grinder.madman
Cadet
- Joined
- May 1, 2022
- Messages
- 2
24 hours ago my TrueNAS-12.0-U8.1 SMB shares were working perfectly by after making some changes to permissions the shares no longer work. I've spent 24h trying to get it back to a working state a including replicating the earlier settings but nothing is working.
Have Tried the following:
rebuiling the users/groups/shares from scratch.
multiple windows 10 clients, and using various users.
As best I can tell, my ACLs, users and groups seem OK. But I get access denied on
2 of 3 shares . The 2 that fail are in a subfolder off the main dataset
Followed many forum post solutions
I can login into the truenas server, but see the follow error in the log.smbd
and auth_audit.log
Any help greatly appreciated,
testparm output below:
smbstatus
Have Tried the following:
rebuiling the users/groups/shares from scratch.
multiple windows 10 clients, and using various users.
As best I can tell, my ACLs, users and groups seem OK. But I get access denied on
2 of 3 shares . The 2 that fail are in a subfolder off the main dataset
Followed many forum post solutions
I can login into the truenas server, but see the follow error in the log.smbd
Code:
[2022/05/02 01:37:17.249770, 0] ../../source3/smbd/service.c:169(chdir_current_service) chdir_current_service: vfs_ChDir(/mnt/mainstor/transfer/store4) failed: Permission denied. Current token: uid=1001, gid=1002, 6 groups: 545 1001 1002 90000040 90000041 90000043
and auth_audit.log
Code:
{"timestamp": "2022-05-02T01:37:12.780751+1200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.0.101:445", "remoteAddress": "ipv4:192.168.0.57:64075", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "UE4-SERVE", "clientAccount": "glen", "workstation": "UE4-SERVE", "becameAccount": "glen", "becameDomain": "TRUENAS", "becameSid": null, "mappedAccount": "Matt", "mappedDomain": ".", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 1757}}
Any help greatly appreciated,
testparm output below:
Code:
# Global parameters [global] aio max threads = 2 bind interfaces only = Yes disable spoolss = Yes dns proxy = No enable web service discovery = Yes kernel change notify = No load printers = No logging = file max log size = 5120 nsupdate command = /usr/local/bin/samba-nsupdate -g registry shares = Yes restrict anonymous = 2 server role = standalone server server string = TrueNAS Server unix extensions = No idmap config *: range = 90000001-100000000 fruit:nfs_aces = No idmap config * : backend = tdb directory name cache size = 0 dos filemode = Yes [store4] access based share enum = Yes ea support = No kernel share modes = No mangled names = no path = /mnt/mainstor/transfer/store4 posix locking = No read only = No vfs objects = catia fruit streams_xattr shadow_copy_zfs noacl recycle crossrename aio_fbsd recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U fruit:resource = stream fruit:metadata = stream fruit:encoding = native nfs4:chown = true [store1] access based share enum = Yes ea support = No kernel share modes = No mangled names = no path = /mnt/mainstor/transfer/store1 posix locking = No read only = No vfs objects = catia fruit streams_xattr ixnas recycle crossrename aio_fbsd recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U fruit:resource = stream fruit:metadata = stream fruit:encoding = native nfs4:chown = true [tester1] ea support = No kernel share modes = No mangled names = no path = /mnt/mainstor/tester1 posix locking = No read only = No vfs objects = catia fruit streams_xattr shadow_copy_zfs noacl recycle crossrename aio_fbsd recycle:subdir_mode = 0700 recycle:directory_mode = 0777 recycle:touch = yes recycle:versions = yes recycle:keeptree = yes recycle:repository = .recycle/%U fruit:resource = stream fruit:metadata = stream fruit:encoding = native nfs4:chown = true
smbstatus
Code:
Samba version 4.13.17 PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 2773 glen glen 192.168.0.57 (ipv4:192.168.0.57:64075) SMB3_11 - partial(AES-128-CMAC) 2757 matt matt 192.168.0.50 (ipv4:192.168.0.50:61686) SMB3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- store4 2757 192.168.0.50 Mon May 2 01:36:23 2022 NZST - - store1 2757 192.168.0.50 Mon May 2 01:36:27 2022 NZST - - IPC$ 2757 192.168.0.50 Mon May 2 01:36:21 2022 NZST - - IPC$ 2773 192.168.0.57 Mon May 2 01:37:13 2022 NZST - - tester1 2757 192.168.0.50 Mon May 2 01:38:30 2022 NZST - - store4 2773 192.168.0.57 Mon May 2 01:37:15 2022 NZST - - Locked files: Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 2757 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/mainstor/tester1 . Mon May 2 01:38:30 2022 2757 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/mainstor/tester1 . Mon May 2 01:38:30 2022