[SOLVED] SMB Permissions - Im ready to throw a brick at it.


Recommended Posts

My SMB permissions seem to be broken. This all started after a motherboard and cpu swap. My server was down for about 5 weeks and after putting in new hardware (same mb and cpu) my SMB permissions seem to be broken. My windows VM developed somehow serious corruption and had to be formatted and im now running a new Windows 10 VM (with the same username as my old Windows VM). 

 

I can mount a SMB share as public folder and i can read/write just fine but when i try mount a private or secure smb share i get 1 of 2 errors

The network folder specified is currently mapped using a different user name and password

or if it does mount and i navigate to a file or folder Windows Explorer throws this error

"Location is unavailable" with the text "z\music\metallica is unavaliable.  If the location is on this PC, make sure the device or drive is connected or the disc is inserted, and then try again. If the location is on a network, make sure you're connected to the network or internet, and then try again. If the location still can't be found, it might have been moved or deleted."

I did try a fresh install of Windows and i keep receiving the same errors. I've tried deleting unraid users, creating new users, deleting old smb network credentials from windows and i have followed pretty much everything here: https://community.spiceworks.com/topic/453258-mapping-drive-issue-pulling-my-hair-out

From what i can gather it must be a server side issue where the server is remembering old connections. I've tried to cycle SMB (turn it off and on again in unraid) and its made no difference. I've run New Permissions on the share on Unraid (Tools/NewPerms), i've uninstalled plugins that i feel could be potentially causing an issue such as cache directories and it hasn't solved the issue either. If it is a server side issue how do i clear out an old config for SMB and start fresh?

Edited by CatMilk
adding "solved" title update
Link to comment
49 minutes ago, CatMilk said:

From what i can gather it must be a server side issue where the server is remembering old connections

It is Windows that remembers old connections. You can only have one login to a remote machine and once that is established it won't use another even if it prompts for a password. You have to delete the credentials to get it to start over with a different login. See this sticky for more.

 

 

Link to comment
2 hours ago, trurl said:

It is Windows that remembers old connections. You can only have one login to a remote machine and once that is established it won't use another even if it prompts for a password. You have to delete the credentials to get it to start over with a different login. See this sticky for more.

 

 

That didn't work. I've attached below screenshots of what i done following the advice from your post and from the url you attached. 

 

I removed any old credentials from windows

image1.thumb.PNG.9c7732e8287f4ab0fb7d92795c804be7.PNG

 

Removed old mapped network shares so that there were none connected on the PC

image2.thumb.PNG.69d53ea287c08446994d8c98814826a1.PNG

 

Gave the user "smb1" full read & write permissions across all shares on the server

image3.thumb.PNG.ab496e68703265a370a64fb4cca80c92.PNG

 

Installed the local master plugin to make unraid the local master for smb

image4.PNG.ad6cad92741deb551d37ee3b76cdaa49.PNG

 

Removed any residual mounts still listed in the registry for the server

image5.PNG.25b8d77c59681a27eb25f18e3fbd7a6c.PNG

 

Ran net use * /delete to make sure any mappings were removed

image6.PNG.82ee98e18422c4c2b1e52fc3226da508.PNG

 

Ran a heap of commands to flush any DNS and networks settings

image7.thumb.PNG.cd67ccc842d90e78b4ce7767371622b0.PNG

 

Then i shutdown the VM & shutdown the server. Left the server off for 15 minutes and then turned it on. I rebooted the VM about 45 minutes afterwards the server rebooted. Then I went directly to Computer/Map Network Drive on Windows

 

Tried to mount my server's share \\voyager\media and picked "connect using different credentials"

i got prompted twice for credentials so i inserted "smb1" for the username and my password, share mounted and when i navigate to files and folders i get an error as below

Captureasdf.PNG.f7919a5b736026e9c609969b50cfd409.PNG

 

An oddity i noticed is that for the share "media" security is set to private so AFIK it shouldn't be visible on the network unless Windows is using my smb1 credentials to expose it but it is visible under "network/voyager/media" on Windows but when i try open a file or some dir's i get \\voyager\media\movies\blah blah is unavailable. 

 

Capturewbtwbrtwrt.PNG.13a64e7757dbeefc706d3c047eabc1a7.PNG

 

When i mount a public share (example i have a watch folder for deluge) i can write into the share as a public user but i can't open any files despite the share being set to public. It throws the error mentioned about (\\voyager\watch\ blah blah is unavailable)

Edited by CatMilk
adding further anomalies
Link to comment

Make sure that you haven't been bitten by this one:

 

https://forums.unraid.net/topic/89452-windows-issues-with-unraid/page/8/?tab=comments#comment-878167

 

MS (apparently) changed the setting in one of its 'security' updates. 

9 hours ago, CatMilk said:

An oddity i noticed is that for the share "media" security is set to private so AFIK it shouldn't be visible on the network unless Windows is using my smb1 credentials to expose it but it is visible under "network/voyager/media" on Windows but when i try open a file or some dir's i get \\voyager\media\movies\blah blah is unavailable. 

As I understand it, making a share private does not make the share itself invisible.  You will see the share name using Windows Explorer but you will not be able to access unless you are a user for that share.  If you want to hide a share from view, you have to make it 'Hidden'.

image.thumb.png.832980509f452ff9444aa6782ac5c197.png

Link to comment
2 hours ago, Frank1940 said:

Make sure that you haven't been bitten by this one:

 

https://forums.unraid.net/topic/89452-windows-issues-with-unraid/page/8/?tab=comments#comment-878167

 

MS (apparently) changed the setting in one of its 'security' updates. 

As I understand it, making a share private does not make the share itself invisible.  You will see the share name using Windows Explorer but you will not be able to access unless you are a user for that share.  If you want to hide a share from view, you have to make it 'Hidden'.

image.thumb.png.832980509f452ff9444aa6782ac5c197.png

You were right about the export = yes (hidden) - I never noticed that option before so thanks for the heads up. 

 

Anyway i've checked the group policy. Enable insecure guest logins was set to "NO" so i changed it to YES, then ran gpupdate /force on cmd, then rebooted and i still have the same recurring issue. 

 

There was no registry entry before or after the reboot for "enable insecure guest logins". It might be something that becomes active if you connect to a AD. 

 

I've now fired up a new Win10 virtual machine and i've mounted the SMB share and im getting the exact same error on that VM. In essence this is a completely new and separate machine to the one i quoted earlier in this post and it has the exact same issue. This is why i believe its a server side error where the server is remembering an old connection.

 

Capture3.thumb.PNG.b6888a3326ca204406890c1676c45a05.PNG

 

 

Edited by CatMilk
added addition of new VM test
Link to comment

You may  need to have a look at things at the Linux level.  The reason I am saying that it appears that you are getting down inside the share and you suddenly can't go any further down the directory tree. 

 

      image.png.252935b94cd232b7f2582e5a14b73dd1.png

 

I would suggest you start by reading this post and I am going to ping @ken-ji  and perhaps he will have some insight. 

 

       https://forums.unraid.net/topic/46802-faq-for-unraid-v6/page/2/?tab=comments#comment-546530

 

There  is a terminal program built into the GUI and you can use it run Linux command line commands very easily.   the basic command you need to look at file and directory attributes is:

ls -al /mnt/user0

Just add a slash (   /     )    and the directory name (capitalization is important in Linux!!!!) to move down the tree.  (The "arrow-keys" will allow you to move up and down the stack of commands that you have previously entered--- or backwards and forwards in the command line to do editing of an individual command to modify it.)

 

PS.  In that error message in the above screen shot (that I have included), I would ignore everything after the "is unavailable."  And even that phase may not be completely accurate.  What I tend to think is that you are not being permitted to open up that directory.

Link to comment
1 hour ago, Frank1940 said:

You may  need to have a look at things at the Linux level.  The reason I am saying that it appears that you are getting down inside the share and you suddenly can't go any further down the directory tree. 

 

      image.png.252935b94cd232b7f2582e5a14b73dd1.png

 

I would suggest you start by reading this post and I am going to ping @ken-ji  and perhaps he will have some insight. 

 

       https://forums.unraid.net/topic/46802-faq-for-unraid-v6/page/2/?tab=comments#comment-546530

 

There  is a terminal program built into the GUI and you can use it run Linux command line commands very easily.   the basic command you need to look at file and directory attributes is:


ls -al /mnt/user0

Just add a slash (   /     )    and the directory name (capitalization is important in Linux!!!!) to move down the tree.  (The "arrow-keys" will allow you to move up and down the stack of commands that you have previously entered--- or backwards and forwards in the command line to do editing of an individual command to modify it.)

 

PS.  In that error message in the above screen shot (that I have included), I would ignore everything after the "is unavailable."  And even that phase may not be completely accurate.  What I tend to think is that you are not being permitted to open up that directory.

Ok so i've checked permissions

 

In the below example I have mounted the smb share with "smb1" user & pass. Win explorer won't let me into the "Avengers" folder (throws the explorer error as mentioned previously) yet when i check the permissions for the folders everyone has read/write/execute (777).

Capture2.PNG.1ada6c7d6d799eea83d7531711c46110.PNG

 

On the example below i have read/write/execute (777) on the "family_videos" share and explorer lets me into the folder yet when i try play a file (example the file called video cassette 1) it will not open. Yet if i head to my "media/movies" dir and find a video with the same permissions, one that was put onto the server months ago it will open just fine. For example i tried it in media/movies on the file -rw-rw-rw- 1 nobody users 1828481151 Dec 11  2017 the.quiet.man.1952.remastered.dvdrip.x264-regret.mkv and that opened just fine for me. 

Capture1.thumb.PNG.e4847e399444cbf55fd32944818d8d50.PNG

Link to comment
50 minutes ago, trurl said:

Another thing you should consider is how is that data being created. If one of your docker apps is creating it perhaps it needs settings adjusted so it saves files with the correct permissions.

Files and folders that were created months ago by deluge/sonarr are not allowing me access, yet there was no previous problem with them and the permissions seem to conflict. In some cases i can open folders & videos and in other cases i can't despite them having identical permissions. 

Link to comment
3 hours ago, ken-ji said:

Nothing here stands out. Could you run


testparm -s

and paste the output of that? I'm wondering if you managed to have extended ACLs configured as that would cause samba to do some weird blocks if the extended ACLs got corrupted.

root@Voyager:~# testparm -s
Load smb config files from /etc/samba/smb.conf
WARNING: The "encrypt passwords" option is deprecated
WARNING: The "null passwords" option is deprecated
WARNING: The "syslog" option is deprecated
WARNING: The "syslog only" option is deprecated
WARNING: The "allocation roundup size" option is deprecated
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
        disable spoolss = Yes
        load printers = No
        map to guest = Bad User
        multicast dns register = No
        ntlm auth = ntlmv1-permitted
        null passwords = Yes
        os level = 100
        passdb backend = smbpasswd
        preferred master = Yes
        printcap name = /dev/null
        security = USER
        server min protocol = NT1
        server string = Media server
        show add printer wizard = No
        syslog = 0
        syslog only = Yes
        unix extensions = No
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        acl allow execute always = Yes
        aio read size = 0
        aio write size = 4096
        allocation roundup size = 4096
        create mask = 0777
        directory mask = 0777
        hide dot files = No
        include = /etc/samba/smb-shares.conf
        invalid users = root
        map archive = No
        map readonly = yes
        use sendfile = Yes
        wide links = Yes


[flash]
        comment = Unraid OS boot device
        force user = root
        guest ok = Yes
        path = /boot


[Share]
        guest ok = Yes
        path = /mnt/user/Share
        read only = No


[appdata]
        comment = application data
        guest ok = Yes
        path = /mnt/user/appdata
        write list = smb1


[backups]
        comment = Backups: appdata, flash, libvirt
        guest ok = Yes
        path = /mnt/user/backups
        write list = smb1


[domains]
        comment = saved VM instances
        guest ok = Yes
        path = /mnt/user/domains
        write list = smb1


[downloads]
        case sensitive = Yes
        comment = Deluge download management folder
        path = /mnt/user/downloads
        preserve case = No
        short preserve case = No
        valid users = smb1
        write list = smb1


[dupeGuru]
        comment = Duplicate files trash can
        path = /mnt/user/dupeGuru
        valid users = smb1
        write list = smb1


[h265ize]
        case sensitive = Yes
        comment = h265ize I/O folder
        path = /mnt/user/h265ize
        preserve case = No
        short preserve case = No
        valid users = smb1
        write list = smb1


[isos]
        comment = ISO images
        guest ok = Yes
        path = /mnt/user/isos
        write list = smb1


[media]
        case sensitive = Yes
        comment = Movies & Shows
        path = /mnt/user/media
        preserve case = No
        short preserve case = No
        valid users = smb1
        write list = smb1


[public]
        comment = Public share (use for potentially dangerous files)
        guest ok = Yes
        path = /mnt/user/public
        read only = No


[watch]
        case sensitive = Yes
        comment = Deluge watch folder
        guest ok = Yes
        path = /mnt/user/watch
        preserve case = No
        read only = No
        short preserve case = No


[youtube]
        comment = YouTube download share
        guest ok = Yes
        path = /mnt/user/youtube
        write list = smb1

 

Link to comment

Hmm. You have case sensitivity turned on what I think are the affected shares; along with not preserving the case.... ie forcing them to all lowercase (the default) -  on your shares... any particular reason?

I think this might be what's giving you the unavailable error messages. all your samples that cannot be accessed anymore are mixed case. the one you said was fine is in all lowercase.

 

Edited by ken-ji
Link to comment
6 hours ago, ken-ji said:

Hmm. You have case sensitivity turned on what I think are the affected shares; along with not preserving the case.... ie forcing them to all lowercase (the default) -  on your shares... any particular reason?

I think this might be what's giving you the unavailable error messages. all your samples that cannot be accessed anymore are mixed case. the one you said was fine is in all lowercase.

 

That's working for me. It was the case for the password. When i was typing in the password Windows Explorer was not telling me the password was incorrect yet it was passing through as lower case and not mounting correctly. Thank you for spotting that. Its been driving me nuts. 

 

I do have a few folders with some permission issues, example i have a folder in my watch folder and i couldn't write into it. I had to manually change the permissions in Krusader. Would the best way for me to do a mass permission change to default be via the Tools/NewPerms tool in Unraid?

Link to comment
2 hours ago, CatMilk said:

That's working for me. It was the case for the password. When i was typing in the password Windows Explorer was not telling me the password was incorrect yet it was passing through as lower case and not mounting correctly. Thank you for spotting that. Its been driving me nuts.

@CatMilk Not sure how the issue was fixed for you. Did you disable the case sensitive settings on the shares?

Link to comment
48 minutes ago, ken-ji said:

@CatMilk Not sure how the issue was fixed for you. Did you disable the case sensitive settings on the shares?

i changed "case-sensitive names" on the shares from "forced lower" to "auto" and everything started working again. I was mistaken in my previous post thinking this was related to the username/password. I read the GUI notes for this setting and it said it should only be set to "forced lower" on new shares during configuration so by me changing it to "forced lower" on an old share it must have broken the SMB protocol. 

 

Capture1.PNG.15b2677fe925f1420f73fd3fcce6bcc8.PNG

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.