SMB Sharing doesn't work after upgrade to TrueNas12-U3

[spectrality]

Hi Everyone.
This is my first post on this forum and i would appreciate any help.
I'm using FreeNas/TrueNas for the last 5 years , so can't say i don't know what im doing. Before yesterdays upgrade, i had TrueNas12-U2 installed and working without any issue, using SMB/iSCSI and Apple Shares with no issues whatsoever. Yesterday, i decided to upgrade to the latest version. After the upgrade, i was not able to access any of the SMB shares i have. Spent around 2 hours trying to get them working, and went as far as completely removing all ACLs from datasets as well as deleting the SMB shares and recreating them again - no luck.
Im running this VM at home, no LDAP, no AD, no fancy shmancy configs, no high performance tuning needed, just Simple SMB Sharing which just works like it did for 5 years before this update.
At this point, im running out of the ideas, tried with ACL, without ACL no difference, always get the same error from windows machine, either wrong username or password or can't connect to the share error.
Here is my very simple setup:
Here are the datasets i want to share, or even one of them, lets say DATA

I click on the "Edit Permissions" for DATA dataset, select my user "user" who is gonna own it, my group "Backups" which this and one more user are part of, and click on ACL manager, select OPEN preset (not that i want to but its open should be easy to get working right?) , click on "Apply permissions recursively" and hit SAVE

And here is the user page (except for the primary group, there would be the "user" own group obviously)

Now off to SMB server configuration, never had anything special there, default config always suited my humble needs:

Now the sharing tab for SMB

and

Share ACL, i never had to touch, neither need now i believe, all at default config

output from testparm -sa

Code:

root@freenas:/mnt/RaidZ-Vol/DATA # testparm -sa
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
        aio max threads = 2
        bind interfaces only = Yes
        disable spoolss = Yes
        dns proxy = No
        domain master = Yes
        enable web service discovery = Yes
        kernel change notify = No
        load printers = No
        logging = file
        max log size = 5120
        nsupdate command = /usr/local/bin/samba-nsupdate -g
        os level = 65
        preferred master = Yes
        registry shares = Yes
        restrict anonymous = 2
        server role = standalone server
        server string = FreeNAS Server
        unix extensions = No
        username map = /usr/local/etc/smbusername.map
        username map cache time = 60
        wins support = Yes
        idmap config *: range = 90000001-100000000
        fruit:nfs_aces = No
        idmap config * : backend = tdb
        directory name cache size = 0
        dos filemode = Yes
        smb encrypt = desired


[DATA]
        access based share enum = Yes
        comment = data share
        ea support = No
        level2 oplocks = No
        oplocks = No
        path = /mnt/RaidZ-Vol/DATA
        read only = No
        strict locking = Yes
        vfs objects = fruit streams_xattr shadow_copy_zfs noacl aio_fbsd
        fruit:resource = stream
        fruit:metadata = stream
        nfs4:chown = true
root@freenas:/mnt/RaidZ-Vol/DATA #

And here is the result trying to access the server by ip from windows "\\192.168.232.20":

Here is the error trying to access the actual share which is "\\192.168.232.20\DATA"

All discovery options are on as well


Any help would be greatly appreciated, as i said, i don't know what else to try. I'm working with linux/unix etc for over 20 years , and i had never have to spend more than 10 minutes configuring SMB sharing on any platform. Maybe im getting old.

 

[sretalla]

How have you specified that "user" should have access to the share and the files within it? (EDIT: I see your ACL image now, wasn't loading earlier).

I think it's as simple as that, you need to edit the ACL to give "user" some rights and apply it recursively in the filesystem too.

 

[spectrality]

I have, the "user" has "Full Control" permission on the share
All permissions were applied recursively

 

[anodos]

What's output of midclt call passdb.list?

 

[spectrality]

What's output of midclt call passdb.list?

Hmm, now this is interesting, i get a traceback and exception running this :(

Code:

root@freenas:~ # midclt call passdb.list
[ENOMETHOD] Service 'passdb' not found
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/middlewared/utils/service/call.py", line 20, in _method_lookup
    serviceobj = self.get_service(service)
  File "/usr/local/lib/python3.8/site-packages/middlewared/utils/__init__.py", line 441, in get_service
    return self._services_aliases[name]
KeyError: 'passdb'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/middlewared/main.py", line 319, in on_message
    serviceobj, methodobj = self.middleware._method_lookup(message['method'])
  File "/usr/local/lib/python3.8/site-packages/middlewared/utils/service/call.py", line 22, in _method_lookup
    raise CallError(f'Service {service!r} not found', CallError.ENOMETHOD)
middlewared.service_exception.CallError: [ENOMETHOD] Service 'passdb' not found

root@freenas:~ #

 

[anodos]

Hmm, now this is interesting, i get a traceback and exception running this :(

Code:

root@freenas:~ # midclt call passdb.list
[ENOMETHOD] Service 'passdb' not found
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/middlewared/utils/service/call.py", line 20, in _method_lookup
    serviceobj = self.get_service(service)
  File "/usr/local/lib/python3.8/site-packages/middlewared/utils/__init__.py", line 441, in get_service
    return self._services_aliases[name]
KeyError: 'passdb'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/middlewared/main.py", line 319, in on_message
    serviceobj, methodobj = self.middleware._method_lookup(message['method'])
  File "/usr/local/lib/python3.8/site-packages/middlewared/utils/service/call.py", line 22, in _method_lookup
    raise CallError(f'Service {service!r} not found', CallError.ENOMETHOD)
middlewared.service_exception.CallError: [ENOMETHOD] Service 'passdb' not found

root@freenas:~ #

Sorry, typo. midclt call smb.passdb_list.

 

[spectrality]

Sorry, typo. midclt call smb.passdb_list.

This one is empty for whatever reason, and definitely shouldn't be since as i understand this is the SMB password database

Code:

root@freenas:~ # midclt call smb.passdb_list
[]
root@freenas:~ #

 

[anodos]

This one is empty for whatever reason, and definitely shouldn't be since as i understand this is the SMB password database

Code:

root@freenas:~ # midclt call smb.passdb_list
[]
root@freenas:~ #

Yup. Let's try this one now. midclt call smb.synchronize_passdb. This will print out a job number that you can monitor with midclt call core.get_jobs | jq. If the job is successful, rerun the passdb_list command.

 

[spectrality]

Yup. Let's try this one now. midclt call smb.synchronize_passdb. This will print out a job number that you can monitor with midclt call core.get_jobs | jq. If the job is successful, rerun the passdb_list command.

Yes this worked,
Now when i run
midclt call smb.passdb_list

i see all the users in the list
I will try and see if the sharing started to work and will report back in a bit.
have to leave the house right now

thanks for all your help @anodos i really appreciate it

 

[spectrality]

I just recreated a share, same user, same group same everything as in the first post, restarted the SMB service but still the same issue with same errors.

@anodos midclt call smb.passdb_list lists the user that is the owner of the share and dataset:

Code:

root@freenas:~ # midclt call smb.passdb_list
[{"username": "user", "full_name": "user", "uid": "1001"}, ...................................................
.............................

 

[spectrality]

hmm, i just tried from another PC and now i can access the DATA share, but if i just want to browse the server like "\\192.168.232.20" still says invalid credentials

On my main PC i can't access either, maybe something cached in windows?

 

[spectrality]

on the main pc also tried:

Code:

C:\Windows\system32>net use /del *
There are no entries in the list.


C:\Windows\system32>

There is nothing cached

 

[spectrality]

this is getting more interesting, i can access shares now through Network Browsing,

but i can't do the same through \\ip.address\share or \\ip.address

Neither can i map a network drive.
Ill try to reboot windows when i can after im dont with work and see if something on windows side got screwed up

 

[anodos]

Try performing connection using smbclient on TrueNAS locally to verify that credentials / permissions are working as expected. smbclient //127.0.0.1/SHARE -U <username>

 

[spectrality]

This seems to work no issues:

Try performing connection using smbclient on TrueNAS locally to verify that credentials / permissions are working as expected. smbclient //127.0.0.1/SHARE -U <username>

Code:

root@freenas:~ # smbclient //127.0.0.1/DATA -U user
Enter WORKGROUP\users's password:
Try "help" to get a list of possible commands.
smb: \> dir
  .                                   D        0  Mon Apr 26 13:07:10 2021
  ..                                  D        0  Sun Nov 22 23:39:16 2020
  PICTURES                            D        0  Tue Mar 16 14:55:37 2021
  Media                               D        0  Sat Apr  3 16:51:18 2021
  SERVER_BACKUP                       D        0  Wed Nov  1 17:29:58 2017
  BACKUPS                             D        0  Sat Apr  3 16:30:31 2021
  VIDEOS                              D        0  Tue Dec 22 00:17:02 2020
  .DS_Store                          AH    18436  Sat Apr  3 16:30:36 2021
  WORK                                D        0  Sat Jul 11 09:00:25 2020


                3599578084 blocks of size 1024. 1652330710 blocks available
smb: \>

 

[anodos]

Run the command midclt call smb.status AUTH_LOG '[["Authentication.status", "!=", "NT_STATUS_OK"]]' | jq and see why auth is failing on Windows side (assuming it is).

 

[spectrality]

Seemed like windows computer was trying to login with windows account for some reason even though i have specified to login with the user/pass from freenas.
I have rebooted the windows PC seemed to be able to access shares now, ill play around with it for a bit more hope everything is working properly now.
Thanks a lot for all your help @anodos , really appreciate it.
Any idea why update wiped the SMB credential storage?

 

[anodos]

Seemed like windows computer was trying to login with windows account for some reason even though i have specified to login with the user/pass from freenas.
I have rebooted the windows PC seemed to be able to access shares now, ill play around with it for a bit more hope everything is working properly now.
Thanks a lot for all your help @anodos , really appreciate it.
Any idea why update wiped the SMB credential storage?

It's probably a bug in systemdataset setup on boot. It wasn't really wiped, just uninitialized. Reboot the NAS when you have a chance, and if it's broken again, PM me a debug.

 

[fahl]

Hey. :) I have the same problem after the upgrade to the latest version.

I have followed this thread through until the "smbclient //127.0.0.1/SHARE -U <username>" command.
But I get this as a result: "tree connect failed: NT_STATUS_BAD_NETWORK_NAME"

Also somehow my CPU usage is always between 80 and 100%. But only after I unlocked my pools (which are shown as healthy). This wasn't the case before the upgrade.

Hope you guys have an idea what I could do. (:

 

[anodos]

Try running command midclt call smb.configure