SMB Shares ??

[anodos]

What is output of midclt call smb.status AUTH_LOG | jq this will print authentication log with more info about the actual auth attempt including the username and authentication type attempted by the client.

 

[indivision]

I made a "test" user and left everything default and still same issue ..

Hm. After that, I'm running out of ideas. Hopefully, anodos suggestion reveals something.

 

[StarTrek133]

Here you go Anodos .. There was more to it but didn't all fit in the "shell" screen ..

 

[anodos]

"status": "NT_STATUS_NO_SUCH_USER",
"clientAccount": "\\172.168.40.16\\media",

This account doesn't exist. Unless you have AD enabled, you should just use `media` for username (assuming such user exists on your NAS).

"status": "NT_STATUS_OK",
"clientAccount": "Media",

This one succeeded

"status": "NT_STATUS_WRONG_PASSWORD",
"clientAccount": "media",

This one failed because you used wrong password.

User `media` with correct password. If it fails to access share, but shows NT_STATUS_OK in output of midclt call smb.status AUTH_LOG | jq then you have a permissions error.

The most common cause of failure to access share is due to removing traverse rights (execute) from some path component leading to the share's path. Unfortunately, there are many how-to videos online that advise users to do this. What is output of stat /mnt/Data?

 

[ChrisRJ]

The use of the username media seems in "conflict" with the recent post about a user test having been created.

 

[anodos]

The use of the username media seems in "conflict" with the recent post about a user test having been created.

There was also username "\\172.168.40.16\\test" and root. We don't allow root for SMB purposes because it requires storing the root password with a hash that's potentially vulnerable to cracking, and "\\172.168.40.16\\test" is an invalid SMB username.

 

[StarTrek133]

Hey Anodos,

Yep no matter how I type it in or what username and password I use .. my windows 11 machine also says that its invalid .. I have tried going to just the ip address , to the ip address and folder I created in the SMB Share .. I have tried Root , Test and still nothing seems to work .. I am at lost ..

 

[Davvo]

To me it looks there is too much stuff going around, I would reset everything and try step by step again, following anodos' indications.

Just my 2 cents

 

[indivision]

Hey Anodos,

Yep no matter how I type it in or what username and password I use .. my windows 11 machine also says that its invalid .. I have tried going to just the ip address , to the ip address and folder I created in the SMB Share .. I have tried Root , Test and still nothing seems to work .. I am at lost ..

Anodos asked for you to send the output of another command that will show the permissions of "Data" which is above your test and media datasets. Those have to be correct in order for this to work. Please post that output.

 

[StarTrek133]

Sorry Anodos I missed the other command you told me to run .. here it is ..

root@truenas[~]# stat /mnt/Data
File: /mnt/Data
Size: 4 Blocks: 1 IO Block: 512 directory
Device: 34h/52d Inode: 34 Links: 4
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2022-09-12 18:44:26.071625069 -0700
Modify: 2022-09-14 08:35:34.893776868 -0700
Change: 2022-09-14 08:35:34.893776868 -0700
Birth: 2022-09-12 18:44:26.071625069 -0700

 

[StarTrek133]

The only reason I used "media" as a name for a user was because its going to be my Media / NAS / File storage and couldn't think of a good name .. with windows its the same username to login when your not in a server / active directory setup ..

I am up for anything .. there is nothing on an of the drives so nuking the pools and everything and starting off is fine ..

 

[indivision]

Hm. The Data perms look like the defaults. Same as mine and I don't have this log-in issue... I wonder if maybe you have some kind of firewall issue going on. Maybe a virus protection program monitoring network connections, etc?

Instead of "Media" you could use something like "media-user". For share and usernames, it can help to not capitalize anything as a rule. Less to have to remember if you always stick with a rule like that.

 

[mervincm]

Hm. The Data perms look like the defaults. Same as mine and I don't have this log-in issue... I wonder if maybe you have some kind of firewall issue going on. Maybe a virus protection program monitoring network connections, etc?

Instead of "Media" you could use something like "media-user". For share and usernames, it can help to not capitalize anything as a rule. Less to have to remember if you always stick with a rule like that.

The only successful SMB authentication in the log complained about permissions, so I am doubtful. If it was me I would quick wipe the disks and start again with a re install, document every choice I made. Well actually a few months ago it was me. I had authentication and docker issues and said screw it and did just that. On my rebuild I did everything super carefully and conservatively. No capital letters anywhere, one id, one data set, one share, no ACL, only Linux permissions. Then I expanded once I had functional shares.

 

[StarTrek133]

I could do that Mervincm .. Like I said before its a new build , so wiping out the pools and starting over is no big deal to me as there is nothing on them ..

But should I also wipe Scale too and really start over over .. Hope that makes sense .. Let me know .. thanks ..

 

[mervincm]

Well It is kinda a beginners approach. That's what I did it. Folks with all the expertise will shoot it down as they know exactly how to troubleshoot ... they know the impacts of changing something, what the errors messages point to what root cause etc.

For me, someone who primarily used Windows Servers and Synology NAS at home, with a bit of kubernetes exposure at work, I didn't have that skill and my troubleshooting didn't solve it. I decided to start again. My intention was to eliminate variables. Absolutely stock install and tweak only the items that I needed. I used linux permissions because they are simpler to implement and understand. I used only lower case letters everywhere. all directory structure, all names, all shares everything. I created a single id/group, a single dataset and a single share of that dataset (not a subfolder of it) I learned how to write a script to explicitly set ownership and permission so I could run it at any time and make sure permission where exactly the way I wanted them to be.

After that re-install, I cleared my windows credential manager and mapped a drive and it worked, I could map a drive and move some data.

After that I then expanded my plan for authorization to include many more accounts and groups.

For someone like you/me, I honestly would restart. Quick Wipe all your disks, re-install a factory default environment, and do it with a notepad at your side. everytime you have to make a decision, configure or change something, write it down. (not forever but till you have a functional base config)
Configure the basics. networking, static IP, DNS, hostname, workgroup, domain, ssh.
Then test from your Windows 11 system, make sure you can connect to it by ip, by hostname, by fully qualified hostname. ping, nslookup, and ssh (putty or others)

At that point you know you have a functional system and client that connects across a range of protocols/ports

 

[mervincm]

Also fill out your forum signature, add some details of what you are building, its a pretty common basic courtesy IMO

 

[StarTrek133]

Thanks Mervincm,

I will download the latest version of Scale and wipe everything and start over .. But will do that tomorrow and let everyone know ..

 

[mervincm]

Sounds good, good luck, thx for the signature :)

 

[Daisuke]

All I have setup is the pools

Welcome to FreeNAS Scale, you are on the right direction.

If I understand correctly, you want to have SMB shares available in your Windows PC. This is a very simple process which requires zero customizations to TrueNAS, so your vanilla install is a great start. To create an SMB share available on Windows, you need to:

1. Be on same network, for both your PC and TrueNAS server
2. Create a specific dataset you plan to share it with your Windows PC
3. Create an user allowed to access your Samba shares
4. Start the SMB service
5. Add a Samba share

Let me share few screenshots, from my setup.

1. Be on same network
Scale will pick an IP address assigned by DHCP server running on your home router. In my router, I've made sure the DHCP server has a reserved IP address, based on the server MAC address (e.g. Scale server will always have the 192.168.1.8 IP, when I access it from other computers):

Having a fixed IP address is useful, when you run any applications on Scale. You will learn about this later, when you get a gist of this beautiful software.

2. Create a specific dataset you plan to share with other Windows computers
You already have your pool created, so the first step is done. Next, you need to create a dataset, so you tell the SMB service what needs to be shared. To create a dataset, go to Storage, you should see the pool you created. In my case, I'll use the default pool name, as reference:

You notice the media dataset listed below my default pool. To create a dataset, simply click on the 3 dots next to your pool name and add a dataset. Set the Name to whatever you like (in my case I named it media) and leave the rest of options default. Optionally, scroll down to Advanced Settings button and click on it. Scroll all the way down and set the Share Type to SMB, then save. Some old versions of Windows don't like the default Share Type. You are done with this part.

3. Create an user allowed to access your Samba shares
Go to Credentials > Local Users and press Add to create a new user. Enter the username and password, which will be used to access your Samba shares, leave anything else default. Save the info, you are done with this part.

4. Start the SMB service
Go to System Settings > Services and configure SMB service:

Click on the pencil to configure the service and scroll down to Advanced Settings. Enter the username you created earlier, into Administrators Group field. Next, enter server signing = mandatory into Auxiliary Parameters field and save. To accept the new settings, toggle on the Running option and tick the Start Automatically option. You are done with this part.

5. Add a Samba share
Go to Shares and add a SMB share, pick the path to your dataset, leave the rest of options default and save:

On Windows, use the username and password you created earlier to access the share. Your NAS will be automatically detected, under Network.

 

[indivision]

The only successful SMB authentication in the log complained about permissions, so I am doubtful.

I may have missed something. Where was there a complaint about permissions logged?

We looked at the parent dataset. That looks ok.
We changed the owning user and group.
We gave that owner wide open permissions.
We made a new dataset to make sure it didn't have some ACL customizations interfering.
We can confirm in the log that SMB accepted the user authentication.

If permissions were wrong, they would indeed block access at this point. But, we've already looked at those permissions, even with screens.

It's just a theory to consider. But, at this point, I have to wonder about additional factors coming into play.

If it was me I would quick wipe the disks and start again with a re install, document every choice I made. Well actually a few months ago it was me. I had authentication and docker issues and said screw it and did just that. On my rebuild I did everything super carefully and conservatively. No capital letters anywhere, one id, one data set, one share, no ACL, only Linux permissions. Then I expanded once I had functional shares.

I don't see anything wrong with this given time and patience. It definitely helps to get a working base to start from. Start from scratch and don't freestyle anything away from tutorial(s). See if that helps.