I'm having a problem with "access is denied" when attempting to connect to FreeNAS Windows CIFS shares.
The problem started with a change in the configuration of my FreeNAS storage. I had a Z1 array with a main volume (/mnt/Stor1), and with 4 subvolumes in the main volume (/mnt/Stor1/myacct, /mnt/Stor1/Mom, /mnt/Stor1/Movies1, /mnt/Stor1/Movies2). In each of the subvolumes I created one Dataset with the same name as the subvolume (myacct, Mom, Movies1, Movies2). As I became more familiar with ZFS, I decided the redundancy in the Volumes and Datasets might not make much sense, so I rebuilt the Z1 array using a single primary volume (/mnt/Stor1) and 4 datasets in the main volume (/mnt/Stor1/myacct, /mnt/Stor1/Mom, /mnt/Stor1/Movies1, /mnt/Stor1/Movies2). I created three server accounts - the account I use (myacct), the account my wife uses (Mom) and the account for my home theater pc (htpc). My account (myacct) can access the CIFS shares without problem, the other two accounts (Mom, htpc) cannot access the shares. Each account can login to the server using ssh.
The following is my attempt to determine why the two accounts are denied access:
Server configuration:
FreeNAS-9.2.1.5-RELEASE-x64 (80c1d35)
Host Name = MediaStore
Accounts: htpc(group=user_access), myacct(group=user_access,wheel), Mom(group=user_access)
ZFS Volume = /mnt/Stor1
ZFS Dataset = /mnt/Stor1/Movies1 (CIFS share = Movies1)
Owner=htpc(permissions=RWE), Group=user_access(Permissions=RWE), other(Permissions=RE) Windows ACL
ZFS Dataset = /mnt/Stor1/Movies2 (CIFS share = Movies2)
Owner=htpc(permissions=RWE), Group=user_access(Permissions=RWE), other(Permissions=RE) Windows ACL
ZFS Dataset = /mnt/Stor1/myacct (CIFS share = myacct)
Owner=myacct(permissions=RWE), Group=user_access(permissions=RWE), other(permissions=RE) Windows ACL
ZFS Dataset=/mnt/Stor1/Mom (CIFS share = Mom)
Owner=Mom(permissions=RWE), Group=user_access(permissions=RWE), other(permissions=RE) Windows ACL
Using my windows desktop to test access to the share:
Windows 8.1 Pro 6.3.9600 Build 9600
Hostname=video
User Accounts: myacct(local user, password protected, non-admin), htpc(local user, password protected, non-admin)
These tests were an attempt to access \\MEDIASTORE\Movies1 ----------------------------------
1) Login using htpc --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=htpc, Password=testpass) --> access is denied
I confirmed that the local account name and password matched the server account name and password.
2) Login using htpc --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=MEDIASTORE\htpc, Password=testpass) --> access is denied
3) Login using myacct --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> immediate access to files in Movies1
The Windows Security window for authentication did not appear (same account name and password on deaktop and server).
The same thing occured with the other 3 shares.
Using a windows laptop to test access to the same share:
Windows 8.1 Pro 6.3.9600 Build 9600
Hostname=laptop
User Accounts: htpc (local user, password protected, non-admin), myacct(local user, password protected, admin)
The tests to access \\MEDIASTORE\Movies1 ---------------------------------------
1) Login using htpc --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=htpc, Password=testpass) --> access is denied
2) Login using htpc -->File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=MEDIASTORE\htpc, Password=testpass) --> access is denied
3) Login using myacct --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> immediate access to files in Movies
4) Login using Administrator --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=htpc, Password=testpass) --> "Windows cannot access \\MEDIASTORE\Movies1" Error code: 0x800704cf "The network location cannot be reached" --> Diagnostics --> "You don't have permission to access the share"
5) Login using Administrator --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=myacct, Password=mypass) --> immediate access to files in Movies1
The results were the same when my wife attempted to access the shares using the (Mom) account on her Windows 8.1 laptop. Access is denied on my home theater pc using the (htpc) account, but my personal account (myacct) has access.
The one difference between my server account (myacct) and the Mom and htpc accounts, is the participation of myacct in the wheel group. I added htpc to the wheel group and reran the tests with no difference. Other than the secondary wheel group, I could not find any other differences, but why only one account working? I do not know what to try next and any suggestions or advice would be great!
The problem started with a change in the configuration of my FreeNAS storage. I had a Z1 array with a main volume (/mnt/Stor1), and with 4 subvolumes in the main volume (/mnt/Stor1/myacct, /mnt/Stor1/Mom, /mnt/Stor1/Movies1, /mnt/Stor1/Movies2). In each of the subvolumes I created one Dataset with the same name as the subvolume (myacct, Mom, Movies1, Movies2). As I became more familiar with ZFS, I decided the redundancy in the Volumes and Datasets might not make much sense, so I rebuilt the Z1 array using a single primary volume (/mnt/Stor1) and 4 datasets in the main volume (/mnt/Stor1/myacct, /mnt/Stor1/Mom, /mnt/Stor1/Movies1, /mnt/Stor1/Movies2). I created three server accounts - the account I use (myacct), the account my wife uses (Mom) and the account for my home theater pc (htpc). My account (myacct) can access the CIFS shares without problem, the other two accounts (Mom, htpc) cannot access the shares. Each account can login to the server using ssh.
The following is my attempt to determine why the two accounts are denied access:
Server configuration:
FreeNAS-9.2.1.5-RELEASE-x64 (80c1d35)
Host Name = MediaStore
Accounts: htpc(group=user_access), myacct(group=user_access,wheel), Mom(group=user_access)
ZFS Volume = /mnt/Stor1
ZFS Dataset = /mnt/Stor1/Movies1 (CIFS share = Movies1)
Owner=htpc(permissions=RWE), Group=user_access(Permissions=RWE), other(Permissions=RE) Windows ACL
ZFS Dataset = /mnt/Stor1/Movies2 (CIFS share = Movies2)
Owner=htpc(permissions=RWE), Group=user_access(Permissions=RWE), other(Permissions=RE) Windows ACL
ZFS Dataset = /mnt/Stor1/myacct (CIFS share = myacct)
Owner=myacct(permissions=RWE), Group=user_access(permissions=RWE), other(permissions=RE) Windows ACL
ZFS Dataset=/mnt/Stor1/Mom (CIFS share = Mom)
Owner=Mom(permissions=RWE), Group=user_access(permissions=RWE), other(permissions=RE) Windows ACL
Using my windows desktop to test access to the share:
Windows 8.1 Pro 6.3.9600 Build 9600
Hostname=video
User Accounts: myacct(local user, password protected, non-admin), htpc(local user, password protected, non-admin)
These tests were an attempt to access \\MEDIASTORE\Movies1 ----------------------------------
1) Login using htpc --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=htpc, Password=testpass) --> access is denied
I confirmed that the local account name and password matched the server account name and password.
2) Login using htpc --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=MEDIASTORE\htpc, Password=testpass) --> access is denied
3) Login using myacct --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> immediate access to files in Movies1
The Windows Security window for authentication did not appear (same account name and password on deaktop and server).
The same thing occured with the other 3 shares.
Using a windows laptop to test access to the same share:
Windows 8.1 Pro 6.3.9600 Build 9600
Hostname=laptop
User Accounts: htpc (local user, password protected, non-admin), myacct(local user, password protected, admin)
The tests to access \\MEDIASTORE\Movies1 ---------------------------------------
1) Login using htpc --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=htpc, Password=testpass) --> access is denied
2) Login using htpc -->File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=MEDIASTORE\htpc, Password=testpass) --> access is denied
3) Login using myacct --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> immediate access to files in Movies
4) Login using Administrator --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=htpc, Password=testpass) --> "Windows cannot access \\MEDIASTORE\Movies1" Error code: 0x800704cf "The network location cannot be reached" --> Diagnostics --> "You don't have permission to access the share"
5) Login using Administrator --> File Explorer --> Network --> MEDIASTORE --> Movies1 --> Windows Security (Username=myacct, Password=mypass) --> immediate access to files in Movies1
The results were the same when my wife attempted to access the shares using the (Mom) account on her Windows 8.1 laptop. Access is denied on my home theater pc using the (htpc) account, but my personal account (myacct) has access.
The one difference between my server account (myacct) and the Mom and htpc accounts, is the participation of myacct in the wheel group. I added htpc to the wheel group and reran the tests with no difference. Other than the secondary wheel group, I could not find any other differences, but why only one account working? I do not know what to try next and any suggestions or advice would be great!
