ALLOWED is enough. Just make sure to remove the default "everyone" entry.
@anodos
I recently changed the server hostname from FREENAS to TRUENAS and fixed the credentials in windows/android devices
However, the Access Based Share Enumeration is now broken.
The problem is that the TrueNAS server did not populate the SIDs with the new hostname domain.
Below is a screenshot from permissions/owner in Windows 10 Enterprise:
As you can see, the Owner is still showing FREENAS while the dataset name properly shows TRUENAS
I applied in TrueNAS the owner/group from GUI on that dataset, but it still doesn't fix it
Also, the command "net usersidlist" still lists users and SIDs under the old hostname FREENAS:
Code:
root@truenas:~ # net usersidlist
FREENAS\user
S-1-5-xxxxxxxxxxxxxxxxxx
S-xxxx
S-xxxx
S-xxxx
Also, the command "net groupmap list" now only shows the built in users and can no longer list the other existing groups I defined !
If I try to add the new SIDs in the GUI, TrueNAS won't accept the domains Truenas or Freenas saying it cannot find them
After more searching, I found that under "Services / SMB / NetBios Name", the old hostname was still there. I manually edited it, restarted the SMB service and now, on windows, the above picture is fixed and the Owner is properly showed under "TRUENAS" domain.
In TrueNAS, I can now apply the
user Share ACL specifying a domain/username. However, I still cannot apply the
group Share ACL rules for Access Based Enumeration. The groups also no longer show in Windows permissions manager, only the users
I also tried your tip in a previous post:
Code:
mv /var/db/system/samba4/group_mapping.tdb /var/db/system/samba4/group_mapping.tdb.bak
midclt call smb.synchronize_group_mappings
49
It outputs 49. I restarted the SMB service, but still I cannot apply the group SIDs in the GUI under Share ACL. I get the same error as previously:
Code:
CallError
[EFAULT] SID lookup for TRUENAS\smb_admin failed: failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name TRUENAS\smb_admin
Error: Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 138, in call_method
result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self,
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1213, in _call
return await methodobj(*prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/service.py", line 495, in update
rv = await self.middleware._call(
File "/usr/local/lib/python3.9/site-packages/middlewared/main.py", line 1213, in _call
return await methodobj(*prepared_call.args)
File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 975, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/sharesec.py", line 379, in do_update
await self.setacl({"share_name": old_acl["share_name"], "share_acl": data["share_acl"]})
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/sharesec.py", line 201, in setacl
ae_list.append(await self._ae_to_string(entry))
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/smb_/sharesec.py", line 162, in _ae_to_string
raise CallError(f'SID lookup for {name} failed: {wbinfo.stderr.decode()}')
middlewared.service_exception.CallError: [EFAULT] SID lookup for TRUENAS\smb_admin failed: failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name TRUENAS\smb_admin
Anyway to fix this issue ? I can no longer get the groups showing under windows as a side issue which makes any fix impossible. I even tried applying again teh permissions and owner/group from TrueNAS without any effect on above issues
Thank you for your help