SAMBA Share Issues

Rockstor and I seem to be having issues of late

I am trying to create share folders, to be accessed from Windows (Samba) that have individual user access. I want my wife to be able to log access her folder, but not the kids type deal. So, I went in and created a test share

share733×439 28.4 KB

From there, I created the Samba Export

samba_11610×35 7.86 KB

samba_21153×602 31.6 KB

I go to Windows Explorer, enter the IP address 10.0.0.3 and get a list of folders

samba_31143×192 18.2 KB

I double click my test folder (test_samba) and it asks for my user name and password. Up to this point, everything is working as it should. However, when I enter my user name and password, I get an error

Now, you will note there are other share folders, from Rockstor, showing in Windows Explorer. (labled as: “Media” “owncloud” and “proxmox”). Those folders have guest enabled, so they don’t ask for user name and password, and they work just fine. I only run into this issue when attempt to secure the share.

I have tried chaging every setting I can think of and nothing is working. I have even gone back throuhg old posts that seem similar to the issue I am having and nothing. I have read, and reread, these instructions as well

https://rockstor.com/docs/interface/storage/file_sharing/samba_ops.html

https://rockstor.com/docs/interface/storage/shares-btrfs-subvolumes.html#createshare

https://rockstor.com/docs/interface/system/identity/users.html#adduser

I am totally lost why I am getting this issue

I am trying to access the shares from

My rockstor is

Help, please… this is driving me bats.

Hi @greyson1973 ,

Thanks for all the information, that is always helpful. There is one thing I can think of, right off the bat:

In settings the permissions for the test_samba share in Rockstor, I of having ownership set to root:

• owner: the user that you will use when entering the credentials from Windows.
• group: users

Then try again accessing it using the username set as owner above.

Note that you can also remove the user you placed in the Admin users when creating the Samba export.

Hope this helps,

samba_4757×439 29.3 KB

Tried it earlier, but I tried it again just in case I didn’t get it right last time…

Exactly same error

Just to make sure: you are trying to login to that share from Windows using decius1973 at the username and its password set when you created the user in Rockstor, correct?

That would be correct. Though, I thank you for double checking. Wouldn’t be the first time I tried to log in somewhere with the wrong credentials LOL

Do you have any credentials stored under that IP address (or servername) in the Windows Credentials Manager?

Since I don’t use it, I doubt it. But… Since I don’t use it, it’s possible I do and didn’t realize it. Screen shots for the win…I don’t see anything, but if you do please point it out so I can fix it.

windows704×814 77.4 KB

No, doesn’t look like it. I have some credentials stored there for mapped drives, etc. hence my question, because it seemed to also affect how I get to the “Network” view of Rockstor.

Update, additional question:
Can you see the Security properties on the test_samba folder (I assume you can for the other folders) to see whether it shows the user/group/everyone?

I am honestly not sure what your asking. Are you asking in Windows Properties or in Rockstor?

I am assuming you mean windows. Here is what one of the shared folders, with the “guest OK yes” turned on in Rockstor looks like in Windows Properties

Here is what the non working test directory looks like in Windows Properties

Yes, sorry I should have clarified. Windows Properties is what I was asking for.
ok, interesting, so folder is only accessible for the “no Guest” folder using the root user credentials.

What I also found in some case, is that the owner shown in the WebUI doesn’t match what’s actually going on at the filesystem level. During setup and subsequent changes, the Share (not Samba export) should have the same user:group setting when checking at the command line. Especially if Rockons have different UID:GID combos and use one of those shares, the user:group can become out of whack between what’s shown in the UI and what’s actually happening on the OS level.

So, can you use the command line (PuTTy or the WebUI shell) to check the ownership of the share that you’re exposing through Samba?

e.g.:
ls -la /mnt2/ this should give you the list of all your shares, but of course only the test_samba share is of importance here. For example, here the user:group combo is plex:plex:

drwxr-xr-x 1 plex  plex   52 Aug  2 13:11 test-config

In Windows Properties this share (as a Samba Export) has this security view:

But the WebUI setting for this share still shows as root:root:

image1065×555 14.5 KB

And for good measure the Samba export has root as the admin user (this is just to show that the admin user does not define what’s exposed with the Samba export):

image855×491 15.8 KB

Maybe that’s the issue?

If you want to change it at the filesystem level (to match what you have in your WebUI for the user:group combo, you can do that via the command line as well:

chown decius1973:users /mnt2/test_samba

if you already have sub-folders created on that share you can also change the ownership recursively (capital -R or --recursive flag):

chown -R decius1973:users /mnt2/test_samba

“so folder is only accessible for the “no Guest” folder using the root user credentials.”

Folder access is only working for t for “Guest Ok YES” folder using root credentials and group users

“What I also found in some case, is that the owner shown in the WebUI doesn’t match what’s actually going on at the disk level. During setup and subsequent changes, the Share (not Samba export) should have the same user:group setting when checking at the command line. Especially if Rockons have different UID:GID combos and use one of those shares, the user:group can become out of whack between what’s shown in the UI and what’s actually happening on the OS level.”

Completely lost me there.

“So, can you use the command line (PuTTy or the WebUI shell) to check the ownership of the share that you’re exposing through Samba?”

I know how to SSH into Rockstor with Putty.

" ls -la /mnt2/ this should give you the list of all your shares"

How no idea what test_samba looks like in windows, cause all I see is this

windows_properties363×511 23.3 KB

In Rockstor it looks like this in the Rockstor Samba WebUI

share2754×411 28.7 KB

After I made the changes suggested by Flox

You lost me on everything after that, but don’t need to understand to follow directions. So…

What I did was put the Rockstor WebUI back to

share733×439 28.4 KB

so it matches the your picture of the WebUI you provided

I ran the LS command you mentioned and the output changed to

then I ran the chown command you listed which changed the output to

but the WebUI is staying

share733×439 28.4 KB

STill have no properties in Windows for the test_samba folder and still can’t access it with user name and password.

ok, I think you understood fine, at least what you posted made sense

Looking at your error message again. This might be an issue with the how you access other shares on the same instance (i.e. Rockstor). If the other connections already worked, and it used, say, the anonymous login (Guest Access), then it cached that portion and hence when you’re trying to get to it with different credentials it might not work.

So, two things:

• can you take a look at the smb logs in Rockstor right after you try to access the share/folder?
  In the WebUI:
  
  

  image338×777 43.9 KB

use this one. I think the 30 last lines (the tail dropdown) might be enough

image1149×172 7.22 KB

I hope, you can find some error being thrown about not being allowed access (I think I remember it’s something like an error 1006 about access denied or something and maybe it shows the user being used).

• see whether in Windows 11 you can get rid of the cached credentials by using a cmd prompt (in admin mode) on the W11 machine:
  net use should list which ones you currently have. If they’re related to your 10.0.0.3 you can try to get rid of each of them via:

net use \\10.0.0.3\<share name> /delete

or the nuclear option, though that will get rid of any cached credentials to any other machines that you might have been using:

net use * /delete

and then try it again with your desired credentials on that share.

If you were to assign a drive letter (I know, not necessarily practical) then you can force it to use a different set of credentials.

Finally, another option can be that after you delete them, you create one in the Windows credential manager for that ip address and see whether that works (not sure it will, but …)

Last question, just to be sure, you have not mapped a network drive letter to one of the other shares, using “other credentials” already, correct?

I haven’t had a chance to try any of the suggestions from Hooverdan yet, but I did find another wrinkle that may help diagnosis the problem…

My Rockstor is running on the base hardware for a server. However, I have a second server that is running Proxmox with several VMs. I wanted Proxmox to run nightly backups to my Rockstor NAS so I creeated a proxmox user (with password), a share called proxmox, and then a Samba Export called proxmox. I then tried to have my proxmox server map the share so it could use it for the backups. However, proxmox reported authentication problems and proxmox was only able to access the share when I set “guest ok” to yes (removing the need to authenticate) on the Samba Export in Rockstor. I also setup an owncloud server. I once again created a share and user in Rockstor. Again, owncloud was unable to authenticate with Rockstor and so I had to set “guest ok” to yes in Rocktor.

So, whatever the issue is, it’s not Windows related. It’s rockstor not allowing authentication. That would lead me to believe that I am doing something wrong either when I create the user credentials, when I am inputting the credentials into the various computers trying to access the shares, or in the way the credentials are being recieved/processed by Rockstor.

Now, as for the credentials. I create a user name, a password, and set the group to Rockstor’s built in users group. I do this is the WebUi and touch nothing else. I just assume that is all I need to to provide a user with access to a Rockstor share.

Don’t know if this info will help y’all guide me in fixing the issue, but figure it can’t hurt to share the info

Interesting, you might be right that it’s then on the “other” side (i.e. the samba server). So, understanding what’s written to the logs would be good.

Did you do any additional configuration of samba parameters using the free-form field, or “just” turn it on with the minimal settings (i.e. defining the workgroup)?

Since I wanted the named Rockstor server show up in my network, I’ve been using the wsdd Rockon. This won’t make a difference to you, since you can get to it via IP, just wanted to mention it . But I also have a few additional setting for the samba server, due to wanting consistent access for apple devices on top of windows machines.

But this might all not matter, since I think this all worked for you before, or did you have issues with e.g. the proxmox connection but not the windows machine until recently?

Honestly, I am new to Rockstor. So, I don’t know enough about it to mess with settings much. While I use linux enough to be comfortable with SSH and command line (and old enough to remember when there was no such thing as a GUI and DOS Command was all you had) I don’t know enough about the base OS to mess around too much in command line. So, if there isn’t a setting in the WebUI, it’s staying default and if it is in the WebUI, but I don’t understand it, it’s staying default too.

I added the wsdd plug in. I like the suggestion and the fact my NAS shows up in explorer mow. Thanks for the tip.

Take a look at the samba logs then to see whether additional information is available to related to the failure to authenticate. Also, if you see anything related to samba in the rockstor log file, possibly.

Ok, I am not sure what happened, but suddenly it is working though not quite as I would like. Now, instead of ONLY letting in the assigned user, it’s letting everyone in as if it the guest ok was set to yes… but it’s not

So, I rebooted my Windows PC and suddenly I don’t have access again.

Also, when I pull up the logs, I get a short little window with a ton of requests going to and from my Proxmox server. So much so, I can’t see what my Windows PC is doing. So, I thought I would just down load the logs. However, when I try that, Chrome tells me to “check my internet connection” and wont download.,

again, strange. If you can use ssh into the server you can go to the samba logs directory:

/var/log/samba

there you should find a “few” logs among them the log.smbd.

You can look at it by opening it with an editor, using nano log.smbd or just run the tail command, e.g.

tail -n200 ./log.smbd (or however many lines you want to go back)
If you want to go through the entire log, use cat ./log.smbd.
You can also use grep to further filter, so it shows only entries that contain the search term, e.g.:
cat ./log.smbd | grep '10.0.0.1 (or some other search term, just remember it’s case-sensitive, unlike windows in general).

So, I solved part of the issue.

First - I unmapped the share for Proxmox from my proxmox server. I then deleted the samba export for the proxmox export and then deleted the proxmox share entirely from Rockstor.

Took a bit, but proxmox stopped flooding the logs of my Rockstor machine

Second - I have a drive mapped from my NAS… the Media Share was mapped to windows as drive Z. If I unmap the drive, I can then get into the test_samba with my user name and password. Seems like all is working correctly. So, I deleted the test_samaba and set up Mike and Kitty shares and put them on Samba Export. Go to the address of my server \\10.0.0.3 and I see Mike and Kitty listed. All looks good so far. Double click on Mike brings up a password prompt. I enter my credentials, and I am in. Perfect. Now, when I double click kitty, it does NOT ask for credentials and just logs me into the directory. This is NOT what I want it to do… So it’s not isolating the shares based on user…

At least I am one step closer…I am not sure if the flood of requests from Proxmox was the issue or the mapped windows drive… but not worried about either right now. I can test those once I get the user level access working correctly