Problem with CIFS homes

Status
Not open for further replies.
B

BlazeStar

Patron
Joined
Apr 6, 2014
Messages
383
Hi,

Using 9.2.1.8

Users have homes under
/mnt/data/homes/userX

Home directories are configured adequately in each user account

Home directories' permissions are set to 700

Owners of the directories are the right user

The CIFS service is configured as follow :
Enable home directories: CHECKED
Enable home directories browsing: UNCHECKED
Home directories: /mnt/data/homes


On a Windows computer, when I connect to FreeNAS I see a folder called "userX" which is the name of the user.

When I double click on it, it just gives me an "Network error" message saying Windows cannot access the folder because I do not have the permission to access it.

In the console it just reads:
Code:
Nov 14 18:07:55 NAS winbindd[3103]: [2014/11/14 18:07:55.799750,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Nov 14 18:07:55 NAS winbindd[3103]:   sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-1412670398-1815254836-3854788144


But I seem to be getting this message every single time a share is connected, and it works anyway (except for homes)

I can't find anywhere in the logs anything related to this...


Please help :)
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
BlazeStar said:
Hi,

Using 9.2.1.8

Users have homes under
/mnt/data/homes/userX

Home directories are configured adequately in each user account

Home directories' permissions are set to 700

Owners of the directories are the right user

The CIFS service is configured as follow :
Enable home directories: CHECKED
Enable home directories browsing: UNCHECKED
Home directories: /mnt/data/homes


On a Windows computer, when I connect to FreeNAS I see a folder called "userX" which is the name of the user.

When I double click on it, it just gives me an "Network error" message saying Windows cannot access the folder because I do not have the permission to access it.

In the console it just reads:
Code:
Nov 14 18:07:55 NAS winbindd[3103]: [2014/11/14 18:07:55.799750,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Nov 14 18:07:55 NAS winbindd[3103]:   sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-1412670398-1815254836-3854788144


But I seem to be getting this message every single time a share is connected, and it works anyway (except for homes)

I can't find anywhere in the logs anything related to this...


Please help :)
Click to expand...
Post your smb4.conf file. /usr/local/etc/smb4.conf
 
SweetAndLow

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
umm.. turn on home directory browsing would be my first step.
 
B

BlazeStar

Patron
Joined
Apr 6, 2014
Messages
383
anodos said:
Post your smb4.conf file. /usr/local/etc/smb4.conf
Click to expand...

Here goes :

Code:
[global]                                                                                                                          
    server max protocol = SMB3                                                                                                    
    interfaces = 127.0.0.1 10.0.3.20 10.99.99.20                                                                                  
    bind interfaces only = yes                                                                                                    
    encrypt passwords = yes                                                                                                       
    dns proxy = no                                                                                                                
    strict locking = no                                                                                                           
    oplocks = yes                                                                                                                 
    deadtime = 15                                                                                                                 
    max log size = 51200                                                                                                          
    max open files = 11070                                                                                                        
    load printers = no                                                                                                            
    printing = bsd                                                                                                                
    printcap name = /dev/null                                                                                                     
    disable spoolss = yes                                                                                                         
    getwd cache = yes                                                                                                             
    guest account = nobody                                                                                                        
    map to guest = Bad User                                                                                                       
    obey pam restrictions = Yes                                                                                                   
    directory name cache size = 0                                                                                                 
    kernel change notify = no                                                                                                     
    panic action = /usr/local/libexec/samba/samba-backtrace                                                                       
    server string = NAS                                                                                               
    ea support = yes                                                                                                              
    store dos attributes = yes                                                                                                    
    hostname lookups = yes                                                                                                        
    time server = yes                                                                                                             
    acl allow execute always = true                                                                                               
    local master = yes                                                                                                            
    idmap config *:backend = tdb                                                                                                  
    idmap config *:range = 90000000-100000000                                                                                     
    server role = standalone                                                                                                      
    netbios name = NAS                                                                                                    
    workgroup = NAS                                                                                                     
    security = user                                                                                                               
    pid directory = /var/run/samba                                                                                                
    smb passwd file = /var/etc/private/smbpasswd                                                                                  
    private dir = /var/etc/private                                                                                                
    create mask = 0666                                                                                                            
    directory mask = 0777                                                                                                         
    client ntlmv2 auth = yes                                                                                                      
    dos charset = CP437                                                                                                           
    unix charset = UTF-8                                                                                                          
    log level = 1

[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = no
path = /mnt/Data/Shares/Employes/%U


SweetAndLow said:
umm.. turn on home directory browsing would be my first step.
Click to expand...

This option is for all users to be able to browse all directories, which I don't want to.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
BlazeStar said:
Here goes :

Code:
[global]                                                                                                                         
    server max protocol = SMB3                                                                                                   
    interfaces = 127.0.0.1 10.0.3.20 10.99.99.20                                                                                 
    bind interfaces only = yes                                                                                                   
    encrypt passwords = yes                                                                                                      
    dns proxy = no                                                                                                               
    strict locking = no                                                                                                          
    oplocks = yes                                                                                                                
    deadtime = 15                                                                                                                
    max log size = 51200                                                                                                         
    max open files = 11070                                                                                                       
    load printers = no                                                                                                           
    printing = bsd                                                                                                               
    printcap name = /dev/null                                                                                                    
    disable spoolss = yes                                                                                                        
    getwd cache = yes                                                                                                            
    guest account = nobody                                                                                                       
    map to guest = Bad User                                                                                                      
    obey pam restrictions = Yes                                                                                                  
    directory name cache size = 0                                                                                                
    kernel change notify = no                                                                                                    
    panic action = /usr/local/libexec/samba/samba-backtrace                                                                      
    server string = NAS                                                                                              
    ea support = yes                                                                                                             
    store dos attributes = yes                                                                                                   
    hostname lookups = yes                                                                                                       
    time server = yes                                                                                                            
    acl allow execute always = true                                                                                              
    local master = yes                                                                                                           
    idmap config *:backend = tdb                                                                                                 
    idmap config *:range = 90000000-100000000                                                                                    
    server role = standalone                                                                                                     
    netbios name = NAS                                                                                                   
    workgroup = NAS                                                                                                    
    security = user                                                                                                              
    pid directory = /var/run/samba                                                                                               
    smb passwd file = /var/etc/private/smbpasswd                                                                                 
    private dir = /var/etc/private                                                                                               
    create mask = 0666                                                                                                           
    directory mask = 0777                                                                                                        
    client ntlmv2 auth = yes                                                                                                     
    dos charset = CP437                                                                                                          
    unix charset = UTF-8                                                                                                         
    log level = 1

[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = no
path = /mnt/Data/Shares/Employes/%U




This option is for all users to be able to browse all directories, which I don't want to.
Click to expand...
The "browseable" parameter only makes the share visible in "network neighborhood". It does not grant read privileges.
I believe there is a typo in the path for you homes share (which may account for your write problems). If not, post output of "getfacl /mnt/Data/Shares/Employes"

Also, there is an bug/oversight in how 9.2.1.8 generates [homes] shares in the smb4.conf file, that is fixed in 9.3. In short, it doesn't generate a full share definition. You need to add the following as auxiliary parameters for your [homes] share:

Code:
veto files = /.snap/.windows/.zfs/
vfs objects = zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare
 
B

BlazeStar

Patron
Joined
Apr 6, 2014
Messages
383
anodos said:
Also, there is an bug/oversight in how 9.2.1.8 generates [homes] shares in the smb4.conf file, that is fixed in 9.3. In short, it doesn't generate a full share definition. You need to add the following as auxiliary parameters for your [homes] share:

Code:
veto files = /.snap/.windows/.zfs/
vfs objects = zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare
Click to expand...

I just did, then rebooted FreeNAS.

No change: still can't access

But then I went into the FreeNAS GUI to change the permissions of the dataset "Employes" to Windows permission type, then went into console to change them back to 700 and owner = name of the share.

And now it works !

For the reccord:

Code:
getfacl /mnt/Data/Shares/Employes
# file: /mnt/Data/Shares/Employes
# owner: nobody
# group: GoupAll
            owner@:rwxpDdaARWcCos:fd----:allow
            group@:rwxpDdaARWcCos:fd----:allow
         everyone@:r-x---a-R-c---:fd----:allow


GroupAll is the group I created to put ALL users...
 
depasseg

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
Did you notice your group name appears to be missing an "r"? GoupAll
 
B

BlazeStar

Patron
Joined
Apr 6, 2014
Messages
383
yup actually it's everywhere like that :S

I was worried about changing it now that everything is set up.
 
Status
Not open for further replies.

Similar threads

K
  • Locked
SOLVED Intermittently can't connect to SMB shares
Replies
1
Views
1K
kjp4756
K
ewhac
  • Locked
SOLVED smbd Crashing (Signal 4) on File Delete
2 3
Replies
40
Views
8K
JR Gonzalez
JR Gonzalez
alfredo
  • Locked
how i can view in [homes] all users in samba?
Replies
1
Views
783
SweetAndLow
SweetAndLow
emk2203
  • Locked
Home directory via CIFS - one unnecessary level?
Replies
10
Views
3K
SweetAndLow
SweetAndLow
SweetAndLow
  • Locked
How does the 'Home Directory' feature actually work?
Replies
1
Views
2K
SweetAndLow
SweetAndLow
Top