SMB + NFSv4 does not allow access for User entries (non-@)

[HungrySkelly]

Hi everyone

I've been having issues with SMB access for accounts that are allowed permission to access a share whilst authenticated as a 'User' of the dataset (not an @owner or @group).
I've read quite a few forum posts along similar lines, but not sure any of them are quite what I'm experiencing.

Context: I migrated from Core to Scale about 6months ago. I actually did a clean install of Scale and just imported the drives/datasets.

I am trying to access a particular share from one of my network devices. When I authenticate as the @owner for the dataset via SMB, everything works and access is granted as expected. However when I authenticate as a User, access is denied. The root SMB share can be mounted for the User, but any of the containing folders cannot be accessed.

Both accounts have SMB access enabled.

Share ACL Type:

ACLs for the dataset I am trying to access:

SMB Settings:

It is not likely to be the difference between 'Modify' and 'Read' permissions, as this issue also occurs when accessing a different dataset via my PC where the User is allowed Modify. Given it also occurs on my PC, the issue doesn't appear to be device-specific.

I have tried recursively re-applying all the permissions but there is no change in the behavior.

Any ideas on how to resolve?

Thank you!

 

[HungrySkelly]

Does anybody else have this issue?
Should I raise a ticket, or is it a misconfiguration on my side?

 

[usernamesareforchumps]

I have searched high and low for this exact problem and this is the only post I have found that addresses my particular issue as well which is; I have a share that I use for a specific purpose with access granted to my default user of that share and that user is not my regular login; I want to be able to access it with my regular PC login with permissions set correctly, and deny access to other network users. I used the NFS4_RESTRICTED preset to setup the base config then added my login as allow | full control, but when connected using SMB and trying to ls the directory, it is all "Permission denied" until I set the owner as my PC login which then, as described above, makes everything work as anticipated.

If I set the preset to NFS4_OPEN, it adds the everyone@ and at that time I can individually restrict users or groups to block access, but that is very counterproductive because I would have to (as un-often as it happens) add the deny option to each of the users, which I am sure to forget.

@HungrySekelly, have you found a solution to this problem or did you end up raising a ticket? I have changed and altered my ACL a dozen different ways and I reproduce your exact problems as mine without solution.

 

[usernamesareforchumps]

[Solution]

What a nightmare. Figured out the solution for this, as it was for me.

When I setup the datasets I created them as "Generic" datasets, not "SMB". This created POSIX ACLs. When I converted the ACL to NFSv4 that was not enough. When a dataset is created as SMB, according to my reading, it changes at least 3 options for the dataset; one is the case sensitivity (from sensitive to insensitive), one is the ACL type (POSIX vs SMB/NFSv4), the other is the ACL Mode (Discard (and non-editable) to Restricted).

The last was the key fix for me, changing the ACL mode from Discard to Restricted, AFTER changing the ACL type from POSIX to SMB/NFSv4, then strip/rebuild the ACLs as desired. Once the ACL mode was changed, the ACLs worked as anticipated. The case sensitivity cannot be changed as it is immutable once the dataset is created. This might be a slight issue with Windows clients, but something that I can work through.