SAMBA After enabling audit, it's impossible to edit acl from windows

[opana]

After adding to Auxiliary Parameters

Code:

vfs objects=zfsacl full_audit streams_xattr shadow_copy_zfs nfs4acl_xattr zfs_core io_uring
full_audit:prefix=%u | %I | %M
full_audit:failure=none
full_audit:success=renameat mkdirat unlinkat
full_audit:facility = user
full_audit:priority=NOTICE

It becomes impossible to edit ASL from Windows. Inheritance for the root directory also becomes active.

Show

Attempting to disable inheritance or add/change permissions results in an error

The error is the same in TrueNAS-SCALE-22.12.0 and TrueNAS-SCALE-22.02.4

Reducing vfs_objects to

Code:

vfs objects=zfsacl full_audit

same result

Show : testparm -s

[global]
allow trusted domains = No
bind interfaces only = Yes
client ldap sasl wrapping = seal
disable spoolss = Yes
dns proxy = No
domain master = No
kerberos method = secrets and keytab
load printers = No
local master = No
logging = file
max log size = 5120
preferred master = No
printcap name = /dev/null
realm = OPANA.MY
registry shares = Yes
restrict anonymous = 2
security = ADS
server multi channel support = No
server role = member server
server string = TrueNAS Server
template homedir = /var/empty
template shell = /bin/sh
winbind cache time = 7200
winbind enum groups = Yes
winbind enum users = Yes
winbind max domain connections = 10
workgroup = OPANA
idmap config opana : backend = rid
idmap config opana : sssd_compat = false
idmap config * : range = 90000001 - 100000000
idmap config opana : range = 100000001 - 200000000
fruit:zero_file_id = false
fruit:nfs_aces = false
rpc_server:mdssvc = disabled
rpc_daemon:mdssd = disabled
idmap config * : backend = tdb
create mask = 0775
directory mask = 0775


[data]
ea support = No
path = /mnt/fs01_pool01/data
posix locking = No
read only = No
smbd max xattr size = 2097152
vfs objects = zfsacl full_audit nfs4acl_xattr streams_xattr shadow_copy_zfs zfs_core io_uring
full_audit:priority = NOTICE
full_audit:failure = connect
full_audit:success = renameat mkdirat unlinkat
full_audit:facility = user
full_audit:prefix = %u | %I | %M
tn:vuid =
nfs4:chown = True
fruit:time machine = False
tn:home = False
tn:path_suffix =
fruit:time machine max size = 0
tn:purpose = DEFAULT_SHARE

 

[Johnny Fartpants]

Try removing this line

Code:

vfs objects=zfsacl full_audit streams_xattr shadow_copy_zfs nfs4acl_xattr zfs_core io_uring

from your SMB Aux Parameters and adding it into your Share Parameters.

 

[opana]

Thanks for your reply.
I do not understand. Remove from SMB service and add to Share Parameters? I did this originally

 

[Johnny Fartpants]

vfs objects in Share parameters and audit stuff in SMB Global.

 

[anodos]

zfsacl full_audit streams_xattr shadow_copy_zfs nfs4acl_xattr zfs_core io_uring

Combination of `zfsacl` and `nfs4acl_xattr` is invalid. In general those parameters are only valid if you have NFSv4 ACL o the dataset. Check /var/log/samba4/log.smbd for any errors being reported.

 

[opana]

vfs objects in Share parameters and audit stuff in SMB Global.

like this?

Show : testparm -s

[global]
allow trusted domains = No
bind interfaces only = Yes
client ldap sasl wrapping = seal
disable spoolss = Yes
dns proxy = No
domain master = No
kerberos method = secrets and keytab
load printers = No
local master = No
logging = file
max log size = 5120
passdb backend = tdbsam:/var/run/samba-cache/passdb.tdb
preferred master = No
printcap name = /dev/null
realm = OPANA.MY
registry shares = Yes
restrict anonymous = 2
security = ADS
server multi channel support = No
server role = member server
server string = TrueNAS Server
template homedir = /var/empty
template shell = /bin/sh
winbind cache time = 7200
winbind enum groups = Yes
winbind enum users = Yes
winbind max domain connections = 10
workgroup = OPANA
full_audit:failure = connect
full_audit:success = renameat mkdirat unlinkat
full_audit:priority = NOTICE
full_audit:prefix = %u | %I | %M
full_audit:facility = user
idmap config opana : backend = rid
idmap config opana : sssd_compat = false
idmap config * : range = 90000001 - 100000000
idmap config opana : range = 100000001 - 200000000
fruit:zero_file_id = false
fruit:nfs_aces = false
rpc_server:mdssvc = disabled
rpc_daemon:mdssd = disabled
idmap config * : backend = tdb
create mask = 0775
directory mask = 0775


[data]
ea support = No
path = /mnt/fs01_pool01/data
posix locking = No
read only = No
smbd max xattr size = 2097152
vfs objects = zfsacl full_audit nfs4acl_xattr streams_xattr shadow_copy_zfs zfs_core io_uring
tn:vuid =
fruit:time machine max size = 0
fruit:time machine = False
nfs4:chown = True
tn:home = False
tn:path_suffix =
tn:purpose = DEFAULT_SHARE

cannot access to server

Combination of `zfsacl` and `nfs4acl_xattr` is invalid. In general those parameters are only valid if you have NFSv4 ACL o the dataset. Check /var/log/samba4/log.smbd for any errors being reported.

Code:

[2022/12/15 21:28:03.377964,  0] ../../source3/smbd/server.c:1741(main)
  smbd version 4.17.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:28:03.378628,  1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
  lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:28:03.380428,  1] ../../source3/profile/profile.c:53(set_profile_level)
  INFO: Profiling turned OFF from pid 158406
[2022/12/15 21:28:16.890933,  1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
  lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated

Show : log.rpcd_classic

[2022/12/15 21:28:27, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:28:27, 0] ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
rpcd_classic version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:28:27, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:28:38, 0] ../../source3/lib/sharesec.c:161(share_info_db_init)
Failed to open share info database /var/db/system/samba4/share_info.tdb (Permission denied)
[2022/12/15 21:31:34, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:31:34, 0] ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
rpcd_classic version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:31:34, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:31:40, 0] ../../source3/lib/sharesec.c:161(share_info_db_init)
Failed to open share info database /var/db/system/samba4/share_info.tdb (Permission denied)
[2022/12/15 21:34:52, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:34:52, 0] ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
rpcd_classic version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:34:52, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:35:06, 0] ../../source3/lib/sharesec.c:161(share_info_db_init)
Failed to open share info database /var/db/system/samba4/share_info.tdb (Permission denied)

Show : log.samba-dcerpcd

[2022/12/15 21:28:27.891819, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/var/run/samba/ncalrpc/EPMAPPER) failed: No such file or directory
[2022/12/15 21:28:27.928784, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 158596
[2022/12/15 21:28:27.928838, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 158600
[2022/12/15 21:28:27.930135, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 158601
[2022/12/15 21:28:27.930163, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 158602
[2022/12/15 21:28:27.930201, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 158598
[2022/12/15 21:28:37, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:28:37, 0] ../../source3/rpc_server/rpc_host.c:2966(main)
samba-dcerpcd version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:28:37.772559, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/var/run/samba/ncalrpc/EPMAPPER) failed: No such file or directory
[2022/12/15 21:31:34, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:31:34, 0] ../../source3/rpc_server/rpc_host.c:2966(main)
samba-dcerpcd version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:31:34.090442, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/var/run/samba/ncalrpc/EPMAPPER) failed: No such file or directory
[2022/12/15 21:31:34.127876, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 159833
[2022/12/15 21:31:34.127987, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 159832
[2022/12/15 21:31:34.128024, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 159835
[2022/12/15 21:31:40, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:31:40, 0] ../../source3/rpc_server/rpc_host.c:2966(main)
samba-dcerpcd version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:31:40.278733, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/var/run/samba/ncalrpc/EPMAPPER) failed: No such file or directory
[2022/12/15 21:34:52, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:34:52, 0] ../../source3/rpc_server/rpc_host.c:2966(main)
samba-dcerpcd version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:34:52.009465, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/var/run/samba/ncalrpc/EPMAPPER) failed: No such file or directory
[2022/12/15 21:34:52.046267, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 161319
[2022/12/15 21:34:52.046322, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 161323
[2022/12/15 21:34:52.047683, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 161324
[2022/12/15 21:34:52.047726, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 161321
[2022/12/15 21:34:52.047740, 1] ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
rpc_worker_exited: No worker with PID 161325
[2022/12/15 21:35:05, 1] ../../lib/param/loadparm.c:1767(lpcfg_do_global_parameter)
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
[2022/12/15 21:35:05, 0] ../../source3/rpc_server/rpc_host.c:2966(main)
samba-dcerpcd version 4.17.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/12/15 21:35:05.910807, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
rpc_pipe_open_ncalrpc: connect(/var/run/samba/ncalrpc/EPMAPPER) failed: No such file or directory

Show : log.winbindd

[2022/12/15 21:28:28.440501, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.441135, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.441925, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.442410, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.442935, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.443325, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.443844, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:28:28.444278, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.547120, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.547701, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.548188, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.548633, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.549149, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.549586, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.550055, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:31:37.550449, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:34:51.977175, 1] ../../source3/winbindd/wb_lookupsid.c:102(wb_lookupsid_recv)
Failed with STATUS_SOME_UNMAPPED.
[2022/12/15 21:35:02.079697, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.080220, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.080773, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.081266, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.081728, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.082180, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.082678, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:02.083108, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.766700, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.768098, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.769599, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.770948, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.772372, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.773711, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.775076, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:44.776355, 1] ../../source3/winbindd/winbindd_getgrnam.c:175(winbindd_getgrnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:57.480215, 1] ../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/12/15 21:35:57.488882, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED

 

[Johnny Fartpants]

Take a look at this https://www.truenas.com/community/t...meters-barring-connection.101663/#post-727810

 

[opana]

Take a look at this https://www.truenas.com/community/t...meters-barring-connection.101663/#post-727810

With these settings, I returned to where I started: network folders are available, audit works, but it is impossible to change ACL from Windows

 

[anodos]

With these settings, I returned to where I started: network folders are available, audit works, but it is impossible to change ACL from Windows

What is the acltype of your dataset?

 

[Johnny Fartpants]

Ok that suggests the vfs objects and audit stuff isn’t causing the problem. Time to look at other things.

 

[anodos]

Ok that suggests the vfs objects and audit stuff isn’t causing the problem. Time to look at other things.

Or it could be that the vfs objects are wrong in a subtle way. The ACL module may be invalid for the dataset for instance.

 

[opana]

What is the acltype of your dataset?

SMB/NFSv4

I'm experimenting with a test system. I installed the new TrueNas, the new Windows AD. I use all default settings.
Tell me with which AСL it will work exactly. Because I have already tried many different options

Perhaps a combination of Shadow Copy, User Quotas and Audit?

 

[rayzer]

Take a look at this https://www.truenas.com/community/t...meters-barring-connection.101663/#post-727810

With these settings, I returned to where I started: network folders are available, audit works, but it is impossible to change ACL from Windows

Exactly same problem here, I've tried several combinations and I can't edit ACL on Windows, I/O device error...

 

[anodos]

Exactly same problem here, I've tried several combinations and I can't edit ACL on Windows, I/O device error...

That's because you're removing the modules controlling ACLs. Look at what your share has for default `vfs objects` before hacking via auxiliary parameters and then stick full_audit at the front of the list. Otherwise you're going to break your SMB share. Note, this is very fragile and prone to break on major version upgrades. DragonFish is going to add proper SMB auditing support.

 

[Johnny Fartpants]

Exactly same problem here, I've tried several combinations and I can't edit ACL on Windows, I/O device error...

Is this on CORE or SCALE?

 

[rayzer]

That's because you're removing the modules controlling ACLs. Look at what your share has for default `vfs objects` before hacking via auxiliary parameters and then stick full_audit at the front of the list. Otherwise you're going to break your SMB share. Note, this is very fragile and prone to break on major version upgrades. DragonFish is going to add proper SMB auditing support.

Before you answered I had already tried different combinations of parameters, but without success, I searched for "default vfs objects" too, but I didn't find anything solid, just results from olds documentations.

According to Johnny indication in this post:

Take a look at this https://www.truenas.com/community/t...meters-barring-connection.101663/#post-727810

I tried:

Code:

vfs objects=shadow_copy_zfs full_audit zfs_space zfsacl streams_xattr zfs_core ixnas

reducing to:

Code:

vfs objects=full_audit zfsacl streams_xattr zfs_core ixnas

and finally to:

Code:

vfs objects=full_audit zfsacl streams_xattr

also unsuccessfully.
I can navigate folders, create and edit files, use Windows Previous Versions of files, but I always get an I/O error when changing permissions.

Infos:
My dataset has NFSv4 permissions, using Windows AD, with FULL permission for the Administrator user (from Domain).
The Share ACL is shared with Everyone with FULL permissions, and I use "hide unreadable=yes" as an auxiliary parameter (in addition to the vfs mentioned above).
In the SMB service config, I use the auxiliary parameters:

Code:

full_audit:prefix=%u|%I|%m|%S
full_audit:priority=notice
full_audit:failure=connect
full_audit:success=mkdirat renameat unlinkat

Sorry if I didn't understand correctly what you explained, but I tried these options.

Is this on CORE or SCALE?

SCALE, more specifically TrueNAS-SCALE-22.12.4

 

[Johnny Fartpants]

Ah ok. My above suggestion is only verified on CORE haven’t tried it on SCALE.

 

[anodos]

Before you answered I had already tried different combinations of parameters, but without success, I searched for "default vfs objects" too, but I didn't find anything solid, just results from olds documentations.

According to Johnny indication in this post:

I tried:

Code:

vfs objects=shadow_copy_zfs full_audit zfs_space zfsacl streams_xattr zfs_core ixnas

reducing to:

Code:

vfs objects=full_audit zfsacl streams_xattr zfs_core ixnas

and finally to:

Code:

vfs objects=full_audit zfsacl streams_xattr

also unsuccessfully.
I can navigate folders, create and edit files, use Windows Previous Versions of files, but I always get an I/O error when changing permissions.

Infos:
My dataset has NFSv4 permissions, using Windows AD, with FULL permission for the Administrator user (from Domain).
The Share ACL is shared with Everyone with FULL permissions, and I use "hide unreadable=yes" as an auxiliary parameter (in addition to the vfs mentioned above).
In the SMB service config, I use the auxiliary parameters:

Code:

full_audit:prefix=%u|%I|%m|%S
full_audit:priority=notice
full_audit:failure=connect
full_audit:success=mkdirat renameat unlinkat

Sorry if I didn't understand correctly what you explained, but I tried these options.


SCALE, more specifically TrueNAS-SCALE-22.12.4

Every example you showed of vfs objects is invalid. Create a second share to the path, run "testparm -s" from shell and look at the vfs objects we populate by default.

 

[rayzer]

Every example you showed of vfs objects is invalid. Create a second share to the path, run "testparm -s" from shell and look at the vfs objects we populate by default.

WOW, thank you very much for your help, I finally understand how it should be done!
I thought I only needed to put "vfs objects = full_audit" in the share auxiliary parameters, and with that I ended up falling into the question that I needed some ACL module to solve the I/O problem, but when running "testparm -s", I got the output:

Show : testparm -s

Code:

[Arquivo]
        ea support = No
        path = /mnt/wsr_files/Arquivo_WSR
        posix locking = No
        read only = No
        smbd max xattr size = 2097152
        vfs objects = streams_xattr shadow_copy_zfs ixnas zfs_core io_uring
        tn:vuid =
        nfs4:chown = True
        fruit:time machine = False
        tn:home = False
        tn:path_suffix =
        fruit:time machine max size = 0
        tn:purpose = DEFAULT_SHARE

Combining "vfs objects = full_audit" + the default "testparm" output parameters
(as you had said, "default vfs objects" and "full_audit at the front of the list"):

Code:

vfs objects=full_audit streams_xattr shadow_copy_zfs ixnas zfs_core io_uring

It finally worked as it should.
Sorry for not understanding how it worked before and thank you very much for clarifying and showing me how to understand!

Any expected dates for DragonFish? Mid 2024 maybe?

Ah ok. My above suggestion is only verified on CORE haven’t tried it on SCALE.

Yes, my fault, I didn't understand things correctly. It's working now!