AceRimmer Posted September 8, 2020 Share Posted September 8, 2020 (edited) My SMB permissions seem to be broken. This all started after a motherboard and cpu swap. My server was down for about 5 weeks and after putting in new hardware (same mb and cpu) my SMB permissions seem to be broken. My windows VM developed somehow serious corruption and had to be formatted and im now running a new Windows 10 VM (with the same username as my old Windows VM). I can mount a SMB share as public folder and i can read/write just fine but when i try mount a private or secure smb share i get 1 of 2 errors The network folder specified is currently mapped using a different user name and password or if it does mount and i navigate to a file or folder Windows Explorer throws this error "Location is unavailable" with the text "z\music\metallica is unavaliable. If the location is on this PC, make sure the device or drive is connected or the disc is inserted, and then try again. If the location is on a network, make sure you're connected to the network or internet, and then try again. If the location still can't be found, it might have been moved or deleted." I did try a fresh install of Windows and i keep receiving the same errors. I've tried deleting unraid users, creating new users, deleting old smb network credentials from windows and i have followed pretty much everything here: https://community.spiceworks.com/topic/453258-mapping-drive-issue-pulling-my-hair-out. From what i can gather it must be a server side issue where the server is remembering old connections. I've tried to cycle SMB (turn it off and on again in unraid) and its made no difference. I've run New Permissions on the share on Unraid (Tools/NewPerms), i've uninstalled plugins that i feel could be potentially causing an issue such as cache directories and it hasn't solved the issue either. If it is a server side issue how do i clear out an old config for SMB and start fresh? Edited September 10, 2020 by CatMilk adding "solved" title update Quote Link to comment
trurl Posted September 9, 2020 Share Posted September 9, 2020 49 minutes ago, CatMilk said: From what i can gather it must be a server side issue where the server is remembering old connections It is Windows that remembers old connections. You can only have one login to a remote machine and once that is established it won't use another even if it prompts for a password. You have to delete the credentials to get it to start over with a different login. See this sticky for more. Quote Link to comment
AceRimmer Posted September 9, 2020 Author Share Posted September 9, 2020 (edited) 2 hours ago, trurl said: It is Windows that remembers old connections. You can only have one login to a remote machine and once that is established it won't use another even if it prompts for a password. You have to delete the credentials to get it to start over with a different login. See this sticky for more. That didn't work. I've attached below screenshots of what i done following the advice from your post and from the url you attached. I removed any old credentials from windows Removed old mapped network shares so that there were none connected on the PC Gave the user "smb1" full read & write permissions across all shares on the server Installed the local master plugin to make unraid the local master for smb Removed any residual mounts still listed in the registry for the server Ran net use * /delete to make sure any mappings were removed Ran a heap of commands to flush any DNS and networks settings Then i shutdown the VM & shutdown the server. Left the server off for 15 minutes and then turned it on. I rebooted the VM about 45 minutes afterwards the server rebooted. Then I went directly to Computer/Map Network Drive on Windows Tried to mount my server's share \\voyager\media and picked "connect using different credentials" i got prompted twice for credentials so i inserted "smb1" for the username and my password, share mounted and when i navigate to files and folders i get an error as below An oddity i noticed is that for the share "media" security is set to private so AFIK it shouldn't be visible on the network unless Windows is using my smb1 credentials to expose it but it is visible under "network/voyager/media" on Windows but when i try open a file or some dir's i get \\voyager\media\movies\blah blah is unavailable. When i mount a public share (example i have a watch folder for deluge) i can write into the share as a public user but i can't open any files despite the share being set to public. It throws the error mentioned about (\\voyager\watch\ blah blah is unavailable) Edited September 9, 2020 by CatMilk adding further anomalies Quote Link to comment
Frank1940 Posted September 9, 2020 Share Posted September 9, 2020 Make sure that you haven't been bitten by this one: https://forums.unraid.net/topic/89452-windows-issues-with-unraid/page/8/?tab=comments#comment-878167 MS (apparently) changed the setting in one of its 'security' updates. 9 hours ago, CatMilk said: An oddity i noticed is that for the share "media" security is set to private so AFIK it shouldn't be visible on the network unless Windows is using my smb1 credentials to expose it but it is visible under "network/voyager/media" on Windows but when i try open a file or some dir's i get \\voyager\media\movies\blah blah is unavailable. As I understand it, making a share private does not make the share itself invisible. You will see the share name using Windows Explorer but you will not be able to access unless you are a user for that share. If you want to hide a share from view, you have to make it 'Hidden'. Quote Link to comment
AceRimmer Posted September 9, 2020 Author Share Posted September 9, 2020 (edited) 2 hours ago, Frank1940 said: Make sure that you haven't been bitten by this one: https://forums.unraid.net/topic/89452-windows-issues-with-unraid/page/8/?tab=comments#comment-878167 MS (apparently) changed the setting in one of its 'security' updates. As I understand it, making a share private does not make the share itself invisible. You will see the share name using Windows Explorer but you will not be able to access unless you are a user for that share. If you want to hide a share from view, you have to make it 'Hidden'. You were right about the export = yes (hidden) - I never noticed that option before so thanks for the heads up. Anyway i've checked the group policy. Enable insecure guest logins was set to "NO" so i changed it to YES, then ran gpupdate /force on cmd, then rebooted and i still have the same recurring issue. There was no registry entry before or after the reboot for "enable insecure guest logins". It might be something that becomes active if you connect to a AD. I've now fired up a new Win10 virtual machine and i've mounted the SMB share and im getting the exact same error on that VM. In essence this is a completely new and separate machine to the one i quoted earlier in this post and it has the exact same issue. This is why i believe its a server side error where the server is remembering an old connection. Edited September 9, 2020 by CatMilk added addition of new VM test Quote Link to comment
Frank1940 Posted September 9, 2020 Share Posted September 9, 2020 You may need to have a look at things at the Linux level. The reason I am saying that it appears that you are getting down inside the share and you suddenly can't go any further down the directory tree. I would suggest you start by reading this post and I am going to ping @ken-ji and perhaps he will have some insight. https://forums.unraid.net/topic/46802-faq-for-unraid-v6/page/2/?tab=comments#comment-546530 There is a terminal program built into the GUI and you can use it run Linux command line commands very easily. the basic command you need to look at file and directory attributes is: ls -al /mnt/user0 Just add a slash ( / ) and the directory name (capitalization is important in Linux!!!!) to move down the tree. (The "arrow-keys" will allow you to move up and down the stack of commands that you have previously entered--- or backwards and forwards in the command line to do editing of an individual command to modify it.) PS. In that error message in the above screen shot (that I have included), I would ignore everything after the "is unavailable." And even that phase may not be completely accurate. What I tend to think is that you are not being permitted to open up that directory. Quote Link to comment
trurl Posted September 9, 2020 Share Posted September 9, 2020 Another thing you should consider is how is that data being created. If one of your docker apps is creating it perhaps it needs settings adjusted so it saves files with the correct permissions. Quote Link to comment
AceRimmer Posted September 9, 2020 Author Share Posted September 9, 2020 1 hour ago, Frank1940 said: You may need to have a look at things at the Linux level. The reason I am saying that it appears that you are getting down inside the share and you suddenly can't go any further down the directory tree. I would suggest you start by reading this post and I am going to ping @ken-ji and perhaps he will have some insight. https://forums.unraid.net/topic/46802-faq-for-unraid-v6/page/2/?tab=comments#comment-546530 There is a terminal program built into the GUI and you can use it run Linux command line commands very easily. the basic command you need to look at file and directory attributes is: ls -al /mnt/user0 Just add a slash ( / ) and the directory name (capitalization is important in Linux!!!!) to move down the tree. (The "arrow-keys" will allow you to move up and down the stack of commands that you have previously entered--- or backwards and forwards in the command line to do editing of an individual command to modify it.) PS. In that error message in the above screen shot (that I have included), I would ignore everything after the "is unavailable." And even that phase may not be completely accurate. What I tend to think is that you are not being permitted to open up that directory. Ok so i've checked permissions In the below example I have mounted the smb share with "smb1" user & pass. Win explorer won't let me into the "Avengers" folder (throws the explorer error as mentioned previously) yet when i check the permissions for the folders everyone has read/write/execute (777). On the example below i have read/write/execute (777) on the "family_videos" share and explorer lets me into the folder yet when i try play a file (example the file called video cassette 1) it will not open. Yet if i head to my "media/movies" dir and find a video with the same permissions, one that was put onto the server months ago it will open just fine. For example i tried it in media/movies on the file -rw-rw-rw- 1 nobody users 1828481151 Dec 11 2017 the.quiet.man.1952.remastered.dvdrip.x264-regret.mkv and that opened just fine for me. Quote Link to comment
AceRimmer Posted September 9, 2020 Author Share Posted September 9, 2020 50 minutes ago, trurl said: Another thing you should consider is how is that data being created. If one of your docker apps is creating it perhaps it needs settings adjusted so it saves files with the correct permissions. Files and folders that were created months ago by deluge/sonarr are not allowing me access, yet there was no previous problem with them and the permissions seem to conflict. In some cases i can open folders & videos and in other cases i can't despite them having identical permissions. Quote Link to comment
ken-ji Posted September 10, 2020 Share Posted September 10, 2020 Nothing here stands out. Could you run testparm -s and paste the output of that? I'm wondering if you managed to have extended ACLs configured as that would cause samba to do some weird blocks if the extended ACLs got corrupted. Quote Link to comment
AceRimmer Posted September 10, 2020 Author Share Posted September 10, 2020 3 hours ago, ken-ji said: Nothing here stands out. Could you run testparm -s and paste the output of that? I'm wondering if you managed to have extended ACLs configured as that would cause samba to do some weird blocks if the extended ACLs got corrupted. root@Voyager:~# testparm -s Load smb config files from /etc/samba/smb.conf WARNING: The "encrypt passwords" option is deprecated WARNING: The "null passwords" option is deprecated WARNING: The "syslog" option is deprecated WARNING: The "syslog only" option is deprecated WARNING: The "allocation roundup size" option is deprecated Loaded services file OK. Server role: ROLE_STANDALONE # Global parameters [global] disable spoolss = Yes load printers = No map to guest = Bad User multicast dns register = No ntlm auth = ntlmv1-permitted null passwords = Yes os level = 100 passdb backend = smbpasswd preferred master = Yes printcap name = /dev/null security = USER server min protocol = NT1 server string = Media server show add printer wizard = No syslog = 0 syslog only = Yes unix extensions = No idmap config * : range = 3000-7999 idmap config * : backend = tdb acl allow execute always = Yes aio read size = 0 aio write size = 4096 allocation roundup size = 4096 create mask = 0777 directory mask = 0777 hide dot files = No include = /etc/samba/smb-shares.conf invalid users = root map archive = No map readonly = yes use sendfile = Yes wide links = Yes [flash] comment = Unraid OS boot device force user = root guest ok = Yes path = /boot [Share] guest ok = Yes path = /mnt/user/Share read only = No [appdata] comment = application data guest ok = Yes path = /mnt/user/appdata write list = smb1 [backups] comment = Backups: appdata, flash, libvirt guest ok = Yes path = /mnt/user/backups write list = smb1 [domains] comment = saved VM instances guest ok = Yes path = /mnt/user/domains write list = smb1 [downloads] case sensitive = Yes comment = Deluge download management folder path = /mnt/user/downloads preserve case = No short preserve case = No valid users = smb1 write list = smb1 [dupeGuru] comment = Duplicate files trash can path = /mnt/user/dupeGuru valid users = smb1 write list = smb1 [h265ize] case sensitive = Yes comment = h265ize I/O folder path = /mnt/user/h265ize preserve case = No short preserve case = No valid users = smb1 write list = smb1 [isos] comment = ISO images guest ok = Yes path = /mnt/user/isos write list = smb1 [media] case sensitive = Yes comment = Movies & Shows path = /mnt/user/media preserve case = No short preserve case = No valid users = smb1 write list = smb1 [public] comment = Public share (use for potentially dangerous files) guest ok = Yes path = /mnt/user/public read only = No [watch] case sensitive = Yes comment = Deluge watch folder guest ok = Yes path = /mnt/user/watch preserve case = No read only = No short preserve case = No [youtube] comment = YouTube download share guest ok = Yes path = /mnt/user/youtube write list = smb1 Quote Link to comment
ken-ji Posted September 10, 2020 Share Posted September 10, 2020 (edited) Hmm. You have case sensitivity turned on what I think are the affected shares; along with not preserving the case.... ie forcing them to all lowercase (the default) - on your shares... any particular reason? I think this might be what's giving you the unavailable error messages. all your samples that cannot be accessed anymore are mixed case. the one you said was fine is in all lowercase. Edited September 10, 2020 by ken-ji Quote Link to comment
AceRimmer Posted September 10, 2020 Author Share Posted September 10, 2020 6 hours ago, ken-ji said: Hmm. You have case sensitivity turned on what I think are the affected shares; along with not preserving the case.... ie forcing them to all lowercase (the default) - on your shares... any particular reason? I think this might be what's giving you the unavailable error messages. all your samples that cannot be accessed anymore are mixed case. the one you said was fine is in all lowercase. That's working for me. It was the case for the password. When i was typing in the password Windows Explorer was not telling me the password was incorrect yet it was passing through as lower case and not mounting correctly. Thank you for spotting that. Its been driving me nuts. I do have a few folders with some permission issues, example i have a folder in my watch folder and i couldn't write into it. I had to manually change the permissions in Krusader. Would the best way for me to do a mass permission change to default be via the Tools/NewPerms tool in Unraid? Quote Link to comment
trurl Posted September 10, 2020 Share Posted September 10, 2020 You only want to run NewPerms on specific User Shares to avoid breaking dockers which might have other permission settings for their appdata. There is also the Docker Safe New Permissions if you want to do it all at once, which will skip appdata. Quote Link to comment
AceRimmer Posted September 10, 2020 Author Share Posted September 10, 2020 1 hour ago, trurl said: You only want to run NewPerms on specific User Shares to avoid breaking dockers which might have other permission settings for their appdata. There is also the Docker Safe New Permissions if you want to do it all at once, which will skip appdata. Thank you @trurl, @ken-ji & @Frank1940 Your help has been very much appreciated. Quote Link to comment
ken-ji Posted September 10, 2020 Share Posted September 10, 2020 2 hours ago, CatMilk said: That's working for me. It was the case for the password. When i was typing in the password Windows Explorer was not telling me the password was incorrect yet it was passing through as lower case and not mounting correctly. Thank you for spotting that. Its been driving me nuts. @CatMilk Not sure how the issue was fixed for you. Did you disable the case sensitive settings on the shares? Quote Link to comment
AceRimmer Posted September 10, 2020 Author Share Posted September 10, 2020 48 minutes ago, ken-ji said: @CatMilk Not sure how the issue was fixed for you. Did you disable the case sensitive settings on the shares? i changed "case-sensitive names" on the shares from "forced lower" to "auto" and everything started working again. I was mistaken in my previous post thinking this was related to the username/password. I read the GUI notes for this setting and it said it should only be set to "forced lower" on new shares during configuration so by me changing it to "forced lower" on an old share it must have broken the SMB protocol. Quote Link to comment
ken-ji Posted September 10, 2020 Share Posted September 10, 2020 (edited) Yes, forcing it to lower means all new files are lower case now. But older mixed case named files become inaccessible over samba in weird ways. - like becoming not available as you've experienced. Glad this was all the source of your problem. Edited September 10, 2020 by ken-ji Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.