Group ACL Permissions not showing in SMB Shares

Dreded

Explorer
Joined
Nov 12, 2013
Messages
65
We dont have a Domain controller, All Users/Groups are entered in freenas and Username/pass match the windows username/pass.
We are using windows 10 this is Now FreeNas 11.3-U5 same issue existed on 11.2-U2.1

So below I have a screenshot of Freenas Permissions and Windows Security Screen, None of the permissions I set for groups show up in windows, the permissions work until someone adds a file and that file gets the permissions windows sees plus the User that added it gets ownership so nobody else can access it(there is another group named WSSStaff)

So essentially if I reset permissions everything works but if someone adds a file or folder only they can access it as they are set as owner. As you can see it works for Linux Users just fine just not groups(except the primary group)

Not even I as a member of wheel and WSSItAdmin can change permissions but I can access it.(all other permissions are set to restricted so @owner has full and @group has modify)

2021-01-26 12_31_55-FreeNAS - helios.office.weathersolve.com.png
 
Last edited:

Dreded

Explorer
Joined
Nov 12, 2013
Messages
65
here they are...
files.png


Here is one more from windows showing two files from the folder of that getfacl command... one was just added by Krista the other was there when I reset all the ACLs
2021-01-27 09_28_32-Advanced Security Settings for 1. January 27, 2021.xlsx.png


Worth noting that this share has worked fine for years until 2 days ago, No changes where made by myself(the only IT person)
 
Last edited:

Dreded

Explorer
Joined
Nov 12, 2013
Messages
65
What's the output of testparm -s?
Code:
[global]
        aio max threads = 2
        allow insecure wide links = Yes
        bind interfaces only = Yes
        disable spoolss = Yes
        dns proxy = No
        enable web service discovery = Yes
        kernel change notify = No
        load printers = No
        logging = file
        map to guest = Bad User
        max log size = 51200
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        obey pam restrictions = Yes
        private dir = /var/db/samba4/private
        server min protocol = NT1
        server role = standalone server
        server string = Office FreeNAS Server
        username map = /usr/local/etc/smbusername.map
        username map cache time = 60
        idmap config *: range = 90000001-100000000
        idmap config * : backend = tdb
        allocation roundup size = 0
        delete veto files = Yes
        directory name cache size = 0
        dos filemode = Yes
        hide files = /~*/
        include = /usr/local/etc/smb4_share.conf
        veto files = /Thumbs.db/Temporary Items/.DS_Store/.AppleDB/.TemporaryItems/.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/.Spotlight/.Trashes/.fseventd/
        wide links = Yes


[Backup]
        aio write size = 0
        ea support = No
        mangled names = illegal
        path = /mnt/Basin/Backup
        read only = No
        vfs objects = streams_xattr zfs_space zfsacl
        nfs4:acedup = merge
        nfs4:chown = true


[Camera]
        aio write size = 0
        ea support = No
        level2 oplocks = No
        mangled names = illegal
        oplocks = No
        path = /mnt/Basin/Camera
        read only = No
        strict locking = Yes
        vfs objects = streams_xattr zfs_space zfsacl
        nfs4:acedup = merge
        nfs4:chown = true


[Corporate]
        aio write size = 0
        ea support = No
        mangled names = illegal
        path = /mnt/Basin/Storage/Corporate
        read only = No
        vfs objects = streams_xattr shadow_copy_zfs zfs_space zfsacl
        nfs4:acedup = merge
        nfs4:chown = true


[ITStuff]
        aio write size = 0
        ea support = No
        guest ok = Yes
        mangled names = illegal
        path = /mnt/Basin/ITStuff
        read only = No
        vfs objects = streams_xattr zfs_space zfsacl
        nfs4:acedup = merge
        nfs4:chown = true


[Main]
        aio write size = 0
        ea support = No
        mangled names = illegal
        path = /mnt/Basin/Storage/Main
        read only = No
        vfs objects = streams_xattr shadow_copy_zfs zfs_space zfsacl
        nfs4:acedup = merge
        nfs4:chown = true


[homes]
        aio write size = 0
        ea support = No
        mangled names = illegal
        path = /mnt/Basin/ZHome/%U
        read only = No
        vfs objects = streams_xattr zfs_space zfsacl
        nfs4:acedup = merge
        nfs4:chown = true


[ZHomes]
        aio write size = 0
        ea support = No
        mangled names = illegal
        path = /mnt/Basin/ZHome
        read only = No
        vfs objects = streams_xattr ixnas
        nfs4:acedup = merge
        nfs4:chown = true


[appdata]
        aio write size = 0
        ea support = No
        level2 oplocks = No
        mangled names = illegal
        oplocks = No
 

Dreded

Explorer
Joined
Nov 12, 2013
Messages
65
in case anyone ever runs into this again...

upgrading to TrueNAS-12.0-U2 seems to have fixed the issue

also thanks very much to anodos for the assistance.
 
Top