TrueNAS 13-RC1 - Invalid Parameter when Setting Permissions from Windows Client

Dan Werntz · Apr 29, 2022

I was testing moving to TrueNAS 13 on a fresh install of RC1 and a new disk when I ran into this issue with SMB permissions. I have this NAS joined to an AD domain which works fine. I added a new dataset and set the ACL from the TrueNAS GUI, which also works fine. I added the share and turned on SMB, again no problems. I accessed the share from a Windows 11 machine with no issue then created a folder which received all of the inherited permissions as expected. When I go to properties and try to add a user or group or modify any permission I am met with "The parameter is incorrect."

I tried the exact same exercise with TrueNAS-12.0-U8.1 and it works properly.

anodos · Apr 29, 2022

This is a bug that will be fixed in 13.0 release.

NAS-115969 / 22.02 / Permit case-insensitive renames · truenas/samba@378853f

Add additional logic in source3/smbd/reply.c for case where destination file exists, i.e. stat(2) for file does not fail with ENOENT. In this case, compare inode numbers of the two files and if ...

github.com

wkn · May 1, 2022

Try to set in auxiliary option for SMB service:

inherit acls = yes
map acl inherit = yes

and restart SMB

anodos · May 1, 2022

wkn said:
Try to set in auxiliary option for SMB service:

inherit acls = yes
map acl inherit = yes

and restart SMB

No. Those are incorrect parameters.

anodos · May 1, 2022

It was a logic error in the set_nt_acl() function in vfs_ixnas in 13.0-RC1. Should be fixed in next nightly build and for release in 13.0. ZFS automatically calculates inherited ACLs when a new object is created. Users should not be using those options.

wkn · May 2, 2022

You don't need to use these options if you don't want to or find them wrong, but it worked for me after update to 13.0-RC and gotten the same issue in Windows 10 devices.

wkn · May 10, 2022

Issue still NOT solved with 13.0-RELEASE.

Without set the two auxiliary options, inheritance is still broken on SMB shares. Even owner of new files gets no full access as set by ACLs.

So for me, options stay in effect at this moment.

tiberiusQ · May 10, 2022

wkn said:
Issue still NOT solved with 13.0-RELEASE.

Without set the two auxiliary options, inheritance is still broken on SMB shares. Even owner of new files gets no full access as set by ACLs.

So for me, options stay in effect at this moment.

Are u serious ?

Try > strip acls and try again (...)

anodos · May 10, 2022

I'd have to see a debug with clear explanation of how to reproduce the issue.

anodos · May 10, 2022

Code:

root@truenas[/mnt/dozer/SMB]# getfacl .
# file: .
# owner: 100001106
# group: wheel
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWc--s:fd-----:allow
group:builtin_users:rwxpDdaARWc--s:fd-----:allow
         everyone@:--------------:fd-----:allow
root@truenas[/mnt/dozer/SMB]# smbclient //127.0.0.1/SMB -U smbuser%Cats -c 'mkdir newdir'
root@truenas[/mnt/dozer/SMB]# getfacl newdir
# file: newdir
# owner: smbuser
# group: wheel
            owner@:rwxpDdaARWcCos:fd----I:allow
            group@:rwxpDdaARWc--s:fd----I:allow
group:builtin_users:rwxpDdaARWc--s:fd----I:allow
         everyone@:--------------:fd----I:allow
root@truenas[/mnt/dozer/SMB]# mkdir localdir
root@truenas[/mnt/dozer/SMB]# getfacl localdir
# file: localdir
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd----I:allow
            group@:rwxpDdaARWc--s:fd----I:allow
group:builtin_users:rwxpDdaARWc--s:fd----I:allow
         everyone@:--------------:fd----I:allow

Directory created over SMB has same inherited ACL as one created locally.

anodos · May 10, 2022

Code:

root@truenas[/tmp]# touch smbtestfile                                              
root@truenas[/tmp]# smbclient //127.0.0.1/SMB -U smbuser%Cats -c 'PROMPT OFF;mput smbtestfile'
putting file smbtestfile as \smbtestfile (0.0 kb/s) (average 0.0 kb/s)
root@truenas[/tmp]# getfacl /mnt/dozer/SMB/smbtestfile                                        
# file: /mnt/dozer/SMB/smbtestfile
# owner: smbuser
# group: wheel
            owner@:rwxpDdaARWcCos:------I:allow
            group@:rwxpDdaARWc--s:------I:allow
group:builtin_users:rwxpDdaARWc--s:------I:allow
         everyone@:--------------:------I:allow
root@truenas[/tmp]# touch /mnt/dozer/SMB/localtestfile
root@truenas[/tmp]# getfacl /mnt/dozer/SMB/localtestfile 
# file: /mnt/dozer/SMB/localtestfile
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:------I:allow
            group@:rwxpDdaARWc--s:------I:allow
group:builtin_users:rwxpDdaARWc--s:------I:allow
         everyone@:--------------:------I:allow

File created over SMB has same ACL inherited that locally created one does.

Important Announcement for the TrueNAS Community.

TrueNAS 13-RC1 - Invalid Parameter when Setting Permissions from Windows Client

Dan Werntz

Cadet

anodos

Sambassador

NAS-115969 / 22.02 / Permit case-insensitive renames · truenas/samba@378853f

wkn

Dabbler

anodos

Sambassador

anodos

Sambassador

wkn

Dabbler

wkn

Dabbler

tiberiusQ

Contributor

anodos

Sambassador

anodos

Sambassador

anodos

Sambassador

Similar threads