Everything opens as "Read Only"

[CLSegraves]

I guess another option is "How do I access the drives through windows as the root admin?"

 

[solarisguy]

Sorry, I should have made it more clear. Since when you are following the documentation, CIFS does not work for you, I gave you my shortcut for special situations. I cannot retest it at this moment though. My guide was however missing two steps: SSH access (root has to be allowed) and pool creation (defaults are fine). It assumes a fresh new installation (that is why it has the patch reminder). You do that particular patch only once.

Specifically marking Only Allow Guest Access makes it that no password is required to connect to the share and all users share the permissions of the guest user defined in Services → CIFS (from documentation). You must not select Only Allow Guest Access, as that is not what most people who want to give all the access to everybody want.

 

[CLSegraves]

In a "oh wait" moment, I realized I could just set the "owner" to myself (my own user account). That gave me the required permission to change the Windows permissions (in explorer) from "read" to "full control" for the group (my "family" group). It now seems that everyone in the group has full control of everything on the NAS.

 

[CLSegraves]

As I asked above, whats the difference between the Unix and Windows/Mac permissions? Since all my users are Windows machines, shouldn't I be using the Windows permissions?

 

[CLSegraves]

FFFFFFFFFFFF!!!

So I'm able to see all my drives and everything is "working" and I decide to get rid of the USB drive.

I remove the share and then remove the USB drive. Instantly, CIFS crashes.

I go into services and find it "on" but can't net view the NAS. I decide to see if CIFS can be cycled so I turn it "off" and get an error. Sure enough, now I can't turn it back "on" (Service can not be started error).

 

[CLSegraves]

So I tried running through the process again, this time without the USB drive. No luck. CIFS won't start even on a fresh install.

Next I unhooked all the drives, plugged the USB drive back in the system, and rebooted. Added the USB drive as a new ZFS pool, added the share (which auto asked to start CIFS), and CIFS immediately started.

So it looks like something is messed up on my ZFS pools and the only way to mount it is by getting the USB drive mounted first. Then once the USB drive is mounted, I can mount the others. Guess I'll bite the bullet, mount the USB drive, get my other drives mounted, copy the data off, then do a completely fresh rebuild (destroy the pools and start over).

If someone could answer my question regarding Unix vs Windows/Mac ACLs (when and why use each), that would be wonderful.

Thanks for all the help everyone.


edit: Before I get asked "why don't you just leave the USB storage drive in place?"

1. For some reason with the USB storage drive in place, the NAS hangs on shutdown (it un-mounts the drive, then locks).
2. I'd rather fix the underlying problem (the actual ZFS pools) rather than band-aid it with an extra drive.

 

[solarisguy]

Lot's of good questions and unfortunately answers to them too often depend on actual circumstances, so they are not exhaustively covered in any documentation...

Currently, I do not have access to my FreeNAS. And that may last for a couple of days, so I will just go through my theoretical ideas. I think my answers fall into three groups: what to do to have your FreeNAS working, what is happening that things are not working, why...

I am afraid that my answers from the third group would be very basic, as my knowledge of FreeNAS and CIFS is rather superficial.
==========================================
You have a dataset or directory .system on your Volume, that has to be removed and recreated anew, since somehow it does interfere with proper CIFS operations.

You had hit a bug (listed resolved in the next release of FreeNAS) about .system dataset missing or being moved.

You had hit a bug related to the way FreeNAS treats ZFS on USB.

I have modified my steps to be all inclusive and I am posting them here right away. I will add explanations in my subsequent posts, but I cannot promise when.

==========================================
Start your FreeNAS with a newly imaged USB with 9.2.1.5, your disks and that extra USB memory device.

root password
login as root

Services → SSH →
* Login as Root with password: YES
Services →
* SSH → ON

System → Settings → Advanced →
* Show advanced fields by default: YES

Storage → Volumes → ZFS Volume Manager →
* create a pool on USB memory, Volume Name = Temporary, using system defaults (.system gets placed on it immediately)

Storage → Volumes → View Volumes →
Auto Import Volume → Encrypted ZFS volume? No: Skip to import → Volume → YOUR_POOL_NAME

Login to your system using SSH. In that SSH session
* zfs list | grep YOUR_POOL_NAME/.system
* zfs destroy YOUR_POOL_NAME/.system/syslog
* zfs destroy YOUR_POOL_NAME/.system/samba4
* zfs destroy YOUR_POOL_NAME/.system/cores
* zfs destroy YOUR_POOL_NAME/.system
* zfs list | grep YOUR_POOL_NAME
* make sure that there is no directory /mnt/YOUR_POOL_NAME/.system

System → Settings → Advanced →
System dataset pool → YOUR_POOL_NAME

Storage → Volumes → View Volumes →
Temporary → Detach Volume → Mark the disks as new (destroy data): YES

( only after that reboot .system will be working properly from YOUR_POOL_NAME )
* shutdown the system
* remove temporary USB
* restart your system


Storage → Volumes → /mnt/YOUR_POOL_NAME → Change Permissions →
allow read, write, execute access to owner, group, other (leave owner and group as root and wheel)


On 9.2.1.5 only, in an SSH session, and not in a shell from GUI (because of the patch stopping GUI)
* patch the system → https://bugs.freenas.org/issues/4874


Sharing → Windows (CIFS) → Add Windows (CIFS) Share →
Name: YOUR_POOL_NAME
Path: /mnt/YOUR_POOL_NAME
Browsable to Network Clients: YES (default)
Inherit ACL's: YES (default)
Show Hidden Files: YES
Allow Guest Access: YES
Only Allow Guest Access: NO (default)
Hosts Allow: EMPTY (default)
Hosts Deny: EMPTY (default)
Auxiliary Parameters: EMPTY (default)

Would you like to enable this service? YES

Services → CIFS →
DOS charset: CP437 (default)
UNIX charset: UTF-8 (default)
Log level: Minimum (default)
Local Master: YES (default)
Time Server for Domain: YES (default)
Support DOS File Attributes: YES (default)
Unix Extensions: YES (default)
Zeroconf share discovery: YES (default)
Hostname lookups: NO
Allow execute always: YES (default)
==================================


There could be (I am certain that there would be ;) ) a problem with the data already in place. That can be dealt with.

 

[solarisguy]

Using Windows ACLs, as opposed to Unix ACLs?

Yes, ultimately you may want to use Windows ACLs, since the setup I had proposed stores all the files and directories owned by user nobody. So everybody can access everything...

The advantage for not using Windows ACLs is that no setup, design or thought needs to be given to permissions.

Samba 4.x is more secure than Samba 3.x. It follows, that the design you had successfully deployed at home with versions of FreeNAS running Samba 3.x (FreeNAS 9.2.0 and earlier) might not be possible with Samba 4.x.

Again, if new directories and files are behaving OK in your share, that you had set up exactly as I suggested above, then it would be trivial to add access to all the data already on your disks. The net result: everybody would be able to access (read, write, execute and delete) everything.

P.S. I am admitting to using only Windows XP and Windows 7 clients. I have absolutely no idea what happens with CIFS clients older than Windows XP or with ones running Windows 8 and up.

 

[solarisguy]

Could you please, after finishing with the setup, provide the output of

Code:

ls -l /var/db/samba4
ls -l /var/db

 

[CLSegraves]

I ended up just wiping my pools (pulled all the drives, installed them in a desktop machine, and reformatted them in Windows). That solved all the issues. It seems certain now that something was messed up on my pools and I was probably never going to get them to mount correctly.

With Windows ACLs, am I setting all of the permissions through Windows (through properties)?

 

[anodos]

Follow procedures here to create shares, users, and groups: http://doc.freenas.org/index.php/Windows_(CIFS)_Shares
Once you create the above items, set permissions through windows.

Note that you should only share datasets (not the zvol) (i.e. /mnt/Tank/Share1 rather than /mnt/Tank).

 

[CLSegraves]

Follow procedures here to create shares, users, and groups: http://doc.freenas.org/index.php/Windows_(CIFS)_Shares
Once you create the above items, set permissions through windows.

Note that you should only share datasets (not the zvol) (i.e. /mnt/Tank/Share1 rather than /mnt/Tank).

I have everything working again, however this time around I have it setup so that a password is required to access the NAS (I did not enable the guest account). However, for some reason the Windows systems keep requiring I re-enter the user and password when I reboot. When I mapped the drives I told Windows to save the credentials, so I don't understand why I keep having to re-enter them. Shouldn't it just automatically reconnect using the "saved" credentials?

 

[anodos]

I have everything working again, however this time around I have it setup so that a password is required to access the NAS (I did not enable the guest account). However, for some reason the Windows systems keep requiring I re-enter the user and password when I reboot. When I mapped the drives I told Windows to save the credentials, so I don't understand why I keep having to re-enter them. Shouldn't it just automatically reconnect using the "saved" credentials?

Typically, I just set the FreeNAS credentials to be identical to my windows credentials.
Does the problem occur if you connection via ip address (i.e. \\192.0.1.5\Share)?

 

[CLSegraves]

Typically, I just set the FreeNAS credentials to be identical to my windows credentials.
Does the problem occur if you connection via ip address (i.e. \\192.0.1.5\Share)?

Just tried connecting via ip address and I get asked for my credentials. I don't use a password on my Windows machines, so that wouldn't work in my case.

Attached is a screenshot of what occurs on initial reboot of my Windows machine. It's like it does not remember any of the credentials.