New to TrueNAS SCALE

[Nodrog]

I am new to TrueNAS SCALE but have used FreeNAS in the past.
I have installed 12.04 and I am trying to configure it.
I have 2 existing Samba-AD servers, and my aim is to have the SMB shares, authenticated against the AD.
Therein lies my problem, I can set Credentials to the AD, enable Kerberos, enable SMB, etc.
But when I create a SMB share, it looks and acts like is only has the Linux Permissions, and does not show any ACL's
EG:-
truenas# ls -al /mnt/my_test_pool
total 2
drwxr-xr-x 3 root root 3 May 6 13:05 .
drwxr-xr-x 3 root root 3 May 6 13:02 ..
drwxr-xr-x 2 root root 2 May 6 13:05 windows

And checking from a Windows Box, it only shows the Linux Permissions.
Therefore my question is :-
What is the exact procedure that I have to follow to achieve my aims.

 

[morganL]

Please read the release notes... https://www.truenas.com/docs/releasenotes/scale/21.04-alpha.1/

There is a line that NFSv4 ACLS will be in nightlies soon. It may not be clear, but that refers to SMB ACLs as well.

The ticket to track is: https://jira.ixsystems.com/browse/NAS-103664

 

[Nodrog]

MorganL, Thank you for your reply.

I have read the Release Notes, and saw that SMB & NFS Shares, AD/LDAP Directory Services were listed under Verified (with the possibility of minor bugs), also noted the NFSv4 ACL under Experimental, not realising that SMB ACL's were part of that, now it has been pointed out, I see the relationship, the NFS ACL are required for the SMB one to work.

Therefore I need to watch the Nightly, and download & install the ones that have these updates in.

 

[Nodrog]

MorganL, a bit of background info.

The reason that I am trying SCALE is:-
I am currently using FreeNAS 9, and wanted to ungrade to the latest, with new hardware. (O/S not upgraded for carious reasons).
Initially I attempted to install FreeNAS 11.3_u5 on my new system, the installer failed with a system reboot during the hardware renumueration.
I then tried TrueNAS Core, with the same result, although I could install FreeBSD 11.3 & 12.0

I did initiate a post asking for help on this problem, but did not receive any responses.
I may have posted to the wrong group:- https://www.truenas.com/community/threads/freenas-11-3-u5-fails-to-install.88170/

 

[morganL]

Nodrog, Understand your frustration...but I don't know the cause. The area where we have seen issues is that the USB controllers can have defects. However, you have got freebsd 11.3 to boot off the USB drive, so that may not be the cause. There may be a device which TrueNAS exercises (and fails) , that FreeBSD normally leaves alone.

If you want SMB ACLs, I would wait for the 21.06 release. The nighlies may have the capability, but may not have the testing you need if you want to put the only copy of data on the system. Please consider your risk.

 

[Nodrog]

I have now attempted to update to the 20.06 release, firstly from the GUI, which killed Samba completely, as Samba now uses the ../samba4 directory structure & 20.04 used the ../samba structure.
I therefore did a from scratch install, Joined the AD, so far every thing seemed to work. But, the SMB Shares still do not recognise any of the AD Accounts.

Looking in the samba log files, the log.wb-DOMAIN contains:-
1] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
ldb: Failed to connect to '/var/db/system/samba4/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/db/system/samba4/private/secrets.ldb': No such file or directory

and the smb4.conf contains :-
idmap config DOMAIN: backend = rid
idmap config DOMAIN: range = 100000001-200000000
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000

and my SMB share pemissions:-
drwxrwx--x 2 root root 2 Jul 8 15:13 win

and getfacl:-
getfacl: Removing leading '/' from absolute path names
# file: mnt/tank1/win
# owner: root
# group: root
user::rwx
group::rwx
other::--x

My smb4_share.conf & smbusername.map files are empty !!

I feel like I am doing something wrong or am missing something.

 

[Nodrog]

Nodrog, Understand your frustration...but I don't know the cause. The area where we have seen issues is that the USB controllers can have defects. However, you have got freebsd 11.3 to boot off the USB drive, so that may not be the cause. There may be a device which TrueNAS exercises (and fails) , that FreeBSD normally leaves alone.

If you want SMB ACLs, I would wait for the 21.06 release. The nighlies may have the capability, but may not have the testing you need if you want to put the only copy of data on the system. Please consider your risk.

MorganL,

I have now attempted to update to the 20.06 release, firstly from the GUI, which killed Samba completely, as Samba now uses the ../samba4 directory structure & 20.04 used the ../samba structure.
I therefore did a from scratch install, Joined the AD, so far every thing seemed to work. But, the SMB Shares still do not recognise any of the AD Accounts.

I have tried a from scratch install from the ISO, which does go well.
After resetting the TimeZone, and adding my DC as an NTP Server, I attempted to Join the System to the Domain.
The Domain_test_join finishes with an error: -1, but the system is now present in the DC's.
I have 3 DC's, all Samba, 1:- Freenas (the original on the system that I want to replace & 2 Ubuntu 20.04 SAmba DC's.

I can setup a SMB Share, but there dose not seem to be any SMB ACL's associated with the Share.

Cannot check Samba Domain Users using id. eg:-

From Freenas DC:-

id 3000011
uid=3000011(MYDOM\domain admins) gid=3000011(MYDOM\domain admins) groups=3000011(MYDOM\domain admins)

From Truenas Server:-

id 3000011
id: ‘3000011’: no such user


I have attached all the Samba Conf, Logs & the Domain_test_join, and the nsswitch.conf, for your parusal in the hope that you can see if or where I went wrong.

Do I have to wait until 20.08 for the system I want to build to work.

Regards,
Gordon

 

[morganL]

The nightlies are a forerunner of SCALE 21.08 which is due at the end of the month.
In the meantime there will be 2 week of extensive QA and some issues like this may be found. It more efficient to wait for the 21.08 version and then debug from there. There have been lots of SMB changes in this updated version.