SMB + Windows 2022 AD + Home Directories. Permission problems

[ljvb]

I am running U5
I am having a problem with setting up and connecting to the shares. Additionally, I keep getting AD faults periodically, as well as smbd core dumping.
I follow the instructions here tohttps://www.truenas.com/docs/core/sharing/smb/homeshare/ to create the basic setup.
After I do that, I attempt to connect to the share, and apparently Samba creates a new directory based on the name.
After the first step, creating the dataset.

root@storage[/mnt/GeneralRaidz]# getfacl home_share
file: home_share
# owner: root
# group: wheel
group@:rwxpDdaARWc--s:-------:allow
everyone@:--x---a-R-c---:-------:allow
owner@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

sidenote: while typing this up, AD faulted again.
Sep 21 23:26:09 storage kernel: pid 75448 (smbd), jid 0, uid 0: exited on signal 6 (core dumped)

After creating the share, again, following the instructions linked above

root@storage[/mnt/GeneralRaidz]# getfacl home_share
# file: home_share
# owner: root
# group: wheel
group@:rwxpDdaARWc--s:-------:allow
everyone@:--x---a-R-c---:-------:allow
owner@:rwxpDdaARWcCos:fd-----:allow
everyone@:--------------:fd-----:allow

SMB configuration is stock, except for disabling local master.
I restart the SMB Service.
home_share is the dataset and the directory for the share., this is what it looks like before I attempt to connect to the share with a windows machine.

root@storage[/mnt/GeneralRaidz/home_share]# ls -la
total 1
drwxrwx--x+ 2 root wheel 2 Sep 22 01:36 .
drwxr-xr-x 5 root wheel 5 Sep 22 01:36 ..
root@storage[/mnt/GeneralRaidz/home_share]#

Now I connect from a windows 10 machine, and I get a permissions denied, and an additional directory is created by the system (I am guessing the SMB process), which is my domain name

chdir_current_service: vfs_ChDir(/mnt/GeneralRaidz/home_share/VBN/jason) failed: Permission denied. Current token: uid=100001104, gid=100000514, 6 groups: 100001104 100000514 90000018 90000019 90000021 90000002

root@storage[/mnt/GeneralRaidz/home_share]# ls -la
total 2
drwxrwx--x+ 3 root wheel 3 Sep 22 01:46 .
drwxr-xr-x 5 root wheel 5 Sep 22 01:36 ..
drwx------+ 3 root wheel 3 Sep 22 01:46 VBN

Permission of newly created dir.

root@storage[/mnt/GeneralRaidz/home_share]# getfacl VBN
# file: VBN
# owner: root
# group: wheel
owner@:rwxpDdaARWcCos:fd----I:allow
everyone@:--------------:fd----I:allow

This is where I am stuck. I did manage at some point to change the permissions of the VBN folder manually to allow access, and it worked, but I forgot to document the exact steps, because when I tried to recreate it that fix, I was not able to replicate it.

 

[ljvb]

Bump and update..

I went back to Server 2019, same result..

Anyone have any ideas...

 

[Vertigo 7]

Do you have TrueNAS AD joined? Only reason I'm asking is I've not run into any problems with 2019 and shares (haven't tried 2022, yet). All of my shares are accessed with AD accounts.

 

[ljvb]

Still no luck :(

This is annoying. Followed the Truenas documents to the letter..

 

[anodos]

Still no luck :(

This is annoying. Followed the Truenas documents to the letter..

Use the `HOME` preset for ACL and set the `group` to Domain Users.

 

[ljvb]

Use the `HOME` preset for ACL and set the `group` to Domain Users.

I already did that, even though the instructions actually state Domain Admins.

 

[ljvb]

Use the `HOME` preset for ACL and set the `group` to Domain Users.

This is my current error.. What is weird.. there is one user that works, the nextcloud service account I created in AD. All the AD accounts are the same, and in the same groups, but my test users are not working

chdir_current_service: vfs_ChDir(/mnt/GeneralRaidz/home_dir/VBN/z-jason) failed: Permission denied. Current token: uid=100001105, gid=100000514, 13 groups: 100001105 100000514 100001111 100000513 100001123 100001122 100001116 100000573 90000018 90000019 90000021 90000002 90000001


[2021/10/04 14:45:00.082672, 0] ../../source3/smbd/service.c:171(chdir_current_service)


chdir_current_service: vfs_ChDir(/mnt/GeneralRaidz/home_dir/VBN/z-jason) failed: Permission denied. Current token: uid=100001105, gid=100000514, 13 groups: 100001105 100000514 100001111 100000513 100001123 100001122 100001116 100000573 90000018 90000019 90000021 90000002 90000001


[2021/10/04 14:45:00.082798, 0] ../../source3/smbd/service.c:183(chdir_current_service)


chdir_current_service: vfs_ChDir(/mnt/GeneralRaidz/home_dir/VBN/z-jason) failed: Permission denied. Current token: uid=100001105, gid=100000514, 13 groups: 100001105 100000514 100001111 100000513 100001123 100001122 100001116 100000573 90000018 90000019 90000021 90000002 90000001

 

[ljvb]

and right after I posted this...

It appears that the directory created based on the domain never did get the appropriate group
root@storage[/mnt/GeneralRaidz/home_dir is the pool and set to Home Dir in the ACL config.
root@storage[/mnt/GeneralRaidz/home_dir/VBN is the directory that gets automatically added (domain), automatically by Samba, but the permission was never set correctly, I changed group ownership to domain users manually on the console, and it appears to work. I have to make sure it does not hose up the permissions of the users, but we will see.