Project

General

Profile

Bug #27027

Cannot connect to SMB share from Windows 2012 R2 that is a Domain Controller

Added by Steve Gladden almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
No priority
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
Reason for Closing:
Reason for Blocked:
Need additional information
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Testing Q4 quad box 8GB RAM.
This is nto a production system.

ChangeLog Required:
No

Description

I have been trying to get one Windows 2012 R2 server that happens to be a domain controller to connect to a simple SMB share on FreeNAS.
I've been unable to get it to connect. (It's not authenticating get Access Denied error)
My steps taken to troubleshoot or figure out the problem are in the forum post noted here.
FreeNAS box is in no way associated to a domain am just trying to access it from server that happens to be a DC.
Other computers and two Windows 2008 R2 member servers do not have any problem connecting to it.
SMB settings on the Windows 2012 R2 server have never been altered or modified from stock settings.

I've asked on the forum and nobody has answered with any troubleshooting/diagnostic steps.
Recently an admin suggested I submit a bug report here as the next step.
https://forums.freenas.org/index.php?threads/cant-connect-to-smb-share-from-windows-2012-r2-server-access-denied.59165/#post-421611

I guess I'd be surprised if this were actually a bug but I have found no troubleshooting / diagnostic steps to analyse why the authentication is failing in this one case.

History

#1 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Unscreened to 15
  • Private changed from No to Yes

Steve: please attach a debug (System -> Advanced -> Save Debug).

#2 Updated by Dru Lavigne almost 3 years ago

  • Status changed from 15 to Closed: Insufficient Info
  • Target version set to N/A
  • Private changed from Yes to No

#3 Updated by Steve Gladden almost 3 years ago

  • File debug-BackupMonster-20171204134544.tgz added

Can I re-open this?

#4 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Closed: Insufficient Info to 15
  • Private changed from No to Yes

Steve: this may be fixed for 11.1. Can you upgrade and let us know if that resolves the issue? If it does not, attach a new debug from the upgraded system.

#5 Updated by Steve Gladden almost 3 years ago

Yes I will do that!

#6 Updated by Steve Gladden almost 3 years ago

  • File debug-BackupMonster-20171214142238.tgz added

Updated rebooted no change in problem.
attaching new debug just after trying today.

#7 Updated by Steve Gladden almost 3 years ago

Connect just fine from a random windows 7 client.
Logged in with "steve" credentials to smb share.
Windows 2012 DC still cannot access share with same access denied error.

I've tried everything that I know to try.
This is why I am here and asking how do I diagnose it further.
Why is the auth failing.

Thanks.

#8 Updated by Dru Lavigne almost 3 years ago

  • Status changed from 15 to Unscreened
  • Assignee changed from Release Council to John Hixson
  • Target version changed from N/A to 11.1-U1
  • Seen in changed from 11.0-U4 to 11.1

#9 Updated by John Hixson almost 3 years ago

  • Status changed from Unscreened to 15

Can you turn up debugging and try and auth from your DC? I need more verbose logging. Under services->smb set the log level to debug. Once you get this, please attach another debug.

#10 Updated by Steve Gladden over 2 years ago

Will do

#11 Updated by Steve Gladden over 2 years ago

  • File debug-BackupMonster-20171220072448.tgz added

Here it is. Thanks.

#12 Updated by Dru Lavigne over 2 years ago

  • Status changed from 15 to Investigation

#13 Updated by Steve Gladden over 2 years ago

Just checking in still watching.
Happy New Year.
And thanks for looking into this.

#14 Avatar?id=14398&size=24x24 Updated by Kris Moore over 2 years ago

  • Target version changed from 11.1-U1 to 11.2-BETA1

#15 Updated by John Hixson over 2 years ago

  • Status changed from Investigation to 15

Steve Gladden wrote:

Just checking in still watching.
Happy New Year.
And thanks for looking into this.

Who are you trying to authenticate as? This is what I am seeing in the logs:

guest user (from session setup) not permitted to access this share (Dual500)

So you are either trying to authenticate as user "guest" or you are trying to auth as a non-existent user that gets mapped to guest.

#16 Updated by Dru Lavigne over 2 years ago

  • Status changed from 15 to Closed
  • Target version changed from 11.2-BETA1 to N/A
  • Private changed from Yes to No
  • Reason for Blocked set to Need additional information

#17 Updated by Dru Lavigne over 2 years ago

  • File deleted (debug-BackupMonster-20171204134544.tgz)

#18 Updated by Dru Lavigne over 2 years ago

  • File deleted (debug-BackupMonster-20171214142238.tgz)

#19 Updated by Dru Lavigne over 2 years ago

  • File deleted (debug-BackupMonster-20171220072448.tgz)

#20 Updated by Paul Edwards over 2 years ago

John Hixson wrote:

Steve Gladden wrote:

Just checking in still watching.
Happy New Year.
And thanks for looking into this.

Who are you trying to authenticate as? This is what I am seeing in the logs:

guest user (from session setup) not permitted to access this share (Dual500)

So you are either trying to authenticate as user "guest" or you are trying to auth as a non-existent user that gets mapped to guest.

Hello there.
I understand this bug has been closed but I was interested in the resolution if one was found? I have the exact same problem - other Windows machines can access the Freenas unit without issue, only the domain controller cannot.
--Windows 2012 (Not R2)
--FreeNAS 11.1U4

If you would like me to open a new bug instance I would be happy to, although I would appreciate knowing where I could find the Samba debug log as I have increased logging to DEBUG as mentioned above but cannot find it.
Many thanks

#21 Updated by Dru Lavigne over 2 years ago

Paul: please open a new ticket and attach your debug (System -> Advanced -> Save Debug) to that new ticket (it will be marked private until the dev uses and deletes your debug).

#22 Updated by Steve Gladden over 2 years ago

Paul Edwards wrote:

John Hixson wrote:

Steve Gladden wrote:

Just checking in still watching.
Happy New Year.
And thanks for looking into this.

Who are you trying to authenticate as? This is what I am seeing in the logs:

guest user (from session setup) not permitted to access this share (Dual500)

So you are either trying to authenticate as user "guest" or you are trying to auth as a non-existent user that gets mapped to guest.

Hello there.
I understand this bug has been closed but I was interested in the resolution if one was found? I have the exact same problem - other Windows machines can access the Freenas unit without issue, only the domain controller cannot.
--Windows 2012 (Not R2)
--FreeNAS 11.1U4

If you would like me to open a new bug instance I would be happy to, although I would appreciate knowing where I could find the Samba debug log as I have increased logging to DEBUG as mentioned above but cannot find it.
Many thanks

Hi Back.
No the issue was never resolved.
Updates did not help.
If I remember correctly dev team could not reproduce issue.
And I have not had time to pick the project back up yet.
My plan was to reinstall everything from scratch and try again.

It's frustrating that there are no clear cut troubleshooting options.
Like looking at a packet capture and sseint WHY it's denying access.
Every other machine tested on the network could access and write to the share just fine.
Except the ONE machine that I wanted to have write to it. URGH!
If you stat a new thread please give a link back in this one if you don't mind.
I'll eventually update this thread AND the public one of what my solution is whenever I have a solution. :)
I always do.
Even if it takes a couple years.

I'm not one of thiose idiots that never comes back to update a thread even if I give up (whcih is rare).
But it takes me awhile sometimes.

Also available in: Atom PDF