows permissions?

 

[Estropelic]

I left as Unix with SMB service enabled. I'm working with Ubuntu and Windows workstations

 

[Estropelic]

I took screenshots before I made the move to corral. I'll see if I have anything to reference.

 

[Ericloewe]

I left as Unix with SMB service enabled. I'm working with Ubuntu and Windows workstations

No, that's not a good idea. You'll want Windows permissions.

 

[Estropelic]

So I swapped permissions to windows and changed owner to another user account. Owner remained as root.

 

[Estropelic]

Made a new dataset and perms remained as root after changing and setting recursive.

 

[Ericloewe]

This may have something to do with the funky ACLmode that Corral invented.

Try setting the aclmode to restricted using zfs set on the relevant datasets. Please research the details for this.

 

[Estropelic]

Reading forum post located here.
https://forums.freenas.org/index.php?threads/permissions-not-persisting.40653/

 

[Estropelic]

Ran the following commands and set dataset and pool ACL permissions accordingly.

Code:

[root@freenas] ~# zfs get aclmode FREENASPOOL/FILES
NAME			   PROPERTY  VALUE		SOURCE
FREENASPOOL/FILES  aclmode   passthrough  local

[root@freenas] ~# zfs get aclmode FREENASPOOL/.system
NAME				 PROPERTY  VALUE		SOURCE
FREENASPOOL/.system  aclmode   passthrough  local

[root@freenas] ~# zfs get aclmode FREENASPOOL
NAME		 PROPERTY  VALUE		SOURCE
FREENASPOOL  aclmode   restricted   local

I later ran this command and I cannot assign another user owner of the dataset.

Code:

[root@freenas] ~# winacl -O root -G wheel -a reset -r -p /mnt/FREENASPOOL/FILES

 

[Estropelic]

I'll continue tomorrow, I'm beat. I did recall having n issue locating my user accounts when I made the leap to Corral. Thanks for the hand.

 

[anodos]

I'll continue tomorrow, I'm beat. I did recall having n issue locating my user accounts when I made the leap to Corral. Thanks for the hand.

Post the following:

• fstab entry for your samba share on the Client
• contents of /usr/local/etc/smb4.conf on the FreeNAS server
• output of net groupmap list on the FreeNAS server
• output of net getlocalsid on the FreeNAS server
• output of getfacl /path/to/share on the FreeNAS server

 

[Estropelic]

I'll get to this tonight. Thanks for the hand.

 

[indy]

You could try setting "Server minimum protocol" in the SMB configuration to "NT1".
Just a wild guess though.

 

[anodos]

You could try setting "Server minimum protocol" in the SMB configuration to "NT1".
Just a wild guess though.

The Linux kernel CIFS driver supports SMB 2/3. Most problems I've seen with low minimum protocol are in the Android space.

 

[Ericloewe]

The Linux kernel CIFS driver supports SMB 2/3. Most problems I've seen with low minimum protocol are in the Android space.

And embedded stuff, like printers.

 

[anodos]

And embedded stuff, like printers.

Indeed. Crappy android apps and printers show about the same level of code quality.

 

[Estropelic]

• fstab entry for your samba share on the Client

//freenas.local/FILES /mnt/freenas cifs username=username,password=password,domain=WORKGROUP,iocharset=utf8,sec=ntlm 0 0

• contents of /usr/local/etc/smb4.conf on the FreeNAS server

[root@freenas] ~# testparm /usr/local/etc/smb4.conf
Load smb config files from /usr/local/etc/smb4.conf
Processing section "[FILES]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
dos charset = CP437
multicast dns register = No
netbios aliases = FREENAS
server string = FreeNAS Server
lm announce = Yes
nsupdate command = /usr/local/bin/samba-nsupdate -g
logging = file
max log size = 51200
domain logons = Yes
kernel change notify = No
panic action = /usr/local/libexec/samba/samba-backtrace
pid directory = /var/run/samba
disable spoolss = Yes
load printers = No
printcap name = /dev/null
server max protocol = SMB2
time server = Yes
map to guest = Bad User
obey pam restrictions = Yes
security = USER
server role = standalone server
username map = /usr/local/etc/smbusers
deadtime = 15
hostname lookups = Yes
max open files = 470207
dns proxy = No
idmap config *: range = 90000001-100000000
idmap config * : backend = tdb
store dos attributes = Yes
strict locking = No
directory name cache size = 0
dos filemode = Yes
acl allow execute always = Yes
ea support = Yes
create mask = 0666
directory mask = 0777


[FILES]
path = /mnt/FREENASPOOL/FILES
veto files = /.snapshot/.windows/.mac/.zfs/
read only = No
vfs objects = zfs_space zfsacl streams_xattr aio_pthread
zfsacl:acesort = dontcare
nfs4:chown = true
nfs4:acedup = merge
nfs4:mode = special
[root@freenas] ~#

• output of net groupmap list on the FreeNAS server

freenas (S-1-5-21-598215223-1679715684-3756814963-1001) -> freenas
ftpuser (S-1-5-21-598215223-1679715684-3756814963-1005) -> 1002

• output of net getlocalsid on the FreeNAS server

SID for domain FREENAS is: S-1-5-21-598215223-1679715684-3756814963

• output of getfacl /path/to/share on the FreeNAS server

[root@freenas] ~# getfacl /mnt/FREENASPOOL/FILES
# file: /mnt/FREENASPOOL/FILES
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
everyone@:r-x---a-R-c---:fd-----:allow
[root@freenas] ~#