Access to SMB shares denied after update to FreeNAS 11.3

Solution 1:

Try reseting the password of the account you're accessing SMB with.

ntlm authentication (used by the SMB protocol in the absence of kerberos for auth), requires the server to keep an NT hash of the user's password. When a local user is added through the GUI, an NT hash of the user's password is stored in the user's entry in the freenas config file. This is then used to generate Samba's passdb.tdb file.

Prior to 11.3 FreeNAS was not very careful about making sure the configuration database and the passdb.tdb file were synchronized. This made it possible for users to try to authenticate as root over SMB, fail, use the googles, and then run "pdbedit -a root"

Doing things in this order resulted in the sqlite database not having an NT hash in it, but since 11.2 and earlier weren't validating the contents of the file things kept working.

Now fast-forward to 11.3. Starting in this version it synchronizes passbd.tdb and group_mapping.tdb on system dataset import. This means that the manually-added root account is removed from passdb.tdb. Resetting the password through the GUI causes an NT hash to be generated and stored. Root can continue to be used as your SMB account if this is your practice for the rest of the 11.3 life-cycle.

12.0 introduces a distinction between SMB users and non-SMB users (a checkbox). Only SMB users will be added to the passdb. builtin users (including root) are not permitted to be SMB users. For this reason, while you are in the 11.3 life-cycle for your FreeNAS server, it may be a good idea to transition to using a regular user account rather than root (to avoid potential issues / frustration when upgrading).

Solution 2:

Try restarting the smb service. On boot mine doesn't work as well since the update, but when restarting the smb, it works. Seems like a bug during boot up.