nitromaroder
Cadet
- Joined
- Apr 11, 2014
- Messages
- 2
Dear Freenas Community!
I've upgraded my environment to the current 11.2U2 release and noticed, that my samba home shares for the AD users stopped working - but all other samba shares are working fine (i.e. permissions resp. acl's). I've tried also to reset the permissions and acl's but this didn't solve the problem. More over, I've upgraded my 2nd FreeNAS (and zfs pool), and the home-sharing stopped working there as well! #ClassicHomerEffect
Any ideas and hints? The domain joined worked fine, I can list users and group using "wbinfo -u|g", access the normal shares (not inclided in the below config), set acl's using Windows Server (i.e. share type = windows, owner = AD\administrator), and from the smbd log it tries to access the right directory as well: I've created even a new share, assigned "use as home share" - and the home directory for the user also being created, as soon as I try to access "\\FREENAS\userhomedir", but Windows client asks for credentials and the log below shows access denied.
Any help is appreciated!
* /var/log/samba4/log.smbd:
* /usr/local/etc/smb4.conf:
Best regards,
Nitro
I've upgraded my environment to the current 11.2U2 release and noticed, that my samba home shares for the AD users stopped working - but all other samba shares are working fine (i.e. permissions resp. acl's). I've tried also to reset the permissions and acl's but this didn't solve the problem. More over, I've upgraded my 2nd FreeNAS (and zfs pool), and the home-sharing stopped working there as well! #ClassicHomerEffect
Any ideas and hints? The domain joined worked fine, I can list users and group using "wbinfo -u|g", access the normal shares (not inclided in the below config), set acl's using Windows Server (i.e. share type = windows, owner = AD\administrator), and from the smbd log it tries to access the right directory as well: I've created even a new share, assigned "use as home share" - and the home directory for the user also being created, as soon as I try to access "\\FREENAS\userhomedir", but Windows client asks for credentials and the log below shows access denied.
Any help is appreciated!
* /var/log/samba4/log.smbd:
Code:
[2019/02/20 17:15:05.093461, 1] ../source3/smbd/service.c:357(create_connection_session_info) create_connection_session_info: user 'HOME\administrator' (from session setup) not permitted to access this share (administrator) [2019/02/20 17:15:05.093498, 1] ../source3/smbd/service.c:529(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
* /usr/local/etc/smb4.conf:
Code:
[global] server min protocol = SMB2_02 server max protocol = SMB3 interfaces = 127.0.0.1 192.168.154.11 bind interfaces only = yes encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 116732 logging = file load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody obey pam restrictions = yes ntlm auth = no directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g server string = FreeNAS Server ea support = yes store dos attributes = yes lm announce = yes hostname lookups = yes time server = yes acl allow execute always = true dos filemode = yes multicast dns register = yes domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server workgroup = HOME realm = HOME.LOCAL security = ADS client use spnego = yes local master = no domain master = no preferred master = no ads dns update = yes winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = no winbind refresh tickets = yes idmap config HOME: backend = rid idmap config HOME: range = 20000-90000000 allow trusted domains = yes client ldap sasl wrapping = plain template shell = /bin/sh template homedir = /mnt/data/homes/%D/%U netbios name = TROLL create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 1 [homes] valid users = %D\%U path = "/mnt/data/homes/%D/%U" comment = Home Directories printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes access based share enum = no recycle:repository = .recycle/%U recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recycle:directory_mode = 0777 recycle:subdir_mode = 0700 vfs objects = shadow_copy zfs_space zfsacl streams_xattr recycle hide dot files = no guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare
Best regards,
Nitro