Problem with SMB Shares on Windows 10 (1903)

[Navok]

Hello, im new using FreeNAS and yesterday i was starting to use it. I created a pool, a dataset, an user and set dataset permissions for this user but when i try to create a SMB Shared Path i create that but in Windows 10 (i have 1903 version) i cant access to this folder. I tried restarting the service and the server but the error persist.

i attach its screenshots of the process and the error on windows (sorry my Windows are in Spanish)

 

[Navok]

I forgot attach the Error Messages.

The first is about that cant see the directory and the second is about that FreeNAS are trying to use SMB1 and Windows accept only SMB2 or above but in the config file (smb4.conf) the min version of server are setted as SMB2 and the SMB1 are disabled on FreeNAS

 

[KrisBee]

Did you set your SMB share to be "Browseable to Network Clients" in FreeNAS? That's easily missed as the checkbox is not visible unless you use advanced mode when defining a SMB share. I've not seen your error in windows10 1903 pro myself. What does net view \\192.168.50.148 return at the cmd prompt or in powershell?

 

[Navok]

Did you set your SMB share to be "Browseable to Network Clients" in FreeNAS? That's easily missed as the checkbox is not visible unless you use advanced mode when defining a SMB share. I've not seen your error in windows10 1903 pro myself. What does net view \\192.168.50.148 return at the cmd prompt or in powershell?

The option "Browseable to Network Clients" are enabled.

And when i execute net view \\192.168.50.148 or net view \\192.168.50.148\medialib says "Sistem Error 53: The network path was not found."

 

[KrisBee]

What happens if you uncheck "hostname looksups" in your SMB service config ( your 2nd image)?

 

[Navok]

Nothing special, says "System Error 53" and if i try to add a network drive says that the server is trying to connect with protocol SMB1 but i don't have the SMB1 option active.

I tried adding auxiliary params to set the protocol version to SMB3 or SMB2_10 but nothing happen

 

[KrisBee]

OK, is this happening in a home network environment or with active directory in use? You have checked "Domain
Logins". Afraid I can't offer an other advice other what you can find for yourself using google.

 

[Navok]

OK, is this happening in a home network environment or with active directory in use? You have checked "Domain
Logins". Afraid I can't offer an other advice other what you can find for yourself using google.

Home network, without Domain Logins. I have a Centos in another server sharing with some folders using SMB and i don't have problems to access from the same Windows

 

[Navok]

I have my Centos with the next smb.conf and i can join without problem

Code:

[global]
        workgroup = WORKGROUP
        security = user
        encrypt passwords = yes
        ntlm auth = yes
        wins support = yes

[plex]
        comment = Media Plex
        path = /opt/mediaplex
        browsable = yes
        writable = yes
        guest ok = no
        read only = no
        public = yes
        valid users = plex_user

but i cant enter to my shared resource in my FreeNAS.

 

[anodos]

Post /usr/local/etc/smb4.conf and the output of pdbedit -L.

 

[Navok]

Post /usr/local/etc/smb4.conf and the output of pdbedit -L.

The smb4.conf is:

Code:

[global]
    username map = /usr/local/etc/smbusers
    server min protocol = SMB2_02
    server max protocol = SMB3
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    aio max threads = 2
    oplocks = yes
    deadtime = 15
    max log size = 51200
    private dir = /var/db/samba4/private
    max open files = 410204
    logging = file
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = nobody
    obey pam restrictions = no
    ntlm auth = no
    directory name cache size = 0
    kernel change notify = no
    nsupdate command = /usr/local/bin/samba-nsupdate -g
    server string = FreeNAS Server
    ea support = yes
    store dos attributes = yes
    lm announce = yes
    unix extensions = no
    acl allow execute always = false
    dos filemode = yes
    multicast dns register = no
    domain logons = no
    local master = no
    idmap config *: backend = tdb
    idmap config *: range = 90000001-100000000
    server role = standalone
    netbios name = NAS
    netbios aliases = NAS
    workgroup = WORKGROUP
    security = user
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = UTF-32
    unix charset = UTF-8
    log level = 1


[media]
    path = "/mnt/MediaPool/MediaLib"
    printable = no
    aio write size = 0
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    access based share enum = no
    vfs objects = zfs_space zfsacl streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare
    public = yes

And the pdbedit -L output is:

Code:

tdbsam_open: Failed to open/create TDB passwd [/var/db/samba4/private/passdb.tdb]
tdbsam_getsampwnam: failed to open /var/db/samba4/private/passdb.tdb!
User Search failed!

 

[anodos]

Hmm... do pdbedit -d 5 -L.

 

[Navok]

Hmm... do pdbedit -d 5 -L.

Here is (i don't know why appear an old user that i was delete):

Code:

INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
  auth_audit: 5
  auth_json_audit: 5
  kerberos: 5
  drs_repl: 5
  smb2: 5
  smb2_credits: 5
  dsdb_audit: 5
  dsdb_json_audit: 5
  dsdb_password_audit: 5
  dsdb_password_json_audit: 5
  dsdb_transaction_audit: 5
  dsdb_transaction_json_audit: 5
  dsdb_group_audit: 5
  dsdb_group_json_audit: 5
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
  auth_audit: 5
  auth_json_audit: 5
  kerberos: 5
  drs_repl: 5
  smb2: 5
  smb2_credits: 5
  dsdb_audit: 5
  dsdb_json_audit: 5
  dsdb_password_audit: 5
  dsdb_password_json_audit: 5
  dsdb_transaction_audit: 5
  dsdb_transaction_json_audit: 5
  dsdb_group_audit: 5
  dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter username map = /usr/local/etc/smbusers
doing parameter server min protocol = SMB2_02
doing parameter server max protocol = SMB3
doing parameter encrypt passwords = yes
doing parameter dns proxy = no
doing parameter strict locking = no
doing parameter aio max threads = 2
doing parameter oplocks = yes
doing parameter deadtime = 15
doing parameter max log size = 51200
doing parameter private dir = /var/db/samba4/private
doing parameter max open files = 410204
doing parameter logging = file
doing parameter load printers = no
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter disable spoolss = yes
doing parameter getwd cache = yes
doing parameter guest account = nobody
doing parameter obey pam restrictions = no
doing parameter ntlm auth = no
doing parameter directory name cache size = 0
doing parameter kernel change notify = no
doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
doing parameter server string = FreeNAS Server
doing parameter ea support = yes
doing parameter store dos attributes = yes
doing parameter lm announce = yes
doing parameter unix extensions = no
doing parameter acl allow execute always = false
doing parameter dos filemode = yes
doing parameter multicast dns register = no
doing parameter domain logons = no
doing parameter local master = no
doing parameter idmap config *: backend = tdb
doing parameter idmap config *: range = 90000001-100000000
doing parameter server role = standalone
doing parameter netbios name = NAS
doing parameter netbios aliases = NAS
doing parameter workgroup = WORKGROUP
doing parameter security = user
doing parameter create mask = 0666
doing parameter directory mask = 0777
doing parameter client ntlmv2 auth = yes
doing parameter dos charset = UTF-32
doing parameter unix charset = UTF-8
doing parameter log level = 1
pm_process() returned Yes
Registering messaging pointer for type 2 - private_data=0x0
Registering messaging pointer for type 9 - private_data=0x0
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=0x0
Registering messaging pointer for type 12 - private_data=0x0
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=0x0
Registering messaging pointer for type 5 - private_data=0x0
Registering messaging pointer for type 51 - private_data=0x0
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
  auth_audit: 5
  auth_json_audit: 5
  kerberos: 5
  drs_repl: 5
  smb2: 5
  smb2_credits: 5
  dsdb_audit: 5
  dsdb_json_audit: 5
  dsdb_password_audit: 5
  dsdb_password_json_audit: 5
  dsdb_transaction_audit: 5
  dsdb_transaction_json_audit: 5
  dsdb_group_audit: 5
  dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter username map = /usr/local/etc/smbusers
doing parameter server min protocol = SMB2_02
doing parameter server max protocol = SMB3
doing parameter encrypt passwords = yes
doing parameter dns proxy = no
doing parameter strict locking = no
doing parameter aio max threads = 2
doing parameter oplocks = yes
doing parameter deadtime = 15
doing parameter max log size = 51200
doing parameter private dir = /var/db/samba4/private
doing parameter max open files = 410204
doing parameter logging = file
doing parameter load printers = no
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter disable spoolss = yes
doing parameter getwd cache = yes
doing parameter guest account = nobody
doing parameter obey pam restrictions = no
doing parameter ntlm auth = no
doing parameter directory name cache size = 0
doing parameter kernel change notify = no
doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
doing parameter server string = FreeNAS Server
doing parameter ea support = yes
doing parameter store dos attributes = yes
doing parameter lm announce = yes
doing parameter unix extensions = no
doing parameter acl allow execute always = false
doing parameter dos filemode = yes
doing parameter multicast dns register = no
doing parameter domain logons = no
doing parameter local master = no
doing parameter idmap config *: backend = tdb
doing parameter idmap config *: range = 90000001-100000000
doing parameter server role = standalone
doing parameter netbios name = NAS
doing parameter netbios aliases = NAS
doing parameter workgroup = WORKGROUP
doing parameter security = user
doing parameter create mask = 0666
doing parameter directory mask = 0777
doing parameter client ntlmv2 auth = yes
doing parameter dos charset = UTF-32
doing parameter unix charset = UTF-8
doing parameter log level = 1
pm_process() returned Yes
Netbios name list:-
my_netbios_names[0]="NAS"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend samba_dsdb
Successfully added passdb backend 'samba_dsdb'
Attempting to register passdb backend samba4
Successfully added passdb backend 'samba4'
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to find a passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /var/db/samba4/private/passdb.tdb
Home server: nas
Home server: nas
Home server: nas
Home server: nas
Finding user datauser
Trying _Get_Pwnam(), username as lowercase is datauser
Get_Pwnam_internals did find user [datauser]!
datauser:1000:Data User
Home server: nas
Home server: nas
Home server: nas
Home server: nas
Finding user test
Trying _Get_Pwnam(), username as lowercase is test
Trying _Get_Pwnam(), username as uppercase is TEST
Checking combinations of 0 uppercase letters in test
Get_Pwnam_internals didn't find user [test]!
test:4294967295:Test User

 

[anodos]

There were some design decisions in FN 9-11.2 that can cause the passdb.tdb file to get out of sync with what is in the GUI. Try the following:

Code:

rm /var/db/samba4/private/passdb.tdb
rm /var/db/samba4/.usersimported
service ix-pre-samba start

This forces the webui users to be re-imported into samba's passdb.tdb file.

 

[Navok]

I executed

There were some design decisions in FN 9-11.2 that can cause the passdb.tdb file to get out of sync with what is in the GUI. Try the following:

Code:

rm /var/db/samba4/private/passdb.tdb
rm /var/db/samba4/.usersimported
service ix-pre-samba start

This forces the webui users to be re-imported into samba's passdb.tdb file.

I executed the instructions but nothing happens. The problem still here.

If i try to add a Network Drive on windows 10 it says an error that its trying to connect using SMB1 protocol and is not supported but i don't have this option selected on my FreeNAS and i don't want to enable SMB1 on windows 10 because is unsecure.

I deleted all pools and shared paths and create new again, then re-execute the instruction to sync the passdb and nothing happens

 

[anodos]

Remove guest access and retry as an authenticated user.

 

[Navok]

Nothing happen.

This is the selected options in SMB Shared

 

[Navok]

Remove guest access and retry as an authenticated user.

but i don't have SMB1 enabled.

 

[anodos]

Take a pcap of the session and PM it to me. On FreeNAS tcpdump -i <interface name, i.e. "igb0"> -w /tmp/smb.pcap -p -s 0 host <ip of windows client>

 

[Navok]

Take a pcap of the session and PM it to me. On FreeNAS tcpdump -i <interface name, i.e. "igb0"> -w /tmp/smb.pcap -p -s 0 host <IP of windows client>

Sended :D