Lost access to our CIFS Server with Lion

Here's a procedure which knocks the Finder around fixing it's little permissions misconception about smb/cifs shares on a server running the ZFS filesystem paired with the Solaris kernel-mode CIFS server (Nexenta, OpenSolaris, OpenIndiana, Solaris 11, etc). It assumes permissions are correct (you can access everything via terminal) and just Finder is acting dumb.

1) Mount your share (e.g. Apple+K smb://zedefes/sharename)

2) From a terminal run: "open /Volumes/sharename" Close the Finder window that appears.

3) Pretend you have network connectivity problems: turn WiFi off, unplug, ethernet cable, switch IPv4 from DHCP to 'Off', etc.

4) Repeat step 2. Wait 5-6seconds for an empty Finder window appears. Close that window.

5) Remove simulated network connectivity problems (undo Step 3)

6) Open share in Finder.

This share will work perfectly in Finder from now on, persisting across sleep or network disconnects, but the workaround needs to be repplied after reboot.

For the record, I've tested this workaround on multiple 10.7 Lion macs connecting to Nexenta Community Platform and Sun Open Storage 7000 series servers. It's a pain, but only after you reboot and need to reconnect.

Interesingly enough, I needn't disconnect from the network. If I mount the root level of the NAS and use the Terminal to open directories, they all open ...despite having no access icons.

STRANGE.

Thus I wonder if Apple could fix this rather than I have to throw out a fairly pricey piece of equipment.

Hi gpinnyc and notpeter. I suggest that both of you submit an official bug report to Apple regarding the issues you have found with disk sharing.

Nexenta has issued a patch (at least for their paid support users) that fixes this issue on the Nexenta server.

We got it installed last night and we can connect without an issue now in Finder. Dunno if it's available for the open source product yet or at all.

Jason,

you mention that you got AFP working by tweaking the permissions in the Volumes file. Can you share that information in more detail please? Mine is working as well however I can only create and read files but fail to delete them. Not sure whether this is a problem with ZFS, netatalk, Lion or my setup. But I already ruled out the usual permission problems.

The files get created as the correct user and on the Solaris box itself that user can delete the files but if he is logged in from OS X via AFP. Cifs is working though (with the workarounds).

Kind regards, JP

That's surely something I would do if I was running Nexenta especially since the availability of that fix is mentioned here and in their support forums. I am however stuck with OpenIndiana for the time being. :-)

This is a general "Lion vs. Solaris ZFS" issue which Apple needs to resolve. Very annoying bug. Whish it will be solved whith 10.7.3 but many people hoped for 10.7.2 :-(

JP,

The AppleVolumes.default I believe is in /etc/netatalk/. Look towards the bottom and set the default line to...

:DEFAULT: options:acl,upriv perm:0777,usedots

Basically this is specifying that AFP should write files with a permissions mask of 0777 (which will allow other users to edit/delete files).

All of your files and shares should be set with 0777 (chmod them) if you want to use AFP, because you're going to be setting your complex permissions through AFP ACLs. AFP is a stubborn goat that will refuse to work unless everything is set 777 underneath it (I am not sure why).

- Jason

Hi Jason,

thanks. I changed it to 0777 for the Share in question (was 0770). No change in behaviour I am afraid.

/data/nas/media "MEDIA" allow:jpk,@staff cnidscheme:dbd options:usedots,invisibledots,upriv perm:0777

Does not work. I can create and delete directories, create/read files but not delete directories.

Netatalk 2.2.0

Will try netatalk 2.2.1 tomorrow. What version are you running?

Kind regards,

JP

JP,

I'm running the latest 2.2.1. I think I saw a bulletin about that problem and Lion AFP under 2.2.0. I'm 90% sure that's your problem (didn't know what version you were running before).

Let me know what happens when you upgrade.

- Jason

Hi,

just downloaded, compiled and installed 2.2.1. Unfortunately no change. Can you point me to the bulletin post? Maybe I can find a clue there.

And thanks so much for your help.

Kind regards,

JP

Jason,

thanks to another helpful soul who encountered this before I was able to solve the mystery. The problem is nbmand=on property on the ZFS dataset. This is mainly used if you share the dataset via CIFS and AFP/NFS etc. This however seems to be the root cause of the problem. Once I set this to "no", unmounted/mounted again all works as expected.

Kind regards,

JP

The Lion SMB-Bug reason is described and fixed for ZFS/Illumos here

https://www.illumos.org/issues/1718

It is not a problem with NexentaStor or Solaris 11.

Hope we see the fix soon in OpenIndiana

_gea,

Glad to see you on this discussion! I noticed that you said that it isn't a problem with NexentaStor or Solaris 11, but I have the same SMB/CIFS problems with Solaris 11 that I saw in S11 Express. I have been having to use AFP to mitigate this, but would absolutely love to be able to use SMB purely (as AFP makes a big mess of hidden and not so hidden files throughout the directory structure).

If you have any pointers on where I might be hitting a snag, please let me know. Basically, did a fresh install of Solaris 11 and immediately put napp-it 0.6i on it. Folders are set 777, I've got my SMB groups and users set up (and users added to those groups). As I mentioned, SMB is giving me the exact same permissions issue in Finder (Mac OS X Lion) that Solaris 11 Express gave me. Windows 7 works just fine.

-- Jason

Ok, that's weird...

Not sure what I did different, but CIFS now appears to work just fine under Lion/S11, with the sole exception of the performance being terrible.

Getting ~45MB/s to 60MB/s reads and writes from a 3-disk triple mirror zpool (WD30EZRX). Using AFP, can get 117MB/s writes (but strangely only around 91MB/s reads). Under Solaris 11 Express, could completely saturate gigabit network link on almost any reads (and by all rights, with a 3-disk mirror I would expect that).

Don't want to sideline this thread with that though. Just want to put it out there that CIFS between Lion/S11 does indeed work.

-- Jason