jamesflint
Cadet
- Joined
- Feb 13, 2022
- Messages
- 1
TrueNAS Core 12.08U (And 12.06U during one of my many fresh reinstalls over the past 24 hours only stopping to sleep.)
Running on an old gaming PC, if you need me to get the specs I can. Gaming hardware i5. 12GB of ram. Basic and temporary.
I'm going to go be VERY specific about all the steps I have taken, sorry if it is a lot. This is also my first time running any sort of NAS.
My Goal: I have a proxmox server with enterprise hardware that I run all of my services on. It is a small 1U short server, so a NAS is a must. My goal is to set up a Z1 of 4 14TB red labels. I'm doing this for a few months in my old proxmox system that was a gaming PC until I can migrate it to enterprise hardware. I would like to set up various SMB shares for various users/groups in TrueNAS so that each container/VM I have is sort of sectioned off from the rest of my storage. For the rest of this explination, I will explain using my setup for my Plex container which is the share "Movies". This share will also need to be accessed by another container that have various services for sorting and metadata pulling. (aka the *arr's.) On top, I SOMETIMES use infuse on my AppleTV which would need access to this as well. I manage things from my current gaming PC running windows 10 home, so that as well.
The Problem: Movies cannot be accessed by anyone outside of the wheel group. I have set all of my ACL's to what I believe is correct, and it always comes up with permissions denied.
For reference: I am using two users for testing. One is "jflint" who is a part of the groups: "wheel", "jflint", and "MediaMGMT". The second is "jsilver", who is a part of the groups: "jsilver", and "MediaMGMT". I am not using root to attempt to login, just wheel group on jflint. Everywhere I have asked, people seem to just assume that is what is going on without reading it. It's been making me quadruple question if I am or not, so confirmation would be nice, but I assume they are asking if I'm logging into the share the same way I log into the webUI. I only log in using one of the two accounts previously mentioned. jflint, and jsilver. jflint is going to be used to connect to NAS on my personal PC's for management sakes only. jsilver is what want to use for plex service mount.
Steps Taken: I have done these all hundreds of times over. Starting from the absolute beginning. TrueNAS OS is being ran on a NVME. I install it. I only have space for 4 hard drives (2.5 & 3.5) and an NVME. I install it as a clean install, and format the drive every time I reinstall it. So everything is always erased in the process of install. I select to install swap on the boot drive rather than not install it, I have chosen to not install a few times. I won't lie, I still don't 100% understand this step. After it is successfully installed, I reboot, removing the boot USB. It then boots and is always assigned to 192.168.1.19. I load into the webUI. Usually the first thing I do is change the global config hostname in Network. I then change a static IP address I chose. I haven't done these steps every time. Sometimes I have left them all default. Note: the following steps have been done multiple times in various orders, this is just an example: I then add my pool of the 4 14TB's to Z1. Ends up being about 38TB total. I create the user jflint, and leave the option to have a primary group made for him. I then do the same for jsilver. Making sure to enable SMB Authentication and Microsoft Account for both. I then create the group "MediaMGMT" and make sure it has SMB authentication enabled. From there I add jflint to the groups "wheel", and MediaMGMT". Then jsilver to "MediaMGMT".
I then create my datasets, First I create "Media", this isn't shared. (On some retries, and originally I just attached movies directly to my pool.) Then I create "Movies". Leaving all options the same:
I haven't changed advanced options at all.
That's when I adjust my ACL. (More on this below as I assume that's where something is wrong and I spent the most time there). I then create my network share under Windows Shares (SMB). Make sure the path goes to Movies. {I have changed purpose a few times to NFSv3/SMB) but mostly I just do Default. It's marked as Enabled.
At first I was doing custom. More recent attempts I have switched to a preset. I normally use restricted changing the group@ to "Full Control". I have tried just about everything here. Owner: root. Group: wheel. Owner: jflint. Group: MediaMGMT. and every option in between. I have added full control ACL item for the Group "MediaMGMT" when the group owner was "wheel". I have tried adding User ACL item for jsilver. I have played with advanced flags. (99% of the time they're just basic and "inherit". I have played with advanced permissions over and over again. Deleting the dataset. Creating a new. Deleting users and groups creating new. Renaming them 100 times incase some naming messed something up. Nothing will allow me to access "Movies" from jsilver.
I switched to 12.06U a few re-installs as I had it downloaded from a few months back when I started researching NAS. The first time I did it, it worked flawlessly first time. I set it up on ubuntu server as a cifs mount, and it was golden. UNTIL I added a second dataset and share "Television" under "Media". Then "Movies" was offline and inaccessible even for jflint. I restarted my NAS, deleted the share and dataset "Television" and rechecked nothing changed in permissions for "Movies" and nothing worked to get it back. I had to delete it. Haven't gotten it to work since.
I have tried it from 3 different PCs. My gaming PC. My macbook running windows bootcamp, over wifi, and my ubuntu server container. As another note: my ubuntu server container is running privileged and has SMB enabled. It worked there once. So that's not a part of this issue.
I will attach some screenshots I have taken. Please take note that some of the names have changed, but flint is jflint and silver is jsilver. (I think the only difference here is flint.)
Hopefully the information here is sufficient. I tried searching in the logs, don't know what to look for or which file to even start with. If you require any additional info from logs, you may have to walk me through getting it. Thanks to anyone who attempts to help me. It is desperately appreciated and needed.
Running on an old gaming PC, if you need me to get the specs I can. Gaming hardware i5. 12GB of ram. Basic and temporary.
I'm going to go be VERY specific about all the steps I have taken, sorry if it is a lot. This is also my first time running any sort of NAS.
My Goal: I have a proxmox server with enterprise hardware that I run all of my services on. It is a small 1U short server, so a NAS is a must. My goal is to set up a Z1 of 4 14TB red labels. I'm doing this for a few months in my old proxmox system that was a gaming PC until I can migrate it to enterprise hardware. I would like to set up various SMB shares for various users/groups in TrueNAS so that each container/VM I have is sort of sectioned off from the rest of my storage. For the rest of this explination, I will explain using my setup for my Plex container which is the share "Movies". This share will also need to be accessed by another container that have various services for sorting and metadata pulling. (aka the *arr's.) On top, I SOMETIMES use infuse on my AppleTV which would need access to this as well. I manage things from my current gaming PC running windows 10 home, so that as well.
The Problem: Movies cannot be accessed by anyone outside of the wheel group. I have set all of my ACL's to what I believe is correct, and it always comes up with permissions denied.
For reference: I am using two users for testing. One is "jflint" who is a part of the groups: "wheel", "jflint", and "MediaMGMT". The second is "jsilver", who is a part of the groups: "jsilver", and "MediaMGMT". I am not using root to attempt to login, just wheel group on jflint. Everywhere I have asked, people seem to just assume that is what is going on without reading it. It's been making me quadruple question if I am or not, so confirmation would be nice, but I assume they are asking if I'm logging into the share the same way I log into the webUI. I only log in using one of the two accounts previously mentioned. jflint, and jsilver. jflint is going to be used to connect to NAS on my personal PC's for management sakes only. jsilver is what want to use for plex service mount.
Steps Taken: I have done these all hundreds of times over. Starting from the absolute beginning. TrueNAS OS is being ran on a NVME. I install it. I only have space for 4 hard drives (2.5 & 3.5) and an NVME. I install it as a clean install, and format the drive every time I reinstall it. So everything is always erased in the process of install. I select to install swap on the boot drive rather than not install it, I have chosen to not install a few times. I won't lie, I still don't 100% understand this step. After it is successfully installed, I reboot, removing the boot USB. It then boots and is always assigned to 192.168.1.19. I load into the webUI. Usually the first thing I do is change the global config hostname in Network. I then change a static IP address I chose. I haven't done these steps every time. Sometimes I have left them all default. Note: the following steps have been done multiple times in various orders, this is just an example: I then add my pool of the 4 14TB's to Z1. Ends up being about 38TB total. I create the user jflint, and leave the option to have a primary group made for him. I then do the same for jsilver. Making sure to enable SMB Authentication and Microsoft Account for both. I then create the group "MediaMGMT" and make sure it has SMB authentication enabled. From there I add jflint to the groups "wheel", and MediaMGMT". Then jsilver to "MediaMGMT".
I then create my datasets, First I create "Media", this isn't shared. (On some retries, and originally I just attached movies directly to my pool.) Then I create "Movies". Leaving all options the same:
Sync - Inherit (standard) ||| Compression level - Inherit (lz4) ||| Enable Atime - Inherit (on) ||| Enable - Inherit (non-encrypted) ||| ZFS Deduplication - Inherit (off) ||| Case Sensitivity - Sensitive ||| Share Type - Generic. (Note: this has been changed to SMB Once.)
That's when I adjust my ACL. (More on this below as I assume that's where something is wrong and I spent the most time there). I then create my network share under Windows Shares (SMB). Make sure the path goes to Movies. {I have changed purpose a few times to NFSv3/SMB) but mostly I just do Default. It's marked as Enabled.
At first I was doing custom. More recent attempts I have switched to a preset. I normally use restricted changing the group@ to "Full Control". I have tried just about everything here. Owner: root. Group: wheel. Owner: jflint. Group: MediaMGMT. and every option in between. I have added full control ACL item for the Group "MediaMGMT" when the group owner was "wheel". I have tried adding User ACL item for jsilver. I have played with advanced flags. (99% of the time they're just basic and "inherit". I have played with advanced permissions over and over again. Deleting the dataset. Creating a new. Deleting users and groups creating new. Renaming them 100 times incase some naming messed something up. Nothing will allow me to access "Movies" from jsilver.
I switched to 12.06U a few re-installs as I had it downloaded from a few months back when I started researching NAS. The first time I did it, it worked flawlessly first time. I set it up on ubuntu server as a cifs mount, and it was golden. UNTIL I added a second dataset and share "Television" under "Media". Then "Movies" was offline and inaccessible even for jflint. I restarted my NAS, deleted the share and dataset "Television" and rechecked nothing changed in permissions for "Movies" and nothing worked to get it back. I had to delete it. Haven't gotten it to work since.
I have tried it from 3 different PCs. My gaming PC. My macbook running windows bootcamp, over wifi, and my ubuntu server container. As another note: my ubuntu server container is running privileged and has SMB enabled. It worked there once. So that's not a part of this issue.
I will attach some screenshots I have taken. Please take note that some of the names have changed, but flint is jflint and silver is jsilver. (I think the only difference here is flint.)
Hopefully the information here is sufficient. I tried searching in the logs, don't know what to look for or which file to even start with. If you require any additional info from logs, you may have to walk me through getting it. Thanks to anyone who attempts to help me. It is desperately appreciated and needed.
