Project

General

Profile

Bug #6323

Group Ownership does not resolve from "account unknown"

Added by James K almost 6 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

When setting up a fresh new freenas install the user permissions do not resolve for the owner group.

Business Case:
I am trying to setup a freenas system where all users have access to a common share that encrypted and as long as they are part of the fileserver group(volume group owner) they have access to the share.

Related Tickets:
Bug #6192 (supposed to be fixed already in 9.3)

Machine:
Build FreeNAS-9.3-M4-03ca325-x64
Platform Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz
Memory 16281MB

Steps to recreate:
Account
Groups
Add group = fileserver
Click OK

Users
Service
Add users
Username = service
Uncheck Create new primary group for user
Primary group = fileserver
Full name = service
Password
Password confirmation
Click ok
User 1
Add users
Username = user1
Uncheck Create new primary group for user
Primary group = fileserver
Full name = user1
Password
Password confirmation
Click ok
User 2
Add users
Username = user2
Uncheck Create new primary group for user
Primary group = fileserver
Full name = user2
Password
Password confirmation
Click ok
User 3
Add users
Username = user3
Uncheck Create new primary group for user
Primary group = fileserver
full name = user3
Password
Password confirmation
Click ok

System
Edit Hostname = fileserver.local
Click OK

System Information | General
Timezone = New York
Click Save

System Information | Advanced
Enable "Show console messages in the footer:"
Update MOTD Banner = add name of machine
Click Save

Network
Update IPv4 Default Gateway 192.168.1.1
Update "Nameserver 1:" to 192.168.1.1

Network | Interfaces
Click Add interface
NIC = EM0
Interface Name = mainnic
Set IPv4 Address
IPv4 Netmask: = /24 (255:255:255:0)
Click OK

Re-login with new IP address
Under network summary it states no name server found
Global Config
Click save
Click Network Summary
Verify IP is under the name server

New Install - Wipe Disks
Storage
Click Volume | View Disks
Click a Disk
Click Wipe
Select Quick
Click Yes
Repeat for each Drive

Storage
Volume Manager
Volume Name = vol1
encryption - enable
Add 4 disks
Drag 4 disks out on line one
Change to RaidZ
Click Add Volume

Storage | Volumes
Click on the top vol1
Click key icon / create passphrase
Confirm passphrase
Click OK
Click key with down arrow icon to Download the key
Enter password
Click OK
Verify key saved
Click key with plus icon to download the recovery key
Enter password
Verify recovery key saved

Storage | Volumes
Select second vol1
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = files
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = jails
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = media
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset

Storage | Volumes
Select first vol1
Click stacked shells icon / Lock Volume
Click Yes I want to lock this volume

Storage | Volumes
Select vol1
Click the key with a keyhole icon / Unlock Volume
Enter Passphrase
Browse to recovery key
Click OK

Storage | Volumes
Select second vol1
Click cylinder with key icon / Change Permissions
Set Owner (user): = nobody
Set Owner (group) = fileserver
Check Group Write permissions
Unix permission type
Check Set permission recursively
Click Change

Sharing | Windows (CIFS) Shares
Add Windows (CIFS) Share
path = /mnt/vol1/files
name = files
click ok
Click No to enable service
Add Windows (CIFS) Share
path = /mnt/vol1/media
name = media
click ok
Click No to enable service
Turn on CIFS services

Jails
Click Browse
path = /mnt/vol1/jails
Check IPv4 DHCP
Click Save

Plugins
Verify Plugins are displayed
Services | FTP
Click wrench next to FTP
Connections = 0
Login Attempts = 50
Check Allow Root Login
path = /mnt/vol1
Check Allow Transfer Resumption
Click Advanced
File Permissions = Check all under Group
Directory Permissions = Check all under Group
Check Enable FXP
Click OK
Turn on FTP Service

Services | SSH
Click wrench next to SSH
Check Login as root with password
Click OK
Turn on SSH Service

Reboot server
Unlock disks
Enter passphrase
Select recovery key
Click OK

Unexpected Result:
Group ownership does not resolve when right clicked on file within Windows 8.1 from unc folder, click security, group owner shows account unknown.

Expected Result:
Group Ownership should resolve to unix\fileserver

FileSecurity.JPG (59.4 KB) FileSecurity.JPG James K, 10/14/2014 08:41 PM
1347

Associated revisions

Revision c0b9880f (diff)
Added by John Hixson over 5 years ago

Fix SID bug that has baffled me for days Ticket: #6723 Ticket: #6323

Revision 41a1e541 (diff)
Added by John Hixson over 5 years ago

Fix SID bug that has baffled me for days Ticket: #6723 Ticket: #6323 (cherry picked from commit c0b9880f97f32cccb6be8a730d47b038b9dcfdad)

Revision 56da2b1b (diff)
Added by John Hixson over 5 years ago

Fix SID bug that has baffled me for days Ticket: #6723 Ticket: #6323 (cherry picked from commit c0b9880f97f32cccb6be8a730d47b038b9dcfdad)

History

#1 Updated by John Hixson almost 6 years ago

  • Status changed from Unscreened to Screened

#2 Updated by John Hixson almost 6 years ago

I am unable to reproduce this. Can you provide your /usr/local/etc/smb4.conf, the output of "net groupmap list", and the output of "getfacl /path/to/directory" you are sharing?

#3 Updated by James K almost 6 years ago

I will restest with my steps to recreate to verify my steps as well as get the information you requested. Likely this will be late tonight or tomorrow. Thanks

#4 Updated by James K almost 6 years ago

  • File getfacl_mnt_vol1_files.txt added
  • File getfacl_mnt_vol1_media.txt added
  • File net_groupmap_list.txt added
  • File smb4.conf added

Verified the steps to recreate are correct.

Uploaded files:

/usr/local/etc/smb4.conf         as           smb4.conf
net groupmap list                as           net_groupmap_list.txt
getfacl /mnt/vol1/files          as           getfacl_mnt_vol1_files.txt
getfacl /mnt/vol1/media          as           getfacl_mnt_vol1_media.txt

If you would like me run another tests please let me know. Thank you

#5 Updated by James K almost 6 years ago

1347

#6 Updated by James K almost 6 years ago

  • File logs.txt added

#7 Updated by James K almost 6 years ago

Test case:

1.) User 1 copies test1 text file into UNC share
2.) User 1 edits test1 text file
3.) User 2 copies test2 text file into unc share
FAIL 4.) User 2 edits test1 text file
FAIL 5.) User 1 edits test2 text file

Since the group owner is fileserver and all the users are in the fileserver usergroup i would expect all users in that group to be be able to create, edit, delete all files. All files should be part of fileserver group. I am assuming since the Account Unknown does not resolve is the reason why users part of the fileserver group cannot edit each others files.

#8 Updated by John Hixson almost 6 years ago

ok, can you turn up cifs logging to 'debug', and repeat your steps? Once you do so, can you attach /var/log/samba4/log.smbd to this ticket please?

#9 Updated by James K almost 6 years ago

I needed to switch to another machine but this test machine i can leave in a testing state for this bug a little longer to troubleshoot. Recreated environment based on steps from above. Running into some login issues. will try and test again with clean system tomorrow.

#10 Updated by Jordan Hubbard almost 6 years ago

  • Target version set to 9.3-RELEASE

#11 Updated by James K almost 6 years ago

  • File log.zip added

Recreated on test machine using steps above and attached samba log with debug level logging set. Reran test case then saved out log file. One note first login i tried i used the wrong username/password, the remaining logins were correct. Same errors were experienced just like before. passwords used for users are mixed alpha and numeric and encryption passphrase was alpha, numeric, mixed case, and exclamation point. I will retest tomorrow was generic password for all users and passphrases to see if that has any affect.All hard drives were quick formatted fat32 before loaded in freenas. Once in freenas the drives were quick wiped. as a side note when randomly testing if i an imported a zfs non encrypted volume from the 9.2 Nas4Free build into freenas the errors don't occur. I have not tested it enough to know if it still works after a freenas reboot.

LOGFILE attached as requested from /var/log/samba4/log.smbd

Other Bugs Noticed:
1.) There are some circumstances where the drives will not wipe as noticed in the console footer but not reflected in gui. I have not taken the time to find repeatable process to recreate but has happened multiple times.

2.) Also noted after adding network interface the nameserver already saved does not show anymore under network summary. To fix go to Network->Global Configuration and click save again (no need to reenter nameserver 1, it is already there). I have noticed this in previous 9.2.1.x versions which caused much grief as I was receiving NTP errors and the ip was there in the global configuration interface but not in network summary which i didn't think at first to check. Noticed in 9.2 but also an issue in 9.3M4.

3.) Also upon first login after thumb drive is created if root password was set during thumb drive setup when creating off cd, a non end user friendly error occurs in a small textbox with all white background screen with html looking code contained inside if you enter the wrong password.

4.) More enhancement than bug but wizard interface does not allow locla users as option but only active directory, ldap, etc.

I have not checked if these bugs have been reported yet and written any bug reports up but if you have time to test it may be helpful.

If i can do anything else to help with this ticket please let me know. Thank you for looking into this, working with the community, and improving a great product!

#12 Updated by James K almost 6 years ago

retested using password as the password, ip of 192.168.1.245, and machine name fileserver.local and got the same issues. I reran the test about 6 times and a couple of times i was able the groups to resolve but when i did the login would fail the first time then second time i would not be prompted for the username and password. both times i had access to read and write my files but not read and write the second users files and vica versa.

#13 Updated by John Hixson almost 6 years ago

  • Status changed from Screened to 15

Hi Jim, somehow I missed this originally ;-) Your volume(s) are encrypted? and if using a non-encrypted volume these problems do not occur? Is that correct?

#14 Updated by James K almost 6 years ago

I upgraded the existing test machine to build 9.2.1.9 beta a223041 and then 9.3-BETA-853426f-x64 and had issues with both builds. I will retest without encryption. It has been a little while but i believe it also had the same issue with unencrypted drives.

#15 Updated by James K almost 6 years ago

I retested with a fresh install with build 9.3-BETA-82e6441-x64 and no encryption using steps from before and also listed below(with encryption and ftp portion omitted).

Steps to recreate:
Account
Groups
Add group = fileserver
Click OK

Users
Service
Add users
Username = service
Uncheck Create new primary group for user
Primary group = fileserver
Full name = service
Password
Password confirmation
Click ok
User 1
Add users
Username = user1
Uncheck Create new primary group for user
Primary group = fileserver
Full name = user1
Password
Password confirmation
Click ok
User 2
Add users
Username = user2
Uncheck Create new primary group for user
Primary group = fileserver
Full name = user2
Password
Password confirmation
Click ok
User 3
Add users
Username = user3
Uncheck Create new primary group for user
Primary group = fileserver
full name = user3
Password
Password confirmation
Click ok

System
Edit Hostname = fileserver.local
Click OK

System Information | General
Timezone = New York
Click Save

System Information | Advanced
Enable "Show console messages in the footer:"
Update MOTD Banner = add name of machine
Click Save

Network
Update IPv4 Default Gateway 192.168.1.1
Update "Nameserver 1:" to 192.168.1.1

Network | Interfaces
Click Add interface
NIC = EM0
Interface Name = mainnic
Set IPv4 Address
IPv4 Netmask: = /24 (255:255:255:0)
Click OK

Re-login with new IP address
Under network summary it states no name server found
Global Config
Click save
Click Network Summary
Verify IP is under the name server

New Install - Wipe Disks
Storage
Click Volume | View Disks
Click a Disk
Click Wipe
Select Quick
Click Yes
Repeat for each Drive

Storage
Volume Manager
Volume Name = vol1
encryption - disable
Add 4 disks
Drag 4 disks out on line one
Change to RaidZ
Click Add Volume

Storage | Volumes
Select second vol1
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = files
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = jails
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = media
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset

Storage | Volumes
Select second vol1
Click cylinder with key icon / Change Permissions
Set Owner (user): = nobody
Set Owner (group) = fileserver
Check Group Write permissions
Unix permission type
Check Set permission recursively
Click Change

Sharing | Windows (CIFS) Shares
Add Windows (CIFS) Share
path = /mnt/vol1/files
name = files
click ok
Click No to enable service
Add Windows (CIFS) Share
path = /mnt/vol1/media
name = media
click ok
Click No to enable service
Turn on CIFS services

Jails
Click Browse
path = /mnt/vol1/jails
Check IPv4 DHCP
Click Save

Plugins

Services | SSH
Click wrench next to SSH
Check Login as root with password
Click OK
Turn on SSH Service

Reboot server
Click OK

Retest:
1.) User 1 copies test1 text file into UNC share
2.) User 1 edits test1 text file
3.) User 2 copies test2 text file into unc share
FAIL 4.) User 2 edits test1 text file
FAIL 5.) User 1 edits test2 text file

Summary:Same issues as before without encryption.

#16 Updated by John Hixson almost 6 years ago

Since I am unable to reproduce this, I'd like to see this for myself. Can I schedule a webex with you so I can look around?

#17 Updated by James K almost 6 years ago

Hi John, we can do a webex if you have an account. Feel free to reach out to me (my email is located in my profile) so we can schedule a time. Thanks, Jim

#18 Updated by John Hixson almost 6 years ago

Jim K wrote:

Hi John, we can do a webex if you have an account. Feel free to reach out to me (my email is located in my profile) so we can schedule a time. Thanks, Jim

I'll see about scheduling one later today or tomorrow.

#19 Updated by John Hixson almost 6 years ago

  • Status changed from 15 to Screened

#20 Updated by John Hixson almost 6 years ago

are you available today?

#21 Updated by John Hixson almost 6 years ago

Let me know your availability this week (if at all) and I can get a webex scheduled.

#22 Updated by James K almost 6 years ago

Hi John, what is your email so we can coordinate?

#23 Updated by John Hixson almost 6 years ago

Jim K wrote:

Hi John, what is your email so we can coordinate?

#24 Updated by Jordan Hubbard almost 6 years ago

This is now a month old and we don't seem to be making forward progress - please try to make the webex happen this week or we'll have to close this as Cannot Reproduce since, well, we can't and no one else is reporting this issue.

#25 Updated by James K almost 6 years ago

Hi Jordan,

We have a webex with John scheduled for Monday afternoon to review this bug report. If i am be any more verbose or help in another way please let me know so i can help. This bug was repeated on multiple different machines using the same instructions. This bug is occurring in the current release 9.2 branch as well as 9.3. Hopefully we glean some more information on the webex session next week. Thank you for your patience and assistance.

Jim

Possible related Bug reports
5828 FreeNAS Bug [2014/08/16 15:05:22.648857, 0] ../source3/winbindd/winb...
Requester states issue is still occurring in current release build that it was believed to be fixed in.

4432 FreeNAS Bug sam_sid_to_name: possible deadlock
Requester states issue is still occurring in latest beta at time of testing (FreeNAS-9.3-BETA-853426f-x6) that it was believed to be fixed in

6192 FreeNAS Bug Account owner never resolves from account unknown on fil...
Requestor (me) states it is not fixed in latest release 9.2.1.9 and current beta at time (FreeNAS-9.3-M4-03ca325-x64) that is was believed to be fixed in.

5054 FreeNAS Bug sam_sid_to_name:possible deadlock
Unknown if this fixed the issue for requestor.

4771 may also be related.

I am not sure how to link related bug reports on this platform but the reports seem to be related. IT was originally thought the issue was "... a new samba SID was being generated on every boot and not being saved. The samba SID is not persistent across reboots, ..." as John mentioned in a previous bug report. While this may or may not have been the case that didnt resolve all the issues for bug reports. If I can help out further please let me know.

Thanks,
Jim

#26 Updated by qubit nano almost 6 years ago

When I had SID deadlocks a few months ago I had Account Unknown under the Security tab. Going the security tab caused deadlock messages to appear in /var/log/messages instantly. Before with 9.2.1.8 and earlier I fixed this by manually running net setlocalsid with the value in net groupmap list and restarting samba, but the new SID code in 9.2.1.9 and 9.3 overrides this with the value in the database. At least for me the incorrect SID was added to the database on my 9.2.1.9 upgrade. Once I manually updated the SID in the database the SID sticks and Account Unknown properly resolves to the folder's group. I posted details on this in #5828.

If you run the commands:
net getlocalsid
net groupmap list

and they do not match, then that's likely what's happening and you may want to check that ticket out. Note I haven't tried this on 9.3.

#27 Updated by John Hixson almost 6 years ago

qubit nano wrote:

When I had SID deadlocks a few months ago I had Account Unknown under the Security tab. Going the security tab caused deadlock messages to appear in /var/log/messages instantly. Before with 9.2.1.8 and earlier I fixed this by manually running net setlocalsid with the value in net groupmap list and restarting samba, but the new SID code in 9.2.1.9 and 9.3 overrides this with the value in the database. At least for me the incorrect SID was added to the database on my 9.2.1.9 upgrade. Once I manually updated the SID in the database the SID sticks and Account Unknown properly resolves to the folder's group. I posted details on this in #5828.

If you run the commands:
net getlocalsid
net groupmap list

and they do not match, then that's likely what's happening and you may want to check that ticket out. Note I haven't tried this on 9.3.

While I haven't seen this personally, if this issue is related to an incorrect SID (which it is sounding like more and more), then this is fixable. 9.2.1.9 and onward preserve the SID and keep it persistent. So it's not an issue with new installs. However, I've seen some previous installs where there are as many as 3 different SID's for groups. If this issue is just an incorrect SID, it's fixable but could require a bit of work. I've reviewed the instructions in #5258 and they are pretty much on point.

#28 Updated by John Hixson almost 6 years ago

  • Status changed from Screened to Investigation

Spent quite a bit of time on this one day in a webex. The SID was in fact incorrect. I fixed it, and the issue still persisted. On the security tab in Windows, I deleted the unknown account from the ACL, then added the fileserver one manually. This resolved the issue. Jim asked if he should install from scratch and try it again and see if the issue could be reproduced. He did so, and tells me the same problem is still occurring. What is baffling is once the SID is correct, the old SID is still trying to be looked up. I'm going to investigate this more once Jim gets back to me with his availability.

#29 Updated by John Hixson almost 6 years ago

We are going to do another webex tomorrow and get to the bottom of this.

#30 Updated by John Hixson almost 6 years ago

I attempted to reproduce this again with your instructions and I am not able to do so.

#31 Updated by Jordan Hubbard almost 6 years ago

  • Target version changed from 9.3-RELEASE to Unspecified

#32 Updated by James K almost 6 years ago

  • File 93setup.mp4 added

Video added showing setup steps (8:32 minutes in duration).

I retested with a fresh install with build 9.3-BETA-b2121de-x64 and no encryption using steps from before and also listed below(with encryption and ftp portion omitted). The beta build was from Dec 1, 2014. A quick and dirty screen capture edited to remove delays such as during progress bars has been attached.

To Prepare:
Deleted existing freenas volume and detroyed contents"
  1. Log into freenas web gui
  2. Click Storage
  3. Click top volume
  4. Click Detach Volume (Metal Cylinder with red X)
  5. Check "Mark the disks as new (destroy data)"
  6. Leave "also delete the share's configuration" checked
  7. Click Yes
  8. Click shutdown on side navigation
To Prepare the thumbdrive I plugged it into my windows machine, formatted and deleted the partition:
  1. Formatted the drive from my computer
  2. Launched the command prompt (CMD)
  3. Type "disk part", hit enter
  4. Type "list disk", hit enter
  5. Find the thumb drive and Type the number of the thumb drive, for me it was 2.
  6. Type "Select disk 2", hit enter
  7. Type "clean", hit enter
  8. Type "exit", hit enter
  9. unmount the thumb drive and remove

Boot machine with 9.3 beta cd and thumb drive
install to thumb drive making sure to wait until it says it succeeded

Steps to recreate:
Account
Groups
Add group = fileserver
Click OK

Users
Service
Add users
Username = service
Uncheck Create new primary group for user
Primary group = fileserver
Full name = service
Password
Password confirmation
Click ok
User 1
Add users
Username = user1
Uncheck Create new primary group for user
Primary group = fileserver
Full name = user1
Password
Password confirmation
Click ok
User 2
Add users
Username = user2
Uncheck Create new primary group for user
Primary group = fileserver
Full name = user2
Password
Password confirmation
Click ok
User 3
Add users
Username = user3
Uncheck Create new primary group for user
Primary group = fileserver
full name = user3
Password
Password confirmation
Click ok

System
Edit Hostname = fileserver.local
Click OK

System Information | General
Timezone = New York
Click Save

System Information | Advanced
Enable "Show console messages in the footer:"
Update MOTD Banner = add name of machine
Click Save

Network
Update IPv4 Default Gateway 192.168.1.1
Update "Nameserver 1:" to 192.168.1.1

Network | Interfaces
Click Add interface
NIC = EM0
Interface Name = mainnic
Set IPv4 Address
IPv4 Netmask: = /24 (255:255:255:0)
Click OK

Re-login with new IP address
Under network summary it states no name server found
Global Config
Click save
Click Network Summary
Verify IP is under the name server

New Install - Wipe Disks
Storage
Click Volume | View Disks
Click a Disk
Click Wipe
Select Quick
Click Yes
Repeat for each Drive

Storage
Volume Manager
Volume Name = vol1
encryption - disable
Add 4 disks
Drag 4 disks out on line one
Change to RaidZ
Click Add Volume

Storage | Volumes
Select second vol1
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = files
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = jails
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset
Click on icon to create new dataset (calendar icon with plus sign at top right)
Dataset Name: = media
Share type = Unix
Case Sensitivity = Sensitive
ZFS Deduplication: = Off
Click Add Dataset

Storage | Volumes
Select second vol1
Click cylinder with key icon / Change Permissions
Set Owner (user): = nobody
Set Owner (group) = fileserver
Check Group Write permissions
Unix permission type
Check Set permission recursively
Click Change

Sharing | Windows (CIFS) Shares
Add Windows (CIFS) Share
path = /mnt/vol1/files
name = files
click ok
Click No to enable service
Add Windows (CIFS) Share
path = /mnt/vol1/media
name = media
click ok
Click No to enable service
Turn on CIFS services

Jails
Click Browse
path = /mnt/vol1/jails
Check IPv4 DHCP
Click Save

Plugins

Services | SSH
Click wrench next to SSH
Check Login as root with password
Click OK
Turn on SSH Service

Reboot server
Click OK

#33 Updated by James K over 5 years ago

Waiting for the second webex when John is available.

#34 Updated by John Hixson over 5 years ago

Jim K wrote:

Waiting for the second webex when John is available.

Jim,

We use teamviewer now. Send me an email with your availability and I can take a look again.

#35 Updated by John Hixson over 5 years ago

John Hixson wrote:

Jim K wrote:

Waiting for the second webex when John is available.

Jim,

We use teamviewer now. Send me an email with your availability and I can take a look again.

Still waiting to here back from Jim.

#36 Updated by James K over 5 years ago

Emailed John with my availability this week and next.

#37 Updated by John Hixson over 5 years ago

Jim K wrote:

Emailed John with my availability this week and next.

Jim stated he is going to upgrade to the latest nightly and report back to me if anything has changed.

#38 Updated by James K over 5 years ago

Retried the test quickly and recreated the issue.

During initial setup the usergroup would resolve. After the reboot the usergroups would no longer resolve.
Tested with latest build FreeNAS-9.3-STABLE-201502232343 and recreated thumbdrive from ISO.

During the install there were errors when logging in, when saving on the system->Advanced tab. The nameserver did not save until the second time setting it. When creating new volumes with volume manager there were also errors.

I will retest again tomorrow as it is late and there were many issues and i want a to do a clean test but I was able to recreate the issue with the latest nightly.

#39 Updated by John Hixson over 5 years ago

Jim K wrote:

Retried the test quickly and recreated the issue.

During initial setup the usergroup would resolve. After the reboot the usergroups would no longer resolve.
Tested with latest build FreeNAS-9.3-STABLE-201502232343 and recreated thumbdrive from ISO.

During the install there were errors when logging in, when saving on the system->Advanced tab. The nameserver did not save until the second time setting it. When creating new volumes with volume manager there were also errors.

I will retest again tomorrow as it is late and there were many issues and i want a to do a clean test but I was able to recreate the issue with the latest nightly.

Thanks for the update Jim. I still think there is some weirdness here. I received your email and would like to do a teamviewer session again to see this in action.

#40 Updated by John Hixson over 5 years ago

Jim,

Any updates?

#41 Updated by John Hixson over 5 years ago

  • Status changed from Investigation to 15

#42 Updated by James K over 5 years ago

Retesting again with 201503022121 build.
Test completed mostly successful. With this latest build I did not get the same errors and the usergroups resolved within windows. I am having issues now where multiple users within the same user group cannot edit the same file.

Changes to the test this time:
-newer build
-created usb thumbdrive on different computer
-added main usergroup fileserver as auxiliary group since usergroup permissions not working correctly on dataset
-set permissions recursively on main volume above datasets to force permissions to be corrected (permissions brought down but issues still there)
-restarted cifs multiple times to test before restarting whole server.

There were much less errors this time when setting up system

I am going to destroy the current volumes and thumb drive, then restart test fully as noted in instructions. Now that the usergroup resolves, making sure multiple users all in same usergroup (fileserver) are able to access and edit the same file owned by the usergroup (fileserver)

Re running test

#43 Updated by James K over 5 years ago

Reran tests using steps in post 32 and the usergroups did not resolve, there were sam_rids to names possible deadlock errors, and multiple users were not able to edit a file which has ownership to the same usergroup all the users are in.
Only difference in tests from post 32, hostname was set to fileserver222. on my main machine i was able to resolve the hostname, but other computers were not able to and had to connect via ip. I rebooted all computers, the freenas machine, and the router. I am not sure the next steps in testing this. I will look at it again tomorrow, possibly trying to recreate in virtualbox.

#44 Updated by John Hixson over 5 years ago

Okay. Keep me posted Jim. Ultimately, I need to know the exact problem occurring. I also need to know if the problem originally cited in this ticket is resolved, or not. Any new issues need another ticket.

#45 Updated by James K over 5 years ago

Tonight i will retry the same setup using steps in post 32 to make sure i get the same results again. I dabbled with virtualbox but ran into some issues setting the network to bridge mode i don't have time to also troubleshoot. I will post the results tonight.

#46 Updated by James K over 5 years ago

I was able to recreate the issue of the usergroup not resolving by following the steps in post 32 and a local vmware vm. John i can send this to you if you like but it is 336 megs zipped. The only difference from before is i changed the hostname and i set dhcp to true when creating network interface because when i tried to manually set it i would get an error regarding default route when trying to setup jails.i will try again to recreate it on physical hardware.

#47 Updated by John Hixson over 5 years ago

Jim K wrote:

I was able to recreate the issue of the usergroup not resolving by following the steps in post 32 and a local vmware vm. John i can send this to you if you like but it is 336 megs zipped. The only difference from before is i changed the hostname and i set dhcp to true when creating network interface because when i tried to manually set it i would get an error regarding default route when trying to setup jails.i will try again to recreate it on physical hardware.

You can't send a file that large via email. If you can make it available via FTP or HTTP I can get it though. That would be great.

#48 Updated by James K over 5 years ago

Sent John link to vm. Recreated same issue again on physical machine.

#49 Updated by John Hixson over 5 years ago

  • Status changed from 15 to Investigation

I downloaded the VM. I haven't tried to use it yet, however. Possibly today, if not, definitely tomorrow or Friday.

#50 Updated by John Hixson over 5 years ago

So I have the VM, I tried to import into virtualbox with no luck. I'm not sure how to do it in vmware, but I am looking into it.

#51 Updated by James K over 5 years ago

you can just download vmware player 7 which is what i did. http://www.vmware.com/products/player

#52 Updated by John Hixson over 5 years ago

Jim K wrote:

you can just download vmware player 7 which is what i did. http://www.vmware.com/products/player

Grabbed it and will be checking this out today.

#53 Updated by John Hixson over 5 years ago

This got pushed back to today.

#54 Updated by John Hixson over 5 years ago

  • Status changed from Investigation to 15

Hi Jim,

I haven't had any success with getting your VM to work. I have an esxi server, but it has problems with it and won't start. I tried out vmware player, however, I only have windows running in VM's, and therefor, it can't run in vmware player since it's 64-bit. I can't seem to convert it to virtualbox either ;-) Can we schedule a time where I can just look at your system and/or go over the steps you are taking to reproduce this? I don't really want to sink any more time into trying to get the VM to work.

#55 Updated by John Hixson over 5 years ago

Jim emailed me saying he might be around 4 or 5pm eastern time today.

#56 Updated by James K over 5 years ago

I am setting up now if you want to remote in and take a look at the system(s).

#57 Updated by John Hixson over 5 years ago

Jim K wrote:

I am setting up now if you want to remote in and take a look at the system(s).

Hi Jim,

Something came up today and I think I missed your window. I am available now if you are.

#58 Updated by James K over 5 years ago

I am still available. You have my connection information in your email.

#59 Updated by John Hixson over 5 years ago

  • Status changed from 15 to Investigation

I spent time with Jim in a teamviewer session going over this again. He can reproduce this 100% of the time. I watched it happen. This time he installed FreeNAS in VirtualBox and will be uploading the VM so that I can troubleshoot it further here. Once it is uploaded, I will download it and report back what I find.

#60 Updated by James K over 5 years ago

VM uploaded and sent to John.

#61 Updated by John Hixson over 5 years ago

Hopefully I can get to this today or tomorrow. I have a higher priority issue that needs to be taken care of first.

#62 Updated by John Hixson over 5 years ago

Jim emailed me but did not provide a URL for the new virtualbox image ;-) I emailed him requesting the URL.

#63 Updated by James K over 5 years ago

Link was in the dropbox image/link. it looks like yahoo auto creates that preview. Link resent as plain text. sorry for any confusion.

#64 Updated by John Hixson over 5 years ago

I've got the URL now and am downloading the image. I will report what I find.

#65 Updated by John Hixson over 5 years ago

I've got the VM up and working with the issue still intact. More to come.

#66 Updated by John Hixson over 5 years ago

Higher priority issues pushed this back but I should be able to look at it again today at some point.

#67 Updated by John Hixson over 5 years ago

So from what I can tell, there is a phantom SID that seems to get set during install/bootup initially. At some point samba must be started up before it actually saves the SID. I can prove that nuking /var/db/samba4/* eliminates the issue, but that isn't a fix. I'm still looking into exactly when this happens.

#68 Updated by John Hixson over 5 years ago

I haven't had a chance to poke at this again, but will hopefully be able to do so this week.

#69 Updated by John Hixson over 5 years ago

I'm going to take a look at this again this week.

#70 Updated by John Hixson over 5 years ago

I've been sidetracked with higher priority issues. I'm still hoping to get at this this week though.

#71 Updated by John Hixson over 5 years ago

  • Status changed from Investigation to 15

John Hixson wrote:

I've been sidetracked with higher priority issues. I'm still hoping to get at this this week though.

Jim,

I'm confident I've finally found the cause of this issue. See c0b9880f97f32cccb6be8a730d47b038b9dcfdad. It won't be available until the next SU, however. I suppose we wait until then unless you're willing to try this out once more on a nightly?

#72 Updated by John Hixson over 5 years ago

  • Status changed from 15 to 19

#73 Updated by John Hixson over 5 years ago

  • Status changed from 19 to Ready For Release

#74 Updated by Jordan Hubbard over 5 years ago

  • Status changed from Ready For Release to Resolved

#75 Avatar?id=14398&size=24x24 Updated by Kris Moore about 4 years ago

  • Target version changed from Unspecified to N/A

#76 Updated by Dru Lavigne almost 3 years ago

  • File deleted (smb4.conf)

#77 Updated by Dru Lavigne almost 3 years ago

  • File deleted (93setup.mp4)

#78 Updated by Dru Lavigne almost 3 years ago

  • File deleted (log.zip)

#79 Updated by Dru Lavigne almost 3 years ago

  • File deleted (logs.txt)

#80 Updated by Dru Lavigne almost 3 years ago

  • File deleted (net_groupmap_list.txt)

#81 Updated by Dru Lavigne almost 3 years ago

  • File deleted (getfacl_mnt_vol1_files.txt)

#82 Updated by Dru Lavigne almost 3 years ago

  • File deleted (getfacl_mnt_vol1_media.txt)

Also available in: Atom PDF