need some help with SMB

L

lupinlicious

Dabbler
Joined
Jan 13, 2020
Messages
25
Hi all,

I'm having some problems letting other people to access a SMB share.

I can mount the drive and it looks like in Windows it accepts the username/password returning with no error messages.

This is how it looks like when I try to mount the drive from another computer/username (username = maria).
netuse.png


From the server:

Samba version 4.10.16
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
6170 maria Gemensam 192.168.20.4 (ipv4:192.168.20.4:52798) SMB3_11 - partial(AES-128-CMAC)


Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
Gemensam 6170 192.168.20.4 Sat Jul 25 12:41:13 2020 CEST - -


getfacl /mnt/MEDiA/Gemensam
# file: /mnt/MEDiA/Gemensam
# owner: nobody
# group: Gemensam
owner@:rwxpDdaARWcCos:fd-----:allow
group@:rwxpDdaARWcCos:fd-----:allow
group:Gemensam:rwxpDdaARWcCos:fd-----:allow
user:maria:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow


[Gemensam]
aio write size = 0
ea support = No
mangled names = illegal
path = /mnt/MEDiA/Gemensam
read only = No
vfs objects = streams_xattr shadow_copy_zfs ixnas
nfs4:acedup = merge
nfs4:chown = true


On my computer and if I have look in the security tab for the folder called 'Gemensam', I see the following:
sec1.png


But if I look on Maria's computer I got this:
image_2020_07_25T11_31_24_831Z.png


On the server I have a lot of these error messaages in /var/log/samba4/log.smbd:
[2020/07/25 13:31:58.542425, 0] ../../source3/smbd/uid.c:448(change_to_user_internal)
change_to_user_internal: chdir_current_service() failed!


Anyone who can point me on the right directions, and I would be appreciated.
Let me know if there is something else I can provide with to make this easier.

I have no problems mounting the drive from my computer with my username..

Thaaaanks
 
L

lupinlicious

Dabbler
Joined
Jan 13, 2020
Messages
25
Version: FreeNAS-11.3-U4
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
On FreeNAS, is maria a member of the Gemensam group?
 
L

lupinlicious

Dabbler
Joined
Jan 13, 2020
Messages
25
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
What do ls -ld /mnt/MEDiA and ls -ld /mnt/MEDiA/Gemensam show?
 
L

lupinlicious

Dabbler
Joined
Jan 13, 2020
Messages
25
Samuel Tai said:
What do ls -ld /mnt/MEDiA and ls -ld /mnt/MEDiA/Gemensam show?
Click to expand...

Code:
ls -ld /mnt/MEDiA
drwxrwx---+ 24 puffe  puffe  28 Jul 25 10:59 /mnt/MEDiA


ls -ld /mnt/MEDiA/Gemensam
drwxrwx---+ 2 nobody  Gemensam  2 Jul 25 10:59 /mnt/MEDiA/Gemensam
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
Is MEDiA your pool? The permissions and ownership are set too restrictive at this level
  1. setfacl -b /mnt/MEDiA to remove the ACL from this level
  2. chown puffe:Gemensam /mnt/MEDiA
 
L

lupinlicious

Dabbler
Joined
Jan 13, 2020
Messages
25
Samuel Tai said:
Is MEDiA your pool? The permissions and ownership are set too restrictive at this level
  1. setfacl -b /mnt/MEDiA to remove the ACL from this level
  2. chown puffe:Gemensam /mnt/MEDiA
Click to expand...

Yes MEDiA is my pool.

Awesome it works now :) Thank you so much
But now I can see all other folders in MEDiA (but cannot add/delete and it should be like that)
How can I limit so Maria won't be able to see anything else besides the folder Gemensam?
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
You need to enable "Access-based share enumeration" for the MEDiA share. See this thread for some examples:

SMB shares show even if user doesn't have permission

I've created datasets in a pool that have permissions set only giving certain groups to each dataset. Then, I've created Windows shares that each have their path set to each dataset created. When users connect to the NAS either in Windows or in MacOS, Windows Explorer / Mac Finder both show...
www.ixsystems.com www.ixsystems.com

Then you can set share permissions via /usr/local/bin/sharesec.
 
L

lupinlicious

Dabbler
Joined
Jan 13, 2020
Messages
25
Samuel Tai said:
You need to enable "Access-based share enumeration" for the MEDiA share. See this thread for some examples:

SMB shares show even if user doesn't have permission

I've created datasets in a pool that have permissions set only giving certain groups to each dataset. Then, I've created Windows shares that each have their path set to each dataset created. When users connect to the NAS either in Windows or in MacOS, Windows Explorer / Mac Finder both show...
www.ixsystems.com www.ixsystems.com

Then you can set share permissions via /usr/local/bin/sharesec.
Click to expand...

Ok, thank you again and have a nice evening/weekend.

Best regards
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "need some help with SMB"

Similar threads

C
SMB Login with Active Directory Account but no Permission (11.3-RC1)
Replies
5
Views
3K
anodos
anodos
P
Samba share acces problem - change_to_user_internal: chdir_current_service() failed!
Replies
0
Views
2K
Perm1990
P
jzollo
SMB Sharing Issues on Windows Domain (Post 11.3)
Replies
12
Views
3K
anodos
anodos
L
11.2-U6 smb, cannot connect from Windows 2008
Replies
3
Views
1K
leonardorame
L
S
9.10.2-U6 - SMB Windows 10 Permissions Issue
Replies
4
Views
2K
Starman
S
Top