Read Only in Windows CIFS Share

[ss4johnny]

I've had to re-install FreeNAS recently (without my old configuration). In the process I've upgraded to version 9.3. So I'm fairly confident that I have most things set up properly, but I'm having one lingering issue that I can't quite resolve. As of now, from the CIFS share (from Windows 7) I can read and execute fine enough, butthe write seems a bit wonky though. I can usually change files or file names and create new files on the share. However, when I try to go through the Windows 7 properties context menu to change the Read Only characteristics (it's the same thing for hidden files as well), there is a message that I need administrator access (this is an administrator user on Windows), when I go to continue, I get an error that I don't have access. So I think there must be an issue with the permissions, but I thought everything is set to read/write in FreeNAS and I have the password of the owner of the storage equal to the Windows 7 password.

I had this issue before and solved it by using some other guide (https://forums.freenas.org/index.php?threads/cifs-windows-sharing-guide.20948/). I referred to that guide and I think everything is set up the same way.

Right now I have a root user, guest, and one that matches my Windows 7 login. Root and the Windows 7 login are both members of wheel. Storage permissions have been set so that the Windows 7 user is the owner and wheel is the group owner with Windows permission type, set recursively, and read/write/execute given to owner and group. The wizard created a share dataset when I set it up (wasn't there before), but I haven't noticed that files within the share folder it created have any difference in terms of being able to change the Read only setting.

 

[anodos]

Post your smb4.conf file as well as any relevant entries from /var/log/samba4/log.smbd

Also post output of 'getfacl /mnt/HallNasShare'

 

[ss4johnny]

I looked in
/usr/local/etc/smb4.conf
and the file was empty.

/var/log/samba4/log.smbd
had some 700 lines. Not sure what I'm looking for but this is the first page
GNU nano 2.2.6 File: log.smbd

[2015/03/31 01:29:30.263805, 1] ../source3/smbd/files.c:218(file_init_global)
file_init_global: Information only: requested 942149 open files, 59392 are av$
[2015/03/31 01:29:30.307462, 0] ../lib/util/become_daemon.c:136(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve connectionsmatch$
[2015/03/31 01:29:50.633938, 0] ../source3/lib/util_sock.c:1199(get_remote_hos$
matchname failed on 192.168.1.2
[2015/03/31 01:29:53.582323, 1] ../source3/smbd/service.c:550(make_connection_$
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2015/03/31 01:29:53.582799, 1] ../source3/smbd/service.c:550(make_connection_$
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2015/03/31 01:29:53.595221, 1] ../source3/smbd/service.c:550(make_connection_$
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2015/03/31 01:29:53.595594, 1] ../source3/smbd/service.c:550(make_connection_$
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2015/03/31 01:29:53.599333, 1] ../source3/printing/printer_list.c:226(printer$
Failed to fetch record!
[2015/03/31 01:29:53.599355, 1] ../source3/smbd/server_reload.c:69(delete_and_$
pcap cache not loaded
[2015/03/31 01:29:53.604125, 1] ../source3/smbd/service.c:550(make_connection_$

I saw a lot of NT_STATUS_ACCESS_DENIEDs on the next page.

[root@freenas ~]# getfacl /mnt/HallNasDisk/HallNasShare
# file: /mnt/HallNasDisk/HallNasShare
# owner: John
# group: wheel
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow

 

[anodos]

Run "testparm" from CLI and post output.

 

[ss4johnny]

[global]
dos charset = CP437
server string = FreeNAS Server
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
guest account = guest
max log size = 51200
server max protocol = SMB2
time server = Yes
deadtime = 15
max open files = 942149
hostname lookups = Yes
load printers = No
printcap name = /dev/null
disable spoolss = Yes
dns proxy = No
pid directory = /var/run/samba
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
idmap config *: range = 90000001-100000000
idmap config * : backend = tdb
acl allow execute always = Yes
create mask = 0666
directory mask = 0777
ea support = Yes
directory name cache size = 0
kernel change notify = No
store dos attributes = Yes
strict locking = No
dfree command = /usr/local/libexec/samba/dfree
dos filemode = Yes

[HallNasShare]
path = /mnt/HallNasDisk
read only = No
guest ok = Yes
hide dot files = No
veto files = /.snapshot/.windows/.mac/.zfs/
vfs objects = shadow_copy2, zfsacl, aio_pthread, streams_xattr
zfsacl:acesort = dontcare
nfs4:chown = true
nfs4:acedup = merge
nfs4:mode = special
shadow:snapdirseverywhere = yes
shadow:format = auto-%Y%m%d.%H%M-2w
shadow:localtime = yes
shadow:sort = desc
shadow:snapdir = .zfs/snapshot
recycle:subdir_mode = 0700
recycle:directory_mode = 0777
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/%U

 

[anodos]

Disable guest access to the share. Guest access is configured to map "bad users" to your guest account "guest". "Guest" is limited to the access specified by the "everyone@" ACE.
Once you have disabled guest access, verify that you are trying to access the server with your "john" credentials (the local account on your FreeNAS server). You should also post 'getfacl' output for /mnt/HallNasDisk rather than a subdirectory.

 

[ss4johnny]

Honestly, I don't even use guest. I had set that up as part of trying to re-create my steps from the last time. I disabled it now it now in both sharing and services, then restarted the CIFS. After that, I was still getting the notification.

When you mention verifying that I'm trying to access the server with the john credentials, I know that the Windows 7 user I'm in is John, same name as FreeNAS. So if I shouldn't need to have "Connect with different credentials" set. However, I have tried mapping another drive specifically using the John user name (both disconnecting and mapping a new one or just mapping both) and it doesn't work. Not sure what else to try here.

[root@freenas ~]# getfacl /mnt/HallNasDisk
# file: /mnt/HallNasDisk
# owner: John
# group: wheel
owner@:rwxpDdaARWcCos:fd----:allow
group@:rwxpDdaARWcCos:fd----:allow
everyone@:r-x---a-R-c---:fd----:allow

For some reason Unix-type permissions had been set, so (before I posted) I had recursively set the permissions to Windows at the /mnt/HallNasDisk/ level with read/write for the owner/group. On another page you recommend chmod to fix it. Do I need to do that here?

 

[mudshark]

I wonder if this is related or if I have a different problem OR if what I'm seeing is by design...

Several working r/w mapped windows shares - drag + drop in the gui with no problem
THEN I added a WebDAV service to share one of those mapped drives remotely, cloud-like!
NOW that mapped drive is read-only via it's drive letter BUT all other mapped drives work as before and now this share is ONLY r/w via the web access path!

Thanks - and maybe this will help the original poster.
RG

 

[ss4johnny]

It might be a separate issue from mine as I had not set up a WebDAV share. Best of luck though. You might try creating a separate thread.

 

[ss4johnny]

@anodos Do you have any other suggestions?