Time Machine fails to authenticate with NAS back-up disk

[Glen356]

Hi all,

I am using an iXsystems FreeNAS Mini-2.0 running TrueNAS-12.0-U1.1. My problem is connecting to the NAS time-machine share. My new laptop can find the NAS share, but attempts to connect have failed to an error authenticating with the username and password I created in my NAS.

The username was confirmed using the TrueNAS GUI (Accounts > Users) and I re-entered the password just in case: Even so, every attempt to connect fails to the error authenticating message. Here is the message in full: "Time Machine can't connect to the backup disk. There was an error authenticating with the provided username and password."

What I have done or tried so far:
o restarting the SMB service on the NAS
o restarting the whole NAS
o re-entered the user password
o reviewed the user account, group, dataset, and time-machine share
o listed the SMB permissions
o successfully ssh into NAS using the time machine username and password
o reviewed TrueNAS GUI (System > Advanced > Save Debug)
o ensured caps-lock not engaged ;)

My assumption is SMB is failing the username and password authentication. Any ideas how to overcome this problem?

 

[stanamas]

Same here. Have solved this issue?

Thanks

 

[seanm]

It's likely a permissions issue. But to rule out Time Machine, can you connect to the share using Finder?

 

[stanamas]

Thanks for the reply.
Yes it must be the permission. I can login using my iphone File app but it says no permission.

We'll take a look at the permission. Thanks for pointing that out.

 

[anodos]

Can you upgrade to latest 12 release and then retry?

 

[stanamas]

Can you upgrade to latest 12 release and then retry?

I am using
Version:
TrueNAS-12.0-U2.1

 

[anodos]

I am using
Version:
TrueNAS-12.0-U2.1

Can you post output of "testparm -s"?

 

[stanamas]

root@nas[~]# testparm -s
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
client NTLMv2 auth = No
disable spoolss = Yes
dns proxy = No
enable web service discovery = Yes
kernel change notify = No
load printers = No
logging = file
max log size = 5120
netbios name = TRUENAS
nsupdate command = /usr/local/bin/samba-nsupdate -g
ntlm auth = ntlmv1-permitted
registry shares = Yes
restrict anonymous = 2
server min protocol = NT1
server role = standalone server
server string = TrueNAS Server
username map = /usr/local/etc/smbusername.map
username map cache time = 60
server string = TrueNAS Server
idmap config *: range = 90000001-100000000
fss:prune stale = true
rpc_daemon:fssd = fork
fruit:nfs_aces = No
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes

fruit:nfs_aces = No
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes


[Timemachine (STMBP)]
access based share enum = Yes
ea support = No
kernel share modes = No
mangled names = no


Anything that I missed?

Thanks

 

[anodos]

root@nas[~]# testparm -s
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
client NTLMv2 auth = No
disable spoolss = Yes
dns proxy = No
enable web service discovery = Yes
kernel change notify = No
load printers = No
logging = file
max log size = 5120
netbios name = TRUENAS
nsupdate command = /usr/local/bin/samba-nsupdate -g
ntlm auth = ntlmv1-permitted
registry shares = Yes
restrict anonymous = 2
server min protocol = NT1
server role = standalone server
server string = TrueNAS Server
username map = /usr/local/etc/smbusername.map
username map cache time = 60
server string = TrueNAS Server
idmap config *: range = 90000001-100000000
fss:prune stale = true
rpc_daemon:fssd = fork
fruit:nfs_aces = No
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes

fruit:nfs_aces = No
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes


[Timemachine (STMBP)]
access based share enum = Yes
ea support = No
kernel share modes = No
mangled names = no


Anything that I missed?

Thanks

The share definition appears to be incomplete. Can you post it in the entirety?

 

[stanamas]

The share definition appears to be incomplete. Can you post it in the entirety?

Ouch, sorry about that.


Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
client NTLMv2 auth = No
disable spoolss = Yes
dns proxy = No
enable web service discovery = Yes
kernel change notify = No
load printers = No
logging = file
max log size = 5120
netbios name = TRUENAS
nsupdate command = /usr/local/bin/samba-nsupdate -g
ntlm auth = ntlmv1-permitted
registry shares = Yes
restrict anonymous = 2
server min protocol = NT1
server role = standalone server
server string = TrueNAS Server
username map = /usr/local/etc/smbusername.map
username map cache time = 60
idmap config *: range = 90000001-100000000
fss:prune stale = true
rpc_daemon:fssd = fork
fruit:nfs_aces = No
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes


[Timemachine (STMBP)]
access based share enum = Yes
ea support = No
kernel share modes = No
mangled names = no
path = /mnt/bigdata/timemachine
posix locking = No
read only = No
vfs objects = zfs_fsrvp catia fruit streams_xattr shadow_copy_zfs ixnas aio_fbsd
fruit:locking = none
fruit:time machine = yes
fruit:resource = stream
fruit:metadata = stream
fruit:encoding = native
nfs4:chown = true
shadow:include = fss-*
shadow:ignore_empty_snaps = false

 

[anodos]

Uncheck the "Enable FSRVP" checkbox. Restart SMB. If it still doesn't work, post output of getfacl /mnt/bigdata and getfacl /mnt/bigdata/timemachine.

 

[stanamas]

Still not working, and FSRVP was checked before and just to make sure, I unchecked/checked and saved it again and restart the whole server.



getfacl /mnt/bigdata

Code:

root@nas[~]# getfacl /mnt/bigdata
# file: /mnt/bigdata
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:rw-p--a-R-c--s:-------:allow
         everyone@:rw-p--a-R-c--s:-------:allow
root@nas[~]#

getfacl /mnt/bigdata/timemachine

Code:

root@nas[~]# getfacl /mnt/bigdata/timemachine
# file: /mnt/bigdata/timemachine
# owner: tmachine
# group: tmachine
            group@:rwxpDdaARWcCos:-------:allow
         everyone@:rwxpDdaARWcCos:-------:allow
            owner@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow

 

[anodos]

FSRVP should not be enabled on a time machine share.

 

[stanamas]

Sorry. Unchecked the FSRVP, restart the SMB and the server. Still not working. Please see the output.

Code:

root@nas[~]# getfacl /mnt/bigdata
# file: /mnt/bigdata
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:rw-p--a-R-c--s:-------:allow
         everyone@:rw-p--a-R-c--s:-------:allow

Code:

root@nas[~]# getfacl /mnt/bigdata/timemachine
# file: /mnt/bigdata/timemachine
# owner: tmachine
# group: tmachine
            group@:rwxpDdaARWcCos:-------:allow
         everyone@:rwxpDdaARWcCos:-------:allow
            owner@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow

 

[anodos]

Sorry. Unchecked the FSRVP, restart the SMB and the server. Still not working. Please see the output.

Code:

root@nas[~]# getfacl /mnt/bigdata
# file: /mnt/bigdata
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:rw-p--a-R-c--s:-------:allow
         everyone@:rw-p--a-R-c--s:-------:allow

Code:

root@nas[~]# getfacl /mnt/bigdata/timemachine
# file: /mnt/bigdata/timemachine
# owner: tmachine
# group: tmachine
            group@:rwxpDdaARWcCos:-------:allow
         everyone@:rwxpDdaARWcCos:-------:allow
            owner@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow

Looks like you should be able to write. Now let's check how you're authenticating. Try to connect then run the command midclt call smb.status AUTH_LOG | jq. That should show your last authentication attempt and why it failed.

 

[stanamas]

Here is the output from midclt call smb.status AUTH_LOG | jq

Code:

"timestamp": "2021-03-12T19:50:49.572014+0700",
  "type": "Authentication",
  "Authentication": {
    "version": {
      "major": 1,
      "minor": 2
    },
    "eventId": 4624,
    "logonId": "0",
    "logonType": 3,
    "status": "NT_STATUS_OK",
    "localAddress": "ipv4:192.168.88.2:445",
    "remoteAddress": "ipv4:192.168.88.115:56754",
    "serviceDescription": "SMB2",
    "authDescription": null,
    "clientDomain": "TRUENAS",
    "clientAccount": "tmachine",
    "workstation": "STMBP15",
    "becameAccount": "tmachine",
    "becameDomain": "TRUENAS",
    "becameSid": "S-1-5-21-3398882620-549475358-1238998550-1025",
    "mappedAccount": "tmachine",
    "mappedDomain": "TRUENAS",
    "netlogonComputer": null,
    "netlogonTrustAccount": null,
    "netlogonNegotiateFlags": "0x00000000",
    "netlogonSecureChannelType": 0,
    "netlogonTrustAccountSid": null,
    "passwordType": "NTLMv2",
    "duration": 1003438

 

[seanm]

FSRVP should not be enabled on a time machine share.

It'd be nice if the UI forbade, or at least warned against, such combinations... :)

 

[stanamas]

Hi all,

I am using an iXsystems FreeNAS Mini-2.0 running TrueNAS-12.0-U1.1. My problem is connecting to the NAS time-machine share. My new laptop can find the NAS share, but attempts to connect have failed to an error authenticating with the username and password I created in my NAS.

The username was confirmed using the TrueNAS GUI (Accounts > Users) and I re-entered the password just in case: Even so, every attempt to connect fails to the error authenticating message. Here is the message in full: "Time Machine can't connect to the backup disk. There was an error authenticating with the provided username and password."

What I have done or tried so far:
o restarting the SMB service on the NAS
o restarting the whole NAS
o re-entered the user password
o reviewed the user account, group, dataset, and time-machine share
o listed the SMB permissions
o successfully ssh into NAS using the time machine username and password
o reviewed TrueNAS GUI (System > Advanced > Save Debug)
o ensured caps-lock not engaged ;)

My assumption is SMB is failing the username and password authentication. Any ideas how to overcome this problem?

I felt that I had hijacked your thread. Sorry, man.
SMB still not working for me. Hope for the better in the next release of Truenas

 

[stanamas]

Finally I got this working.

chmod 755 /mnt/bigdata
My SMB folder is /mnt/bigdata/timemachine/stmbp

 

[Glen356]

No worries. Without your input it looks like this would have been a one comment thread. Ha ha

Appreciate your input and glad to hear you got it working. Although my pool permissions match what you changed yours to...other directory permissions do not....fingers crossed. Thank you stanamas and also a shout out to anodos as well.