SMB Permissions - Out of Ideas

[WrlsFanatic]

I've watched two 15-minute videos, I've read post after post on these forums, I think I've turned on and off every possible thing I can think of, and I cannot figure out this issue. I have several SMB shares in my only pool, and in general they're working. I can write files to the SMB shares, and I can copy files off of them. But in my "Pictures" share, when trying to move files around, I'm hitting a roadblock. Example: I have a folder "100CANON" that I want to change to "2009 Pictures". When I try to change the folder name, I get the following error:

I've tried logging into this folder as the <user> above, and as FREENAS\<user>. I've tried "Allow Only Guest Access" and not. I've tried chown on the folder structure in shell. I've tried adding another user and making that user a "wheel" user. Nothing makes a difference. I get the same error no matter what.

 

[MikeyG]

What kind of permissions are assigned to the dataset? This sounds like a bug I ran into in the last version where I was using Unix permissions instead of Windows permissions. I believe it was supposed to be fixed with the last release.

 

[WrlsFanatic]

I should mention that I'm on 11.2-U2.1. The user I'm blurring out in every screenshot is the same username, and it's all in lowercase.

 

[Basil Hendroff]

Can you provide a screenshot of the ACLs for the Pictures share eg.

 

[WrlsFanatic]

To be clear, I'm not logged into Windows as FREENAS\<user>, but I am logged into that folder as such.

 

[Basil Hendroff]

Is everything in the Pictures share affected, or just a few files and folders?

 

[anodos]

You can use the "smbstatus" command from the CLI to see which user you are authenticated as.

 

[WrlsFanatic]

PID Username Group Machine Protocol Version
---------------------------------------------------------------------------------------
12348 <user> <group> x.x.x.80 (ipv4:x.x.x.80:49726) SMB3_11
71307 <user> <group> x.x.x.207 (ipv4:x.x.x.207:49691) SMB3_11 <--- this is the machine I'm currently using

Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
12348 1000 DENY_NONE 0x80 RDONLY NONE /mnt/master/Pictures . Tue Mar 12 17:52:01 2019
12348 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Pictures . Tue Mar 12 17:52:25 2019
71307 65534 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Pictures . Mon Mar 18 09:04:32 2019
12348 1000 DENY_NONE 0x80 RDONLY NONE /mnt/master/Backups . Tue Mar 12 17:52:01 2019
71307 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Backups Lenovo Files/D Drive Mon Mar 18 08:51:03 2019
71307 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Backups Lenovo Files/D Drive Mon Mar 18 08:51:03 2019

I listed the Backups folder because that folder is working just fine. Cut, paste, delete, etc. No issues. The one standout I see is that Uid of "65534". None of my other SMB shares have that listed. Some only have the 1000 Uid listed.

 

[anodos]

PID Username Group Machine Protocol Version
---------------------------------------------------------------------------------------
12348 <user> <group> x.x.x.80 (ipv4:x.x.x.80:49726) SMB3_11
71307 <user> <group> x.x.x.207 (ipv4:x.x.x.207:49691) SMB3_11 <--- this is the machine I'm currently using

Locked files:
Pid Uid DenyMode Access R/W Oplock SharePath Name Time
--------------------------------------------------------------------------------------------------
12348 1000 DENY_NONE 0x80 RDONLY NONE /mnt/master/Pictures . Tue Mar 12 17:52:01 2019
12348 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Pictures . Tue Mar 12 17:52:25 2019
71307 65534 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Pictures . Mon Mar 18 09:04:32 2019
12348 1000 DENY_NONE 0x80 RDONLY NONE /mnt/master/Backups . Tue Mar 12 17:52:01 2019
71307 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Backups Lenovo Files/D Drive Mon Mar 18 08:51:03 2019
71307 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/master/Backups Lenovo Files/D Drive Mon Mar 18 08:51:03 2019

I listed the Backups folder because that folder is working just fine. Cut, paste, delete, etc. No issues. The one standout I see is that Uid of "65534". None of my other SMB shares have that listed. Some only have the 1000 Uid listed.

UID of 65534 means 'nobody' or your guest account. That's probably the reason why that session can't write. This is probably related to guest session parameters on the share.

 

[WrlsFanatic]

OK, I can now get in and make all the changes I want... as long as I don't login to that folder with any specific permissions. So if I just navigate to the folder without authentication, everything is great. Which solves my short-term issue, but not my long-term goal of actually having a secure environment. I'm setting up Active Directory right now to hopefully give me some more predictable access management, but can someone tell me how the SMB shares SHOULD be setup so that they only allow edits by certain accounts?

 

[anodos]

OK, I can now get in and make all the changes I want... as long as I don't login to that folder with any specific permissions. So if I just navigate to the folder without authentication, everything is great. Which solves my short-term issue, but not my long-term goal of actually having a secure environment. I'm setting up Active Directory right now to hopefully give me some more predictable access management, but can someone tell me how the SMB shares SHOULD be setup so that they only allow edits by certain accounts?

In this case, guest access must be turned off.

 

[WrlsFanatic]

Isn't that what I did (Guest access unchecked both times)?