Hello,
I am having a problem accessing a FreeNAS SMB share I have created.
I have read the manual, read methods-for-fine-tuning-samba-permissions, read MANY online documents, and viewed The Internet Monkey's videos carefully.
First I created a dataset "wata" for windows data.
I have a user "bryan" that has the auxiliary group "winshare".
I edited the "wata" dataset options to windows and the permissions to Windows and user "nobody" group "winshare" and applied recursively.
I created the SMB share pointing to the location of "wata" in my pool.
From my Windows 10 computer I Click "Map Network Drive", \\Server-IP\wata , connect using different credentials, username bryan, password and the drive successfully mounts.
When I click the drive I get the error: "You do not have permission to access". This happens on 3 seperate Windows 10 computers. I have tried many various variations and client side things online. Nothing works.
Logs and command output below.
Any help is greatly appreciated!
Troubleshooting:
Parital Logs of logs.smbd
I am having a problem accessing a FreeNAS SMB share I have created.
I have read the manual, read methods-for-fine-tuning-samba-permissions, read MANY online documents, and viewed The Internet Monkey's videos carefully.
First I created a dataset "wata" for windows data.
I have a user "bryan" that has the auxiliary group "winshare".
I edited the "wata" dataset options to windows and the permissions to Windows and user "nobody" group "winshare" and applied recursively.
I created the SMB share pointing to the location of "wata" in my pool.
From my Windows 10 computer I Click "Map Network Drive", \\Server-IP\wata , connect using different credentials, username bryan, password and the drive successfully mounts.
When I click the drive I get the error: "You do not have permission to access". This happens on 3 seperate Windows 10 computers. I have tried many various variations and client side things online. Nothing works.
Logs and command output below.
Any help is greatly appreciated!
Troubleshooting:
Code:
Command: getfacl /mnt/tank1/ds1/smb/wata Output: root@MyServer[/mnt/tank1/iocage/jails]# getfacl /mnt/tank1/ds1/smb/wata # file: /mnt/tank1/ds1/smb/wata # owner: nobody # group: winshare owner@:rwxpDdaARWcCos:fd-----:allow group@:rwxpDdaARWcCos:fd-----:allow everyone@:--------------:fd-----:allow
Code:
Command: sharesec --view-all Output: [wata] REVISION:1 CONTROL:SR|DP OWNER: GROUP: ACL:S-1-1-0:ALLOWED/0x0/FULL
Parital Logs of logs.smbd
Code:
[2020/01/04 09:30:23.262905, 6, pid=7595, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2341(lp_file_list_changed) lp_file_list_changed() file /usr/local/etc/smb4.conf -> /usr/local/etc/smb4.conf last mod_time: Sat Jan 4 09:05:11 2020 [2020/01/04 09:30:23.262940, 10, pid=7595, effective(0, 0), real(0, 0)] ../source3/lib/util_event.c:54(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) 0x0 rescheduled [2020/01/04 09:31:14.690216, 10, pid=7595, effective(0, 0), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3980(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2020/01/04 09:31:14.690244, 10, pid=7595, effective(0, 0), real(0, 0), class=smb2_credits] ../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number) smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 233 (position 233) from bitmap [2020/01/04 09:31:14.690257, 10, pid=7595, effective(0, 0), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:2342(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 233 [2020/01/04 09:31:14.690289, 4, pid=7595, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (1003, 1003) - sec_ctx_stack_ndx = 0 [2020/01/04 09:31:14.690301, 5, pid=7595, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (13): SID[ 0]: S-1-5-21-2321401650-3958342810-1290666931-1014 SID[ 1]: S-1-5-21-2321401650-3958342810-1290666931-513 SID[ 2]: S-1-5-21-2321401650-3958342810-1290666931-1013 SID[ 3]: S-1-5-21-2321401650-3958342810-1290666931-1020 SID[ 4]: S-1-1-0 SID[ 5]: S-1-5-2 SID[ 6]: S-1-5-11 SID[ 7]: S-1-22-1-1003 SID[ 8]: S-1-22-2-1003 SID[ 9]: S-1-22-2-1005 SID[ 10]: S-1-22-2-90000004 SID[ 11]: S-1-22-2-90000005 SID[ 12]: S-1-22-2-90000007 Privileges (0x 0): Rights (0x 0): [2020/01/04 09:31:14.690377, 5, pid=7595, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 1003 Primary group is 1003 and contains 5 supplementary groups Group[ 0]: 1003 Group[ 1]: 1005 Group[ 2]: 90000004 Group[ 3]: 90000005 Group[ 4]: 90000007 [2020/01/04 09:31:14.690419, 4, pid=7595, effective(1003, 1003), real(0, 0), class=vfs] ../source3/smbd/vfs.c:805(vfs_ChDir) vfs_ChDir to /mnt/tank1/ds1/smb/wata [2020/01/04 09:31:14.690439, 3, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/service.c:156(chdir_current_service) chdir (/mnt/tank1/ds1/smb/wata) failed, reason: Permission denied [2020/01/04 09:31:14.690450, 0, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed! [2020/01/04 09:31:14.690460, 3, pid=7595, effective(1003, 1003), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2541 [2020/01/04 09:31:14.690472, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3105(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:3262 [2020/01/04 09:31:14.690483, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2_credits] ../source3/smbd/smb2_server.c:956(smb2_set_operation_credit) smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/234/109
Code:
[2020/01/04 09:28:44.113246, 6, pid=9754, effective(0, 0), real(0, 0)] ../source3/param/loadparm.c:2341(lp_file_list_changed) lp_file_list_changed() file /usr/local/etc/smb4.conf -> /usr/local/etc/smb4.conf last mod_time: Sat Jan 4 09:05:11 2020 [2020/01/04 09:28:44.113276, 3, pid=9754, effective(0, 0), real(0, 0), class=smb2] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot) Selected protocol SMB3_11 [2020/01/04 09:28:44.113288, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:536(make_auth3_context_for_ntlm) Making default auth method list for server role = 'standalone server', encrypt passwords = yes [2020/01/04 09:28:44.113301, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:412(load_auth_module) load_auth_module: Attempting to find an auth method to match anonymous [2020/01/04 09:28:44.113312, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:437(load_auth_module) load_auth_module: auth method anonymous has a valid init [2020/01/04 09:28:44.113322, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:412(load_auth_module) load_auth_module: Attempting to find an auth method to match sam_ignoredomain [2020/01/04 09:28:44.113333, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:437(load_auth_module) load_auth_module: auth method sam_ignoredomain has a valid init [2020/01/04 09:28:44.113385, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) Starting GENSEC mechanism spnego [2020/01/04 09:28:44.113409, 5, pid=9754, effective(0, 0), real(0, 0), class=auth] ../auth/gensec/gensec_start.c:739(gensec_start_mech) Starting GENSEC submechanism ntlmssp [2020/01/04 09:28:44.113430, 10, pid=9754, effective(0, 0), real(0, 0), class=auth] ../auth/gensec/gensec.c:440(gensec_update_send) gensec_update_send: spnego[0x813fbd820]: subreq: 0x813e17480 [2020/01/04 09:28:44.113445, 10, pid=9754, effective(0, 0), real(0, 0), class=auth] ../auth/gensec/gensec.c:498(gensec_update_done) gensec_update_done: spnego[0x813fbd820]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x813e17480/../auth/gensec/spnego.c:1610]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x813e17630)] timer[0x0] finish[../auth/gensec/spnego.c:2094] [2020/01/04 09:28:44.113476, 10, pid=9754, effective(0, 0), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3105(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_OK] body[64] dyn[yes:140] at ../source3/smbd/smb2_negprot.c:662 [2020/01/04 09:28:44.113489, 10, pid=9754, effective(0, 0), real(0, 0), class=smb2_credits] ../source3/smbd/smb2_server.c:956(smb2_set_operation_credit) smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8192/8192, total granted/max/low/range 1/8192/2/1 [2020/01/04 09:28:44.113961, 10, pid=9754, effective(0, 0), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:1113(smbd_server_connection_terminate_ex) smbd_server_connection_terminate_ex: conn[ipv4:10.17.17.110:61908] reason[NT_STATUS_END_OF_FILE] at ../source3/smbd/smb2_server.c:4032 [2020/01/04 09:28:44.114016, 4, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/01/04 09:28:44.114029, 5, pid=9754, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/01/04 09:28:44.114040, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/01/04 09:28:44.114065, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:509(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/01/04 09:28:44.114077, 4, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/01/04 09:28:44.114087, 5, pid=9754, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/01/04 09:28:44.114097, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/01/04 09:28:44.114114, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:509(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/01/04 09:28:44.114125, 4, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/01/04 09:28:44.114135, 5, pid=9754, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/01/04 09:28:44.114145, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/01/04 09:28:44.114161, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:509(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/01/04 09:28:44.114173, 4, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/01/04 09:28:44.114183, 5, pid=9754, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/01/04 09:28:44.114193, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/01/04 09:28:44.114210, 5, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:509(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/01/04 09:28:44.114241, 10, pid=9754, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm_ref.c:163(msg_dgm_ref_destructor) msg_dgm_ref_destructor: refs=0x0 [2020/01/04 09:28:44.114637, 3, pid=9754, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:237(exit_server_common) Server exit (NT_STATUS_END_OF_FILE) [2020/01/04 09:28:44.133224, 10, pid=7436, effective(0, 0), real(0, 0)] ../source3/lib/messages_dgm.c:1432(messaging_dgm_send) messaging_dgm_send: Sending message to 7461 [2020/01/04 09:28:44.133318, 10, pid=7461, effective(0, 0), real(0, 0)] ../source3/lib/messages.c:429(messaging_recv_cb) messaging_recv_cb: Received message 0x314 len 0 (num_fds:0) from 7436 [2020/01/04 09:28:44.133384, 10, pid=7461, effective(0, 0), real(0, 0)] ../source3/smbd/smbd_cleanupd.c:194(smbd_cleanupd_process_exited) smbd_cleanupd_process_exited: cleaned up pid 9754 [2020/01/04 09:29:23.169995, 10, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/lib/util_event.c:43(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) 0x0 called [2020/01/04 09:29:23.170058, 10, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/lib/util_event.c:54(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) 0x0 rescheduled [2020/01/04 09:29:23.170087, 10, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/lib/util_event.c:43(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) 0x0 called [2020/01/04 09:29:23.170098, 5, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/process.c:2898(housekeeping_fn) housekeeping [2020/01/04 09:29:23.170109, 4, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/01/04 09:29:23.170120, 5, pid=7595, effective(1003, 1003), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/01/04 09:29:23.170131, 5, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/01/04 09:29:23.170157, 5, pid=7595, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:509(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/01/04 09:29:23.170173, 10, pid=7595, effective(0, 0), real(0, 0)] ../source3/lib/util_event.c:54(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) 0x0 rescheduled [2020/01/04 09:30:23.262436, 10, pid=7595, effective(0, 0), real(0, 0)] ../source3/lib/util_event.c:43(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) 0x0 called [2020/01/04 09:30:23.262526, 10, pid=7595, effective(0, 0), real(0, 0)] ../source3/lib/util_event.c:54(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) 0x0 rescheduled [2020/01/04 09:30:23.262558, 10, pid=7595, effective(0, 0), real(0, 0)] ../source3/lib/util_event.c:43(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) 0x0 called [2020/01/04 09:30:23.262570, 5, pid=7595, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:2898(housekeeping_fn) housekeeping [2020/01/04 09:30:23.262581, 4, pid=7595, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2020/01/04 09:30:23.262593, 5, pid=7595, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2020/01/04 09:30:23.262604, 5, pid=7595, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:866(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2020/01/04 09:30:23.262657, 5, pid=7595, effective(0, 0), real(0, 0)] ../source3/smbd/uid.c:509(smbd_change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2020/01/04 09:30:23.262680, 5, pid=7595, effective(0, 0), real(0, 0)] ../lib/util/debug.c:754(debug_dump_status) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 dfs_samba4: 10
Code:
[2020/01/04 09:28:42.933211, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3105(smbd_smb2_request_done_ex) smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:3262 [2020/01/04 09:28:42.933222, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2_credits] ../source3/smbd/smb2_server.c:956(smb2_set_operation_credit) smb2_set_operation_credit: smb2_set_operation_credit: requested 1, charge 1, granted 1, current possible/max 8084/8192, total granted/max/low/range 109/8192/222/109 [2020/01/04 09:28:42.935392, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3980(smbd_smb2_io_handler) smbd_smb2_request idx[1] of 5 vectors [2020/01/04 09:28:42.935429, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2_credits] ../source3/smbd/smb2_server.c:691(smb2_validate_sequence_number) smb2_validate_sequence_number: smb2_validate_sequence_number: clearing id 222 (position 222) from bitmap [2020/01/04 09:28:42.935442, 10, pid=7595, effective(1003, 1003), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:2342(smbd_smb2_request_dispatch) smbd_smb2_request_dispatch: opcode[SMB2_OP_CREATE] mid = 222 [2020/01/04 09:28:42.935457, 5, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/uid.c:331(change_to_user_impersonate) change_to_user_impersonate: Skipping user change - already user [2020/01/04 09:28:42.935469, 4, pid=7595, effective(1003, 1003), real(0, 0), class=vfs] ../source3/smbd/vfs.c:805(vfs_ChDir) vfs_ChDir to /mnt/tank1/ds1/smb/wata [2020/01/04 09:28:42.935495, 3, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/service.c:156(chdir_current_service) chdir (/mnt/tank1/ds1/smb/wata) failed, reason: Permission denied [2020/01/04 09:28:42.935506, 0, pid=7595, effective(1003, 1003), real(0, 0)] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed! [2020/01/04 09:28:42.935517, 3, pid=7595, effective(1003, 1003), real(0, 0), class=smb2] ../source3/smbd/smb2_server.c:3214(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_server.c:2541