Yes to adding aux param, and log.nmbd and a log.smbd are the relevant logs. Beware, raising log level in smb.conf can produce large amounts of output. Don't follow a change in log level in smb.conf with a testparm command, as I've read this sets the SAMBA log level back to 2.
Is the problem shown when you simply stop and start the SAMBA service? You want to save wear and tear on your hardware by avoiding repeated re-boots. Also, are all the changes you've made to your smb.conf presistent - i.e. you've added them as "auxillary parameters" in the service config?
When you do make a successful samba connection, what is the output ofsmbstatus
at the FreeNAS CLI?
But I came across this old post on the net which may be related:
In the case of FreeNAS I think that equates to get the smb.conf right first, then (re)create your windows shares and then check if LANMAN hash is in the samba password db.
I had a chance to clear the logs and capture me coping a file over to a DOS client, then restarting the SMB service and then loosing access. So your right just restarting the SMB service turns my connection on the vintage machine to access denied until I rerun SMBPASSWD. Even capturing for 40 seconds, the log files came to about 1.5MB so I will upload those separately.
SMBSTATUS
Code:
root@lcars:/var/log/samba4 # smbpasswd -a jamie INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 doing parameter client ntlmv2 auth = no doing parameter client ipc signing = auto doing parameter allow dcerpc auth level connect = yes doing parameter lanman auth = yes doing parameter client lanman auth = yes doing parameter client plaintext auth = yes doing parameter server signing = disabled doing parameter ldap server require strong auth = no doing parameter server min protocol = CORE doing parameter log level = 3 passdb:5 auth:5 Attempting to find a passdb backend to match tdbsam (tdbsam) No builtin backend found, trying to load plugin load_module_absolute_path: Module '/usr/local/lib/shared-modules/pdb/tdbsam.so' loaded Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Found pdb backend tdbsam pdb backend tdbsam has a valid init New SMB password: Retype new SMB password: tdbsam_open: successfully opened /var/db/samba4/private/passdb.tdb Forcing Primary Group to 'Domain Users' for jamie Storing account jamie with RID 3002 root@lcars:/var/log/samba4 # smbpasswd -a jamie INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 doing parameter client ntlmv2 auth = no doing parameter client ipc signing = auto doing parameter allow dcerpc auth level connect = yes doing parameter lanman auth = yes doing parameter client lanman auth = yes doing parameter client plaintext auth = yes doing parameter server signing = disabled doing parameter ldap server require strong auth = no doing parameter server min protocol = CORE doing parameter log level = 3 passdb:5 auth:5 Attempting to find a passdb backend to match tdbsam (tdbsam) No builtin backend found, trying to load plugin load_module_absolute_path: Module '/usr/local/lib/shared-modules/pdb/tdbsam.so' loaded Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Found pdb backend tdbsam pdb backend tdbsam has a valid init New SMB password: Retype new SMB password: tdbsam_open: successfully opened /var/db/samba4/private/passdb.tdb Forcing Primary Group to 'Domain Users' for jamie Storing account jamie with RID 3002 root@lcars:/var/log/samba4 # smbstatus Samba version 4.7.0 PID Username Group Machine Prot ocol Version Encryption Signing -------------------------------------------------------------------------------- -------------------------------------------------------- 709 jamie jamie 172.16.2.2 (ipv4:172.16.2.2:57649) SMB2 _10 - - 902 jamie jamie jamie (ipv4:172.16.2.50:33598) NT1 - - 645 jamie jamie 172.16.1.4 (ipv4:172.16.1.4:54360) SMB3 _00 - partial(HMAC-SHA256) Service pid Machine Connected at Encryption Signing -------------------------------------------------------------------------------- ------------- shared 709 172.16.2.2 Fri Jun 1 07:43:49 2018 CDT - - plexmedia 709 172.16.2.2 Fri Jun 1 07:43:49 2018 CDT - - shared 645 172.16.1.4 Fri Jun 1 07:41:44 2018 CDT - HMAC-SHA256 IPC$ 645 172.16.1.4 Fri Jun 1 07:41:44 2018 CDT - HMAC-SHA256 shared 902 jamie Fri Jun 1 07:44:32 2018 CDT - - Locked files: Pid Uid DenyMode Access R/W Oplock Share Path Name Time -------------------------------------------------------------------------------- ------------------ 709 1001 DENY_NONE 0x80 RDONLY NONE /mnt/ NAS/plexmedia . Fri Jun 1 07:43:49 2018 709 1001 DENY_NONE 0x80 RDONLY NONE /mnt/ NAS/shared . Fri Jun 1 07:43:49 2018 root@lcars:/var/log/samba4 #