Guest access in SMB2 disabled by default in Windows 10 Fall Creators Update

[Alphonso]

Hi, ever since the new Windows 10 update i have not been able to access my Freenas via SMB. I have authentication enabled on my shares (no guests allowed on the shares) but the issue seems to be that there is no authentication needed in order to LIST the shares on the Freenas. The new update blocks this kind of unauthenticated access. It is described in the link below. It also states that this only affects enterprise editions which is what we are using:

https://support.microsoft.com/en-za...disabled-by-default-in-windows-10-server-2016

Code:

If you try to connect to devices that request credentials of a guest instead of appropriate authenticated principals, you may receive the following error message: 

You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

Using the registry change provided on that page to disable this does indeed provide a solution but I want to know if there is any way to authenticate before listing the shares rather than having to disable the security feature in windows. I have tried to put restrict anonymous = 2 in the aux parameters which doesnt seem to resolve it (although when testing on a non windows 10 machine it does now ask for credentials before listing the shares)

 

[LLeo]

I'm with you, Alphonso. I've been in touch with iX Systems, FN Forum and various Windows forums on this same issue since the summer right after Microsoft's Creators Fall Update. I still don't have a native solution. Just before that update (or maybe a little earlier), I decided to try Freenas 9.X since the Windows Home Server support died. I was running Win10 also. I was natively transferring files back in forth in the normal way. Then a Win update occurred and ALL MY FILES were stuck on Freenas and I had no way to get to them! Over a month i scoured both platforms' forums and tried numerous "solutions" without success. I got so desperate I reinstalled both OS's with minor rollbacks to earlier versions and that worked . . . until Windows caught up with her updates (I thought I turned it off!) And I was back to square one again!

Believe me I have tried EVERYTHING suggested in every forum to no avail. iX support just emailed me he was sending my email to tech guys to see what they know about the issue many, many Win 10 users are experiencing. Fingers crossed! I am watching your thread to see if someone else has come up with alternative methods that work I haven't been able to find on other threads.

On the other hand, I did find an inconvenient but working way to exchange files between systems since Windows "sees" but won't let me access Freenas. I have been using FileZilla FTP (Windows) for months now. I can transfer files from Windows to Freenas with ease and back again. I do graphics so I can transfer file x back to Win10, make an edit then send it back to Freenas and overwrite it. Sure, I was calling up the file through Photoshop across the network at one time . . . but it is what it is at this point!

I also use Plex as a media server for my music and movies files stored on Freenas. Plex has no problem seeing the server and playing my files. FileZilla has no problem seeing and transferring files. But the idiots in Redmond don't seem to have a clue . . . or they just don't care!

Hope this has helped insofar as a temporary solution until we find better.

 

[anodos]

Can you perhaps try the following auxiliary parameter under <Services> -> <SMB>:
map to guest = never

 

[LLeo]

Thanks, anodos. Did so, rebooted all machines along with router. Still no change.

 

[anodos]

Thanks, anodos. Did so, rebooted all machines along with router. Still no change.

Please post contents of /usr/local/etc/smb4.conf

Also set logging under Services->SMB to "debug", replicate the issue, generate a debug file System->Advanced->Save Debug, then send the resulting tarball to me via PM.

 

[anodos]

Shucks. Increase logging to "Debug" under services->SMB, reproduce the problem, then generate a debug file System->Advanced->Save Debug. Once you have done that, you can try the following auxiliary parameter under Services->SMB to see if it works around the issue: auth methods = sam winbind

 

[LLeo]

Ok. I've attached the smb4.conf file. On your second line, I'm not sure how to "replicate the issue" but I did manage to generate the tarball (while trying to access the FN server through Windows which still did not work) BUT the private message? Not sure how to do that. Do I just post it here or on your Member page? Please advise.

And thanks!

 

[Redcoat]

BUT the private message?

If you didn't yet get an answer from @anodos:

Click on his name to go to his Member Page - Start a Conversation and attach the file.

 

[LLeo]

Here it is. Thanks.

 

[anodos]

@LLeo, your config doesn't have any SMB shares configured. A brief review of your config and logs didn't immediately indicate what is wrong with the system. Perhaps roll back to a previous boot environment and see if SMB starts working again.

 

[LLeo]

This merely a extremely distant update from the instances discussed above. You see the date of this post. After all this time (What? 3 years or so?), Win 10 ver. 10.0.18363 & Freenas 11.3 U1 AT LAST can see each other. After hours and days of trying whatever fixes over the past few years, my local network is now interactive between WN and FN WITHOUT the use of FileZilla to transfer files. Suddenly, Freenas shows up connectable in the Win Network folders. A couple of weeks ago clicking on the network folder still resulted in the "cannot find the network drive." I upgraded to the latest FN and Windows rolled out their latest update which included something to do with SMB and now it's working as it should. I changed nothing otherwise since the last attempt months ago to remedy the problem.