chdir_current_service: vfs_ChDir(/mnt/.....) failed: Permission denied

sukarechhe · May 5, 2022

root@nas5/mnt/Pool]# getfacl originalmethod
# file: originalmethod
# owner: DOMAIN\administrator
# group: DOMAIN\domain admins
group:DOMAIN\kethy.me:rwxpDdaARWcCo-:fd-----:allow
group:DOMAIN\phototeam:rwxp-daARWc---:fd-----:allow
group:DOMAIN\photoadmin:rwxpDdaARWcCo-:fd-----:allow
group:DOMAIN\administrator:rwxpDdaARWcCo-:fd-----:allow
group:DOMAIN\domain admins:rwxpDdaARWcCo-:fd-----:allow
everyone@:--------------:fd-----:allow

anodos · May 5, 2022

sukarechhe said:
root@nas5/mnt/Pool]# getfacl originalmethod
# file: originalmethod
# owner: DOMAIN\administrator
# group: DOMAIN\domain admins
group:DOMAIN\kethy.me:rwxpDdaARWcCo-:fd-----:allow
group:DOMAIN\phototeam:rwxp-daARWc---:fd-----:allow
group:DOMAIN\photoadmin:rwxpDdaARWcCo-:fd-----:allow
group:DOMAIN\administrator:rwxpDdaARWcCo-:fd-----:allow
group:DOMAIN\domain admins:rwxpDdaARWcCo-:fd-----:allow
everyone@:--------------:fd-----:allow

Well, there's your problem. your computer accounts can't traverse that path.

sukarechhe · May 5, 2022

anodos said:
Well, there's your problem. your computer accounts can't traverse that path.

Any suggestion please ? I didn't get what exactly it mean

anodos · May 5, 2022

Sorry. misread what you posted. As I mentioned earlier, I need to see output of following command:

getfacl /mnt/Pool

anodos · May 5, 2022

Regarding this path: root@nas5/mnt/Pool]# getfacl originalmethod
Your logs indicate that an AD computer account is being used to try to access a path. If permissions are like this, it's SMB2/3 tree connect will succeed (this succeeds if creds are good, but FS permissions are not evaluated at that time), but any subsequent FS access attempts based on that tree connect will fail with permissions error (because the AD computer account lacks permissions). This is how the SMB protocol works on all SMB servers.

sukarechhe · May 5, 2022

ok, sorry posting off topic question here.

I have configure full_audit after upgrading version to TrueNAS-12.0-U8.1 and auxiliary parameter are as below :

vfs objects = full_audit
full_audit:prefix = USER=%u|IP=%I|%m|SHARE=%S|%P
full_audit:failure = connect
full_audit:success = unlinkat linkat mkdirat connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath renameat file
full_audit:facility = LOCAL5
full_audit:priority = NOTICE

But when I see if any file or folder gets delete, then I can't see unlinkat log of any domain user. though, the same I have checked with local samba user and works fine.

Important Announcement for the TrueNAS Community.

chdir_current_service: vfs_ChDir(/mnt/.....) failed: Permission denied

sukarechhe

Dabbler

anodos

Sambassador

sukarechhe

Dabbler

anodos

Sambassador

anodos

Sambassador

sukarechhe

Dabbler

Similar threads

Important Announcement for the TrueNAS Community.

chdir_current_service: vfs_ChDir(/mnt/.....) failed: Permission denied

sukarechhe

Dabbler

anodos

Sambassador

sukarechhe

Dabbler

anodos

Sambassador

anodos

Sambassador

sukarechhe

Dabbler

Important Announcement for the TrueNAS Community.

Related topics on forums.truenas.com for thread: "chdir_current_service: vfs_ChDir(/mnt/.....) failed: Permission denied"

Similar threads