Unable to access SMB share, set AD permissions

[ctbalk]

I updated TrueNAS from 12.0-U8.1 to 13.0-U3.1 and am running into two share issues.

1. I lost the ability to connect to a SMB share (not through AD) from my backup server. Just to note, this was working fine until I performed the update yesterday afternoon. When I try to connect I get the following:

"There are currently no logon servers available to service the logon request"

I tried recreating associated user and group, striping the ACLs, then reassigning those permissions to the dataset, recreating the samba share, rebooting the NAS. Anything I'm missing?

2. This might be/probably is related to 1. I have other datasets that are assigned permissions through Active Directory. I actually can access these but this is what I see for the assigned permissions:

Obviously, they should read like "ad.contoso.com\share". Oddly, I can access these shares just fine even with the weird numerical user/group id. In the user or group dropdown, I can see all my AD users and groups but when I try to assign a user, it throws this error:

My first thought was to roll back to 12.0-U8 but that just kicks the can down the road to when I'm forced to update, plus, foregoing any new features.

 

[Johnny Fartpants]

I would take a look at your AD idmap backend and ranges and compare between 12 and 13. I had to change mine from 11 to 13 as the defaults changed.

 

[ctbalk]

I would take a look at your AD idmap backend and ranges and compare between 12 and 13. I had to change mine from 11 to 13 as the defaults changed.

Thank you, I'll take a look!

 

[ctbalk]

I think this is OK?

 

[ctbalk]

I striped the ACLs from one of the AD datasets, then reassigned a AD user and group. This is what I got:

 

[Johnny Fartpants]

Are your ranges right? Mine weren’t so needed to change them.

 

[Johnny Fartpants]

I changed mine to Low 20000 High 90000000 which is what is was set in 11.

 

[ctbalk]

Sorry, I didn't set this up. I don't know where to find or verify those values.

 

[Johnny Fartpants]

Might be worth changing it to see if it works and if not you can always change it back.

 

[ctbalk]

Tried the wider range but getting the same message:

 

[ctbalk]

Got a little further with the AD issue. When I disabled and enabled AD in directory services, I got this:

So its a credential issue, but why would we get auth errors after an update when nothing changed there?

 

[ctbalk]

Looking into permissions - I reset the password in TrueNAS and AD, (none of this should have changed over the update, but why not?) still no dice.

I can ping the domain from the shell and I the time is perfectly synced with the DC.

 

[ctbalk]

I did resolve issue #2 by creating a new account in AD, it took a little time for AD to replicate but it eventually worked! Whew. I'm guessing TrueNAS didn't like something about the old user account or GID issue. Shouldn't have but yeah.

On to issue #1... I'm liking this new account idea.

 

[ctbalk]

New user account in TrueNAS fixed the issue. Am able to connect from our non AD joined backup server to truenas SMB share. Joy!