"Connect using different credentials" on Windows 10 doesn't work

Mastakilla

New Member
Jul 23, 2019
23
7
3
Hi everyone,

I'm running Veeam on my Windows 10 clients to backup the OS drive to a FreeNAS dataset. To make it harder for my family to accidentally remove / damage backups, I wanted to let Veeam use a different account for accessing the backups-dataset.

However, I'm having trouble connecting to my SMB share using different credentials... Veeam can't connect to it and also when I try to map the drive myself, it doesn't work. Below is how I try to connect. This is while being logged in as my own account, 'm4st4'.
1598688893234.png



For testing purposes, I've temporarily created an local windows account called 'backup', but even then I still can't connect to the share when I'm logged as myself (m4st4). However, when I login on Windows as user 'backup', then I can map the network drive...

I've tried a lot of settings in FreeNAS. At one point I even cleared all ACLs and I've set the "default ACL options" to 'open'. But even then it doesn't work when I'm logged in as myself (m4st4). Only when I login as user 'backup' I can map the network drive.

Below some screenshots of the configuration in FreeNAS
1598688922012.png
1598688938114.png
1598688956668.png
Is this normal behaviour? Is there any advised method for doing this?

I'm also having trouble getting anything of this logged...

I've tried setting the log level of the SMB service to full and I also tried setting the auxiliary parameters to "log level = 1 auth_audit:3"
But still NOTHING appears in the samba log file (/var/log/samba4/log.smbd) when I try to login :(

Thanks!
 

sboesch

Active Member
Aug 3, 2012
403
37
28
Columbus, OH
I had to do some jackwonky stuff to get windows to mount SMB and NFS shares. I ended up changing ownership of the volumes to nobody:nogroup. chwon -R nobody:nogroup /pool/dataset as well as setting the permissions to 775. chmod -R 775 /pool/dataset.
I have found that the SMB sharing on FreeNAS to be a little counter intuitive, and I'm a Linux user. Another thing you might want to do is take a look at the SMB shares ACL by clicking the Edit Share ACL. Screenshot from 2020-09-01 21-34-30.png
 
  • Like
Reactions: Mastakilla

vangoose

Active Member
May 21, 2019
263
69
28
Canada
Hi everyone,

I'm running Veeam on my Windows 10 clients to backup the OS drive to a FreeNAS dataset. To make it harder for my family to accidentally remove / damage backups, I wanted to let Veeam use a different account for accessing the backups-dataset.

However, I'm having trouble connecting to my SMB share using different credentials... Veeam can't connect to it and also when I try to map the drive myself, it doesn't work. Below is how I try to connect. This is while being logged in as my own account, 'm4st4'.
View attachment 15540



For testing purposes, I've temporarily created an local windows account called 'backup', but even then I still can't connect to the share when I'm logged as myself (m4st4). However, when I login on Windows as user 'backup', then I can map the network drive...

I've tried a lot of settings in FreeNAS. At one point I even cleared all ACLs and I've set the "default ACL options" to 'open'. But even then it doesn't work when I'm logged in as myself (m4st4). Only when I login as user 'backup' I can map the network drive.

Below some screenshots of the configuration in FreeNAS
View attachment 15541
View attachment 15542
View attachment 15543
Is this normal behaviour? Is there any advised method for doing this?

I'm also having trouble getting anything of this logged...

I've tried setting the log level of the SMB service to full and I also tried setting the auxiliary parameters to "log level = 1 auth_audit:3"
But still NOTHING appears in the samba log file (/var/log/samba4/log.smbd) when I try to login :(

Thanks!
Do you have share open in your logged in session on your W10?
You can't use 2 different credentials to access the same smb server within the same logged in session.

FYI. I use NetBackup to backup files on FreeNAS through smb shares. I run netbackup agent services as the backup user, it then will use backup user to mount shares and backup.
 
  • Like
Reactions: Mastakilla

Mastakilla

New Member
Jul 23, 2019
23
7
3
Thanks for the responses!

In meantime I've worked around the issue, by creating an 'administrator' user named 'backup' and installing Veeam as that user. Apparently the Veeam tray icon then still appears for my other / personal user as well.

But just for the sake of finding a real solution / answer:
I just created another test-dataset, test-smbshare, test-user. Never logged into it with my desktop / personal user. Made the share to be owned by this test-user:wheel and added an ACL giving this test-user full control.
Then I tried mapping the share with different credentials and again the same problem... Can't login...

Next I chowned it to nobody:nogroup and tried to chmod it to 775, but the chmod is failing with permission denied (although I'm root). I guess something in FreeNAS is preventing me from doing this...
 

Mastakilla

New Member
Jul 23, 2019
23
7
3
I did some more testing with some more test-datasets, test-smbshares and test-users.

And... I got it working!!

I also discovered some weird shit... Not sure if this is a Windows bug or FreeNAS bug... I suspect this is also why I couldn't get it working before...

Test scenario 1

At first I created the following in FreeNAS:
* testuser (user)
* testds (smb dataset, owned by testuser:wheel)
* testshare (smb share)
* add ACL for giving testuser full control

Next I tried mapping it in Windows, logged with my personal user, using testuser.
I couldn't get it working again, so I did the following
* create Windows user "testuser" (mapping it in Windows, logged with my personal user, using testuser still didn't work)
* make this user administrator (mapping it in Windows, logged with my personal user, using testuser still didn't work)
* log in with "testuser", making it's profile (mapping it in Windows, logged with my personal user, using testuser still didn't work)
* tried to map the drive while being logged in as "testuser" still didn't work

As it didn't make sense that that last step didn't work, I started wondering what "user-error" I've done... Then I discovered that I accidently left the dataset owned by nobody:nogroup (for trying sbousch his tip) :)

So I chowned it to testuser:wheel again and suddenly I could map the drive while being logged as my personal user!!
I did need to provide the credentials twice

Test scenario 2

To figure out which steps are really required, I created the following in FreeNAS:
* testuser2 (user)
* testds2 (smb dataset, owned by testuser2:wheel)
* testshare2 (smb share)
* add ACL for giving testuser2 full control

Next I tried mapping it in Windows, logged with my personal user, using testuser2 (so without creating any Windows user called 'testuser2'!). Here is what happened

first it suggested using the credentials I've previously used for mapping the other mapped drive...
1600210010070.png
As I wanted to use a different user, I choose "More choices" and "Use a different account" and then I filled in testuser2 credentials (the screenshot was taken later, so ignore that it says tuser31)
1600210033896.png
It tries to connect for about 10 seconds
1600210053489.png
Then it AGAIN asks for credentials, but this time suggesting to use my personal MS account...
1600210087491.png
After overwriting these once more with the "testuser2" credentials, I get the below error message.
1600209834271.png
This indeed suggests the issue that vangoose was talking about, but I never ever logged in to that share yet!!

And now, here comes the weird part... When I disconnect "testshare" (which was still connected from before), then I suddenly can map "testshare2"!!! (I do still have to provide credentials twice)

Here is what happens then:

first it suggested using the credentials I've previously used for mapping the other mapped drive...
1600210161128.png
As I wanted to use a different user, I choose "More choices" and "Use a different account" and then I filled in testuser2 credentials (the screenshot was taken later, so ignore that it says tuser31)
1600210185130.png
Now it immediatly asks again for the credentials, this time NOT suggesting the my personal MS account, but the "testuser2" account that I provided in the previous screen (the screenshot was taken later, so ignore that it says tuser31)
1600210202228.png
After this the drive is successfully mapped!!

Test scenario 3

To confirm that this really happens and wasn't again some silly user-error, I re-tried all of the above with tuser3 and tuser31 (which I also used for taking the above screenshots) and exactly the same weird shit happened again... This also confirms that it is not an 8 char limit somewhere (testuser is 8 chars and testuser2 is 9 chars, but tuser3 is 7 chars and tuser31 is 8 chars)
 
Last edited:

Mastakilla

New Member
Jul 23, 2019
23
7
3
Conclusion:
  • It is possible to map a FreeNAS SMB Share in Windows 10 using "different credentials"
  • It is even possible to do this without creating this user as a Windows user
  • I don't know why and if this is also a bug, but somehow it is required to fill in your credentials twice to map the drive to Windows
  • There is some weird bug in FreeNAS11 and/or Windows10 which causes Windows10 to think that a "similarly named", but 100% different, mapped drive is the drive you're trying to map, which causes the drive mapping to fail if they use different credentials. For example:
    • Have a shared named testshare mapped with credentials for testuser and then try to map a share named testshare2 with credentials for testuser2
    • Have a shared named tshare3 mapped with credentials for tuser3 and then try to map a share named tshare31 with credentials for tuser31
 
Last edited: