New TrueNAS install. Create 1 new user and SMB share but unable to access from Windows 10

[mrteaiot]

Anyone have this issue. I reinstall TrueNAS twice. This time I only create 1 dataset, 1 user with OPEN ACL. Turn on SMB share service and create share folder. When I try to map network drive from Windows I got network access error from windows 10. I tried all different password, username and guest account still unable to access from windows. I tried 2nd windows PC has the same issue. What do I need to do to fix this? My last server is FreeNAS and it works fine. Could it be my UniFi USG network blocking traffic? Any help appreciated..

 

[JohnDigital]

So you get the windows User/Pass to pop up when you do try and connect? What happens when you use the root creds at the prompt? Also make sure that root does not own the dataset/folder you are "sharing".

 

[mrteaiot]

Yes, I see several video on youtube. On TrueNAS, you cannot use root so I created new users and new dataset with same owner and OPEN acl for all users. Turn on SMB share. I can see all the folders when I open the network on my windows explorer after prompt for new credentials, I put same new user and password. But when I click on the shared folders, I got window message Windows cannot access .. You do not have permission. I even try to mapped network folder still same error. All my pc on the network behave the same thing. So it must be in TrueNAS SMB permission.

 

[JohnDigital]

I dont know a lot about ACL permissions. I use all Unix based machines. Certainly a permission issue. Can you show me screenshot of how your user is setup in FreeNAS? Show me the permissions screen for the datasets/shares?

Ive always advised Windows people to make their TN user the EXACT SAME as their main Windows user(s). This is name, user, password, email. Then you simply own all the shares/dataset/media to this user.

 

[mrteaiot]

Thanks for helping. It is driving me crazy for weeks. I setup a few users and groups and I also set dataset with all OPEN acl. Here is all the screen shots. Username is "tea" and Group is "teagroup". Dataset is "PLEXMEDIA" with OPEN preset acl. Shared SMB is "PLEXMEDIA". SMB service turn ON. When I clicked on the Network on window explorer, I can open and see all the SMB shares folder just fine but not able to click and open any of them. I get Network error. Window cannot access .. It happened same error on all my PC on the network accessing this folder. I have service announcement all turn on see screen. Not sure if it need to.
Let me know if you need other screenshots.

 

[winnielinnie]

What does the following show you when you enter this in Shell:

Code:

ls -la /mnt/RAIDZ-40TB/PLEXMEDIA

EDIT: Also try disabling SMB 1.0 support in Windows 10 if you hadn't already. I had to do it myself when I had authentication / connection issues from my Windows 10 PC.

Control Panel > Programs and Features > Turn Windows features on or off > uncheck SMB 1.0 support (entirely)

If possible, try rebooting your Windows 10 system after making those changes.

 

[winnielinnie]

Are you using encrypted datasets by any chance?

 

[anodos]

This is also relevant "getfacl /mnt/RAIDZ-40TB"

 

[mrteaiot]

What does the following show you when you enter this in Shell:

Code:

ls -la /mnt/RAIDZ-40TB/PLEXMEDIA

EDIT: Also try disabling SMB 1.0 support in Windows 10 if you hadn't already. I had to do it myself when I had authentication / connection issues from my Windows 10 PC.

Control Panel > Programs and Features > Turn Windows features on or off > uncheck SMB 1.0 support (entirely)

The SMB 1.0 not checked but SMB Direct is checked.

If possible, try rebooting your Windows 10 system after making those changes.

 

[mrteaiot]

Are you using encrypted datasets by any chance?

My dataset is not encrypted. But I imported my pool and dataset from FreeNAS when I update to TrueNAS because I do not want to lost my data.

 

[mrteaiot]

This is also relevant "getfacl /mnt/RAIDZ-40TB"

Look like RAIDZ-40TB belong to "root" but the dataset underneath belong to owner "tea".

 

[winnielinnie]

Permissions and ACL look fine, unless I'm missing something?

Trying to access the SMB share as "tea" should gain you access to PLEXMEDIA.

What about the share's ACL itself?

Sharing > SMB > PLEXMEDIA > Edit Share ACL
*not Edit Filesystem ACL

Did you double-check if SMB 1.0 is enabled in your Windows 10 system? It shouldn't be if it wasn't an upgrade from an earlier version, but it doesn't hurt to double-check.

While you're at it, clear the cached credentials from Windows 10:

In a Command Prompt or Power Shell:

Code:

net use * /d /y

This will clear all the cached credentials from any previously accessed shares and connections.

You likely have to kill and restart explorer.exe (or just reboot if it's not a problem.)

Windows 10 can be a pain to access SMB shares with different user accounts at the same IP address of the server.

 

[mrteaiot]

I did that already many times to relogin and try again. I use command "net use /del *". Then when I open backup the Network drive it will prompt me the credential and I put in "tea" as username. Still not working. The dataset is own by "tea" by the main pool dataset is own by "root". Does it matter check my screen print for anodos respond. Does both need to own by "tea" to get access underneath folder?

 

[anodos]

The problem is permissions on /mnt/RAIDZ-40TB. You've stripped users ability to traverse the pool mountpoint (there are a few prominent youtube videos demonstrating this unfortunately - despite the fact that their how-to will actually break permissions on people's storage). This is one of the primary reasons why we don't expose the ability to modify permissions for root of the zpool. setfacl -m everyone@rxaRc::allow /mnt/RAIDZ-40TB

 

[winnielinnie]

The problem is permissions on /mnt/RAIDZ-40TB. You've stripped users ability to traverse the pool mountpoint (there are a few prominent youtube videos demonstrating this unfortunately - despite the fact that their how-to will actually break permissions on people's storage). This is one of the primary reasons why we don't expose the ability to modify permissions for root of the zpool.[/cmd]

Good catch! I never knew it was possible to change the root dataset's permissions, unless it was with an earlier version of FreeNAS?

 

[anodos]

Good catch! I never knew it was possible to change the root dataset's permissions, unless it was with an earlier version of FreeNAS?

It's possible if you use the shell to do it. I don't know the particulars of this case, but there are some youtube videos around that demonstrate opening shell and running command "chmod 770 /mnt/tank", which of course breaks access for everyone who isn't a member of wheel (default group for root-level dataset).

 

[mrteaiot]

The problem is permissions on /mnt/RAIDZ-40TB. You've stripped users ability to traverse the pool mountpoint (there are a few prominent youtube videos demonstrating this unfortunately - despite the fact that their how-to will actually break permissions on people's storage). This is one of the primary reasons why we don't expose the ability to modify permissions for root of the zpool. setfacl -m everyone@rxaRc::allow /mnt/RAIDZ-40TB

When I execute this command, will it make the all the RAIDZ-40TB dataset and child everyone permission?
I executed it and get this tag error message:

Can I do this in ACL dataset GUI of TrueNAS?

 

[anodos]

Sorry, typo:
setfacl -m everyone@:rxaRc::allow /mnt/RAIDZ-40TB

 

[mrteaiot]

Look like RAIDZ-40TB belong to "root" but the dataset underneath belong to owner "tea".

When I do the getacl on the root dataset mnt/RAIDZ-40TB, it show root owner and wheel group but when I view it on the GUI its gray out not able to changed. a bug need to be fix? The message stated root dataset cannot be changed. That's is why I am able to SMB shared because root not owner.

 

[Patrick M. Hausen]

You should not touch the root dataset of a pool at all. That's why the UI does not allow it. If you insist to shoot yourself in the foot on the commandline, though ...