FreeNAS 11.1 U4 samba issue with old clients, lanman?

[lowlytech]

I recently upgraded my FN 11 box to the u4 update and thought I had everything working great, until I tried to connect with some of my older win9x/dos clients. I get the IPC$ prompting for a password, which nothing works as a password. Typically this has been caused by a handshake issue or whatever you call it with the smb protocols. I know the samba 4.7 says it disables NTLMv1 by default, which I agree is a good thing, but after looking into the windows 95/98 and dos msclients 3.0, I think they use Lanman which is obviously older. Previous versions of FreeNAS had a dropdown in the in SMB section to choose the lowest level of authentication, this is now gone. Briefly googling this issue turned up adding some entries in the Auxiliary section, but this didn't work. My global file is as follows..

Code:

root@lcars:/usr/local/etc # vi smb4.conf
[global]
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 464906
	logging = file
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = yes
	ntlm auth = yes
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = FreeNAS Server
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	hostname lookups = yes
	time server = yes
	null passwords = yes
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = no
	local master = yes
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = standalone
	netbios name = LCARS
	workgroup = WORKGROUP
	security = user
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = no
	dos charset = CP437
	unix charset = UTF-8
	log level = 10
	ntlm auth = yes
	encryption = no
	lanman auth = Yes
	client lanman auth = Yes
   client plaintext auth = Yes

 

[Ericloewe]

until I tried to connect with some of my older win9x/dos clients

Phew.

Yeah, you're out of luck, Samba dropped all support for those ancient clients some time ago. I forget which version did that and to what FreeNAS version that corresponds.

 

[MrToddsFriends]

Previous versions of FreeNAS had a dropdown in the in SMB section to choose the lowest level of authentication, this is now gone.

AFAICT all 9.10.x versions had that setting in the GUI.
http://doc.freenas.org/9.10/services.html#smb
Never used a Windows 9x / DOS client with any FreeNAS version, though.

 

[Ericloewe]

AFAICT all 9.10.x versions had that setting in the GUI.
http://doc.freenas.org/9.10/services.html#smb
Never used a Windows 9x / DOS client with any FreeNAS version, though.

That wouldn't have helped here, support for ancient clients is totally gone. The same effect can still be had by adding auxiliary parameters.

 

[lowlytech]

I still had boot images for 11.0 and 11.1-RELEASE under system. For kicks I went back and 11.0 did have the drop downs under SMB for auth level. LANMAN1 and LANMAN2 were there along with CORE. I picked core but still couldn't connect and got the same IPC$ message. I was almost certain I connected with a windows 98 client before with this box, but maybe I am forgetting more than I remember these days.

 

[MrToddsFriends]

In this thread it is stated that FreeNAS 9.3 used Samba 4.1.x up to the last revision:
https://forums.freenas.org/index.php?threads/samba-update-for-freenas-9-3-x.38053/

The Samba wiki tells that "The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1" (regarding client ipc max protocol and client ipc min protocol) since Samba 4.2.10 released on April 12, 2016.
https://wiki.samba.org/index.php/Samba_4.2_Features_added/changed

FreeNAS 9.10 was released on March 22, 2016. So the old protocol versions should be usable in all FreeNAS 9.3 versions and some early revisions of FreeNAS 9.10.

 

[KrisBee]

@lowlytech Don't know if you're still looking at this, but in addition to the lanman settings you have, a couple of things that crop up on the net about samba4 and windows98 are setting these samba server params :

client plaintext auth = Yes
server signing = disabled

https://translate.google.co.uk/tran...amba-4-2-raspberry-pi-311729.html&prev=search

note the comment about not only restarting the server but also refreshing the smbpasswd. Server signing is also discussed here: https://bugzilla.samba.org/show_bug.cgi?id=11499

The CLI command testparm not only shows you your samba global/shares config but acts as a sanity check. In verbose mode it displays all the possible global settings which you can grep, e.g: testparm -v | grep signing or testparm -v | egrep "auth|proto"

 

[lowlytech]

@lowlytech Don't know if you're still looking at this, but in addition to the lanman settings you have, a couple of things that crop up on the net about samba4 and windows98 are setting these samba server params :

client plaintext auth = Yes
server signing = disabled

https://translate.google.co.uk/tran...amba-4-2-raspberry-pi-311729.html&prev=search

note the comment about not only restarting the server but also refreshing the smbpasswd. Server signing is also discussed here: https://bugzilla.samba.org/show_bug.cgi?id=11499

The CLI command testparm not only shows you your samba global/shares config but acts as a sanity check. In verbose mode it displays all the possible global settings which you can grep, e.g: testparm -v | grep signing or testparm -v | egrep "auth|proto"

Thanks KrisBee for the info. I tried the server signing option along with the smbpasswd reset and still get the IPC$ error. I ran that testparm and it shows lanman1 to be supported from what I can tell. Anything a dead giveaway here in the output?

Code:

testparm -v | egrep auth
Load smb config files from /usr/local/etc/smb4.conf
WARNING: The "null passwords" option is deprecated
Processing section "[cam1]"
Processing section "[plexmedia]"
Processing section "[public]"
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

		ldap server require strong auth = Yes
		auth event notification = No
		allow dcerpc auth level connect = No
		auth methods =
		client lanman auth = Yes
		client NTLMv2 auth = No
		client plaintext auth = Yes
		lanman auth = Yes
		ntlm auth = ntlmv1-permitted
		raw NTLMv2 auth = No

% testparm -v | egrep proto
Load smb config files from /usr/local/etc/smb4.conf
WARNING: The "null passwords" option is deprecated
Processing section "[cam1]"
Processing section "[plexmedia]"
Processing section "[public]"
Processing section "[shared]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

		client ipc max protocol = default
		client ipc min protocol = default
		client max protocol = default
		client min protocol = CORE
		server max protocol = SMB3
		server min protocol = LANMAN1

 

[lowlytech]

Well something crazy happened, I can access my FreeNAS shares on my win9x client. The last line I put in that seemed to do the trick was

client ntlmv2 auth = no

I feel like I have totally enabled/disabled everything under the sun, so I may start taking extra AUX lines out of the SMB configuration and see if this holds, but this last line did indeed work!

 

[lowlytech]

Uncovered one last glitch. The SMB password hash is messing with me. I can reset my password and I can see my shares. The minute I reboot the FreeNAS box it doesn't like my password again with an access denied. Instead of using smbpasswd in putty I did it in the GUI thinking that would make it stick, but it still doesn't hold after a reboot. I totally don't mind setting the password every power cycle cause honestly I will not be using 9x/DOS clients a whole lot, but I thought I would see if someone maybe knew a trick to keep from having to reset my password every time freenas is power cycled.

 

[KrisBee]

There was a bug in FreeNAS 11.1-U3 which gave the appearance of lost SMB passwords which was fixed in U4. Using

Code:

pdbedit -L -v 

should show if your passwords are presistent between freenas boots.

 

[lowlytech]

Thanks for the tip KrisBee, I ran that command but I have no idea what I am looking for to see if my passwords are persistent.

Code:

root@lcars:~ # pdbedit -L -v
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
doing parameter client ntlmv2 auth = no
doing parameter client ipc signing = auto
doing parameter allow dcerpc auth level connect = yes
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter server signing = disabled
doing parameter ldap server require strong auth = no
doing parameter server min protocol = CORE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="LCARS"
Attempting to find a passdb backend to match tdbsam (tdbsam)
No builtin backend found, trying to load plugin
load_module_absolute_path: Probing module '/usr/local/lib/shared-modules/pdb/tdbsam.so'
load_module_absolute_path: Module '/usr/local/lib/shared-modules/pdb/tdbsam.so' loaded
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /var/db/samba4/private/passdb.tdb
pdb_set_username: setting username test, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name test, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\test, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\test\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004 from rid 1004
pdb_set_username: setting username test, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name test, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\test, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\test\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004 from rid 1004
---------------
Unix username:		test
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-1004
Finding user test
Trying _Get_Pwnam(), username as lowercase is test
Trying _Get_Pwnam(), username as uppercase is TEST
Checking combinations of 0 uppercase letters in test
Get_Pwnam_internals didn't find user [test]!
Failed to find a Unix account for test
Primary Group SID:	(NULL SID)
Full Name:			test
Home Directory:	   \\lcars\test
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\test\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Sat, 26 May 2018 16:11:31 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Sat, 26 May 2018 16:11:31 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username jamie, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name Jamie, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\jamie, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\jamie\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002 from rid 3002
pdb_set_username: setting username jamie, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name Jamie, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\jamie, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\jamie\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002 from rid 3002
---------------
Unix username:		jamie
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3002
Finding user jamie
Trying _Get_Pwnam(), username as lowercase is jamie
Get_Pwnam_internals did find user [jamie]!
Opening cache file at /var/db/samba4/gencache.tdb
Opening cache file at /var/lock/gencache_notrans.tdb
gid 1001 -> sid S-1-22-2-1001
Forcing Primary Group to 'Domain Users' for jamie
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			Jamie
Home Directory:	   \\lcars\jamie
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\jamie\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Tue, 29 May 2018 11:03:33 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Tue, 29 May 2018 11:03:33 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username plex, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name plex, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\plex, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\plex\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000 from rid 3000
pdb_set_username: setting username plex, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name plex, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\plex, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\plex\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000 from rid 3000
---------------
Unix username:		plex
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3000
Finding user plex
Trying _Get_Pwnam(), username as lowercase is plex
Get_Pwnam_internals did find user [plex]!
gid 1000 -> sid S-1-5-21-1881563143-3349900363-1681061685-1003
do lookup_sid(S-1-5-21-1881563143-3349900363-1681061685-1003) for group of user plex
lookup_sid called for SID 'S-1-5-21-1881563143-3349900363-1681061685-1003'
Accepting SID S-1-5-21-1881563143-3349900363-1681061685 in level 1
lookup_rids called for domain sid 'S-1-5-21-1881563143-3349900363-1681061685'
lookup_global_sam_rid: looking up RID 1003.
pdb_getsampwrid (TDB): error looking up RID 1003 by key RID_000003eb.
lookup_rids: plex:4
Sid S-1-5-21-1881563143-3349900363-1681061685-1003 -> LCARS\plex(4)
Primary group S-1-5-21-1881563143-3349900363-1681061685-1003 for user plex is a Local Group and not a domain group
Forcing Primary Group to 'Domain Users' for plex
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			plex
Home Directory:	   \\lcars\plex
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\plex\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Sun, 13 May 2018 07:01:32 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Sun, 13 May 2018 07:01:32 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username guest, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name public access, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\guest, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\guest\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004 from rid 3004
pdb_set_username: setting username guest, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name public access, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\guest, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\guest\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004 from rid 3004
---------------
Unix username:		guest
NT username:
Account Flags:		[DU		 ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3004
Finding user guest
Trying _Get_Pwnam(), username as lowercase is guest
Get_Pwnam_internals did find user [guest]!
gid 31 -> sid S-1-22-2-31
Forcing Primary Group to 'Domain Users' for guest
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			public access
Home Directory:	   \\lcars\guest
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\guest\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Tue, 01 Aug 2017 23:21:32 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Tue, 01 Aug 2017 23:21:32 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
root@lcars:~ #

 

[KrisBee]

Does the command gave the same output before and after a FreeNAS reboot, as you said you needed to rest smbpasswd ?

 

[lowlytech]

I couldn't detect a change. Infact I ran WinMerge on the two files from when I changed the password and could login to my older client (new win7+win10 never have an issue, only older win9x) and when I get an access denied from a reboot. Only change was IP address last logged in and timestamps. It's strange..

Can access server from DOS/win9x...

Code:

login as: root
root@172.16.1.3's password:
Last login: Wed May 30 10:04:35 2018 from 172.16.2.21
FreeBSD 11.1-STABLE (FreeNAS.amd64) #2 r321665+366f54a78b2(freenas/11.1-stable):							  Wed Mar 21 23:04:13 UTC 2018

		FreeNAS (c) 2009-2017, The FreeNAS Development Team
		All rights reserved.
		FreeNAS is released under the modified BSD license.

		For more information, documentation, help or support, go here:
		http://freenas.org
Welcome to FreeNAS

Warning: settings changed through the CLI are not written to
the configuration database and will be reset on reboot.

root@lcars:~ # pdbedit -L -v
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
doing parameter client ntlmv2 auth = no
doing parameter client ipc signing = auto
doing parameter allow dcerpc auth level connect = yes
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter server signing = disabled
doing parameter ldap server require strong auth = no
doing parameter server min protocol = CORE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="LCARS"
Attempting to find a passdb backend to match tdbsam (tdbsam)
No builtin backend found, trying to load plugin
load_module_absolute_path: Probing module '/usr/local/lib/shared-modules/pdb/tdbsam.so'
load_module_absolute_path: Module '/usr/local/lib/shared-modules/pdb/tdbsam.so' loaded
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /var/db/samba4/private/passdb.tdb
pdb_set_username: setting username test, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name test, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\test, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\test\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004 from rid 1004
pdb_set_username: setting username test, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name test, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\test, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\test\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004 from rid 1004
---------------
Unix username:		test
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-1004
Finding user test
Trying _Get_Pwnam(), username as lowercase is test
Trying _Get_Pwnam(), username as uppercase is TEST
Checking combinations of 0 uppercase letters in test
Get_Pwnam_internals didn't find user [test]!
Failed to find a Unix account for test
Primary Group SID:	(NULL SID)
Full Name:			test
Home Directory:	   \\lcars\test
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\test\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Sat, 26 May 2018 16:11:31 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Sat, 26 May 2018 16:11:31 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username jamie, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name Jamie, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\jamie, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\jamie\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002 from rid 3002
pdb_set_username: setting username jamie, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name Jamie, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\jamie, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\jamie\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002 from rid 3002
---------------
Unix username:		jamie
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3002
Finding user jamie
Trying _Get_Pwnam(), username as lowercase is jamie
Get_Pwnam_internals did find user [jamie]!
Opening cache file at /var/db/samba4/gencache.tdb
Opening cache file at /var/lock/gencache_notrans.tdb
gid 1001 -> sid S-1-22-2-1001
Forcing Primary Group to 'Domain Users' for jamie
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			Jamie
Home Directory:	   \\lcars\jamie
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\jamie\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Wed, 30 May 2018 18:34:08 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Wed, 30 May 2018 18:34:08 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username plex, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name plex, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\plex, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\plex\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000 from rid 3000
pdb_set_username: setting username plex, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name plex, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\plex, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\plex\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000 from rid 3000
---------------
Unix username:		plex
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3000
Finding user plex
Trying _Get_Pwnam(), username as lowercase is plex
Get_Pwnam_internals did find user [plex]!
gid 1000 -> sid S-1-5-21-1881563143-3349900363-1681061685-1003
do lookup_sid(S-1-5-21-1881563143-3349900363-1681061685-1003) for group of user plex
lookup_sid called for SID 'S-1-5-21-1881563143-3349900363-1681061685-1003'
Accepting SID S-1-5-21-1881563143-3349900363-1681061685 in level 1
lookup_rids called for domain sid 'S-1-5-21-1881563143-3349900363-1681061685'
lookup_global_sam_rid: looking up RID 1003.
pdb_getsampwrid (TDB): error looking up RID 1003 by key RID_000003eb.
lookup_rids: plex:4
Sid S-1-5-21-1881563143-3349900363-1681061685-1003 -> LCARS\plex(4)
Primary group S-1-5-21-1881563143-3349900363-1681061685-1003 for user plex is a Local Group and not a domain group
Forcing Primary Group to 'Domain Users' for plex
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			plex
Home Directory:	   \\lcars\plex
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\plex\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Sun, 13 May 2018 07:01:32 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Sun, 13 May 2018 07:01:32 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username guest, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name public access, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\guest, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\guest\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004 from rid 3004
pdb_set_username: setting username guest, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name public access, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\guest, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\guest\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004 from rid 3004
---------------
Unix username:		guest
NT username:
Account Flags:		[DU		 ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3004
Finding user guest
Trying _Get_Pwnam(), username as lowercase is guest
Get_Pwnam_internals did find user [guest]!
gid 31 -> sid S-1-22-2-31
Forcing Primary Group to 'Domain Users' for guest
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			public access
Home Directory:	   \\lcars\guest
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\guest\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Tue, 01 Aug 2017 23:21:32 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Tue, 01 Aug 2017 23:21:32 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
root@lcars:~ #

Rebooted and lost access on vintage systems, ran same command...

Code:

login as: root
root@172.16.1.3's password:
Last login: Wed May 30 18:39:16 2018 from 172.16.2.2
FreeBSD 11.1-STABLE (FreeNAS.amd64) #2 r321665+366f54a78b2(freenas/11.1-stable): Wed Mar 21 23:04:13 UTC 2018

		FreeNAS (c) 2009-2017, The FreeNAS Development Team
		All rights reserved.
		FreeNAS is released under the modified BSD license.

		For more information, documentation, help or support, go here:
		http://freenas.org
Welcome to FreeNAS

Warning: settings changed through the CLI are not written to
the configuration database and will be reset on reboot.

root@lcars:~ # pdbedit -L -v
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
doing parameter client ntlmv2 auth = no
doing parameter client ipc signing = auto
doing parameter allow dcerpc auth level connect = yes
doing parameter lanman auth = yes
doing parameter client lanman auth = yes
doing parameter client plaintext auth = yes
doing parameter server signing = disabled
doing parameter ldap server require strong auth = no
doing parameter server min protocol = CORE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="LCARS"
Attempting to find a passdb backend to match tdbsam (tdbsam)
No builtin backend found, trying to load plugin
load_module_absolute_path: Probing module '/usr/local/lib/shared-modules/pdb/tdbsam.so'
load_module_absolute_path: Module '/usr/local/lib/shared-modules/pdb/tdbsam.so' loaded
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /var/db/samba4/private/passdb.tdb
pdb_set_username: setting username test, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name test, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\test, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\test\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004 from rid 1004
pdb_set_username: setting username test, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name test, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\test, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\test\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-1004 from rid 1004
---------------
Unix username:		test
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-1004
Finding user test
Trying _Get_Pwnam(), username as lowercase is test
Trying _Get_Pwnam(), username as uppercase is TEST
Checking combinations of 0 uppercase letters in test
Get_Pwnam_internals didn't find user [test]!
Failed to find a Unix account for test
Primary Group SID:	(NULL SID)
Full Name:			test
Home Directory:	   \\lcars\test
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\test\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Sat, 26 May 2018 16:11:31 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Sat, 26 May 2018 16:11:31 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username jamie, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name Jamie, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\jamie, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\jamie\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002 from rid 3002
pdb_set_username: setting username jamie, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name Jamie, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\jamie, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\jamie\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3002 from rid 3002
---------------
Unix username:		jamie
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3002
Finding user jamie
Trying _Get_Pwnam(), username as lowercase is jamie
Get_Pwnam_internals did find user [jamie]!
Opening cache file at /var/db/samba4/gencache.tdb
Opening cache file at /var/lock/gencache_notrans.tdb
gid 1001 -> sid S-1-22-2-1001
Forcing Primary Group to 'Domain Users' for jamie
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			Jamie
Home Directory:	   \\lcars\jamie
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\jamie\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Wed, 30 May 2018 18:34:03 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Wed, 30 May 2018 18:34:03 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username plex, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name plex, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\plex, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\plex\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000 from rid 3000
pdb_set_username: setting username plex, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name plex, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\plex, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\plex\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3000 from rid 3000
---------------
Unix username:		plex
NT username:
Account Flags:		[U		  ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3000
Finding user plex
Trying _Get_Pwnam(), username as lowercase is plex
Get_Pwnam_internals did find user [plex]!
gid 1000 -> sid S-1-5-21-1881563143-3349900363-1681061685-1003
do lookup_sid(S-1-5-21-1881563143-3349900363-1681061685-1003) for group of user plex
lookup_sid called for SID 'S-1-5-21-1881563143-3349900363-1681061685-1003'
Accepting SID S-1-5-21-1881563143-3349900363-1681061685 in level 1
lookup_rids called for domain sid 'S-1-5-21-1881563143-3349900363-1681061685'
lookup_global_sam_rid: looking up RID 1003.
pdb_getsampwrid (TDB): error looking up RID 1003 by key RID_000003eb.
lookup_rids: plex:4
Sid S-1-5-21-1881563143-3349900363-1681061685-1003 -> LCARS\plex(4)
Primary group S-1-5-21-1881563143-3349900363-1681061685-1003 for user plex is a Local Group and not a domain group
Forcing Primary Group to 'Domain Users' for plex
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			plex
Home Directory:	   \\lcars\plex
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\plex\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Sun, 13 May 2018 07:01:32 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Sun, 13 May 2018 07:01:32 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
pdb_set_username: setting username guest, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name public access, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\guest, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\guest\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004 from rid 3004
pdb_set_username: setting username guest, was
pdb_set_domain: setting domain LCARS, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name public access, was
Home server: lcars
pdb_set_homedir: setting home dir \\lcars\guest, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: lcars
pdb_set_profile_path: setting profile path \\lcars\guest\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004
pdb_set_user_sid_from_rid:
		setting user sid S-1-5-21-1881563143-3349900363-1681061685-3004 from rid 3004
---------------
Unix username:		guest
NT username:
Account Flags:		[DU		 ]
User SID:			 S-1-5-21-1881563143-3349900363-1681061685-3004
Finding user guest
Trying _Get_Pwnam(), username as lowercase is guest
Get_Pwnam_internals did find user [guest]!
gid 31 -> sid S-1-22-2-31
Forcing Primary Group to 'Domain Users' for guest
Primary Group SID:	S-1-5-21-1881563143-3349900363-1681061685-513
Full Name:			public access
Home Directory:	   \\lcars\guest
HomeDir Drive:
Logon Script:
Profile Path:		 \\lcars\guest\profile
Domain:			   LCARS
Account desc:
Workstations:
Munged dial:
Logon time:		   0
Logoff time:		  9223372036854775807 seconds since the Epoch
Kickoff time:		 9223372036854775807 seconds since the Epoch
Password last set:	Tue, 01 Aug 2017 23:21:32 CDT
account_policy_get: name: minimum password age, val: 0
Password can change:  Tue, 01 Aug 2017 23:21:32 CDT
account_policy_get: name: maximum password age, val: -1
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours		 : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
root@lcars:~ #

 

[KrisBee]

@lowlytech If there's zero diff , then apart from going through your existing FreeNAS logs and/or increasing SAMBA/FreeNAs log/debug levels, I don't have any other ideas at the moment.

https://wiki.samba.org/index.php/Setting_the_Samba_Log_Level#Setting_the_Debug_Level_for_a_Command

 

[lowlytech]

@lowlytech If there's zero diff , then apart from going through your existing FreeNAS logs and/or increasing SAMBA/FreeNAs log/debug levels, I don't have any other ideas at the moment.

https://wiki.samba.org/index.php/Setting_the_Samba_Log_Level#Setting_the_Debug_Level_for_a_Command

I have the log level in SMB service section already at debug, but do I need to add this line to the aux parameters as well?

log level = 3 passdb:5 auth:5

I sure don't mind to post an error log as long as you don't mind skimming though it. In my /var/log I have a log.nmbd and a log.smbd. Each file is about 30meg. Are these the error logs we need or am I in the wrong place?

 

[KrisBee]

Yes to adding aux param, and log.nmbd and a log.smbd are the relevant logs. Beware, raising log level in smb.conf can produce large amounts of output. Don't follow a change in log level in smb.conf with a testparm command, as I've read this sets the SAMBA log level back to 2.

Is the problem shown when you simply stop and start the SAMBA service? You want to save wear and tear on your hardware by avoiding repeated re-boots. Also, are all the changes you've made to your smb.conf presistent - i.e. you've added them as "auxillary parameters" in the service config?

When you do make a successful samba connection, what is the output of smbstatus at the FreeNAS CLI?

But I came across this old post on the net which may be related:

By default, later versions of Samba do not create the LANMANAGER hash when a user account is created unless lanman authorisation has been enabled.
Check whether the user account has a LANMAN hash with 'pdbedit -L -w'. 'man 5 smbpasswd' should help with the layout of the output. If not, you will likely need to delete and remake the user account using pdbedit.

In the case of FreeNAS I think that equates to get the smb.conf right first, then (re)create your windows shares and then check if LANMAN hash is in the samba password db.

 

[KrisBee]

Uncovered one last glitch. The SMB password hash is messing with me. I can reset my password and I can see my shares. The minute I reboot the FreeNAS box it doesn't like my password again with an access denied. Instead of using smbpasswd in putty I did it in the GUI thinking that would make it stick, but it still doesn't hold after a reboot. I totally don't mind setting the password every power cycle cause honestly I will not be using 9x/DOS clients a whole lot, but I thought I would see if someone maybe knew a trick to keep from having to reset my password every time freenas is power cycled.

Brain not in gear yesterday. Firstly, AFAIK FreeNAS creates entries in the SAMBA password DB when and if you add user accounts to the system, irrespective of any SMB share set up or even starting the SMB service. So are LANMAN hashes ever created by FreeNAS? The command pdbedit -L -vw shows the LM and NT hashes ( I left of the "w" switch previously ) and man(5) smbpasswd will tell you what a string of 32 "X" means.

If you're having to use the smbpasswd command at the CLI to enable a connection then this workaround is not going persist on a re-boot if the LANMAN hash is lost.

 

[Ericloewe]

What I don't understand here is how this is working for any values of "working". I distinctly remember reading documentation at the time that Samba was dropping all the ancient protocols. Did they backtrack somewhat? Did they do a half-assed job of dropping them?

 

[KrisBee]

@Ericloewe Good question. I'm not an IT specialist, but man docs for FreeBSD smb.conf etc. still cover LANMAN. Not that you should be using it, but ....