Upgrading from 11.3 U5 => 12.0 has broken shares and I can't figure out how to fix them.

[5hiftyy]

I upgraded last Monday after doing some reading and seeing some good reviews. The upgrade went smoothly, and all the plugins seemed to be behaving properly. I attempted to access the SMB shares from my Windows 10 1903 computer per usual, but they were met with the error seen in Picture 1.

I dug around and found that my previous (terrible) habit of using root as my share accessing user was finally being forced to change. Not to worry, just create a new user. So I did, and made them owner of the requisite data sets. Still no access.

I also went through various Windows 10 settings enabling insecure guest logons etc, although that didn't seem to help any. I ended up figuring it was an upgrade bug, so I saved the config and went with a clean install + old config instead. Same issue persisted. I decided to do clean install AND brand-new setup, and that didn't change anything either. Stripping existing ACLs, making new ones, changing hostname/NetBIOS name, assigning new owner/permissions via CLI... Nothing has worked so far.

I've gotten PLEX and Tautulli running again, and they can both access the PLEX share, but I still can't login to the shares via my File Explorer or any other explorer on Windows 10 or Android. I didn't have any of these issues previously with 11.3 U5, and I WOULD roll back if not for the fact that I already updated my PLEX library pool... which was stupid of me. I'd rather not destroy 3TB of media, only because I don't want to gather it all again. The critical files are all on the pool that HAS NOT been updated yet, so I can revert still if necessary. I DO have a backup of the important data, though it's about 4wks out of date and I did a lot of reorganizing prior to this debacle so I'd rather recover this.

Debug file is attached as well.

System:
2x Xeon L5640
32GB RAM
Intel SC5520HC Motherboard
LSI IBM ServeRaid M1015 9220-8i Controller in IT Mode
ESXi 6.5

TrueNAS VM:
8x CPUs
16gb RAM
LSI Controller
20GB Boot Partition (SSD)

Drives:
4x 2TB Seagate (1 Pool; 1 Dataset; 1 SMB Share) - Personal Files
6x 1TB WD RE4 (1 Pool; 1 Dataset; 1 SMB Share) - PLEX pool
1x 100GB virtual partitioned SSD Storage (iocage, system dataset, etc) 500gb WD Blue SATA

 

[anodos]

Code:

  {"timestamp": "2020-10-29T21:13:54.963844-0700", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.0.56:445", "remoteAddress": "ipv4:192.168.0.39:59174", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "rjenkins", "workstation": "STYX", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "rjenkins", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 3334}}
  {"timestamp": "2020-10-29T21:13:56.015292-0700", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.0.56:445", "remoteAddress": "ipv4:192.168.0.39:59176", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "rjenkins", "workstation": "STYX", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "rjenkins", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 3339}}
  {"timestamp": "2020-10-29T21:18:58.526030-0700", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_WRONG_PASSWORD", "localAddress": "ipv4:192.168.0.56:445", "remoteAddress": "ipv4:192.168.0.39:50536", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "rjenkins", "workstation": "STYX", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "rjenkins", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 3322}}
  {"timestamp": "2020-10-29T21:19:05.734800-0700", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.0.56:445", "remoteAddress": "ipv4:192.168.0.39:50545", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "rjenkins", "workstation": "STYX", "becameAccount": "rjenkins", "becameDomain": "TRUENAS", "becameSid": "S-1-5-21-1413562809-1920715847-4041261626-1001", "mappedAccount": "rjenkins", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 5692}}
  {"timestamp": "2020-11-02T21:17:06.058012-0800", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.0.96:445", "remoteAddress": "ipv4:192.168.0.68:57878", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "root", "workstation": "STYX", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "root", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 3410}}
  {"timestamp": "2020-11-02T21:27:48.374329-0800", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.0.96:445", "remoteAddress": "ipv4:192.168.0.68:58304", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "russell.jenkins017@live.com", "workstation": "STYX", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "russell.jenkins017@live.com", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 7042}}
  {"timestamp": "2020-11-02T21:30:35.852130-0800", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.0.96:445", "remoteAddress": "ipv4:192.168.0.68:58392", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "russell.jenkins017@live.com", "workstation": "STYX", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "russell.jenkins017@live.com", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 2753}}

Client from 192.168.0.39 struggles getting the right password (eventually succeeding). 192.168.0.68 keeps sending the wrong username.

 

[5hiftyy]

That may have been me with 1am brain trying all sorts of combinations of passwords or usernames. I had reset the password for user rjenkins prior to a restart, and Was grasping at straws with the whole mapping thing.

This is the debug after successfully connecting and mapping the network drive this morning. I now have it successfully mapped, but it is still throwing the same error as before. I'm looking at the auth_audit.log and can't find anything that says TrueNAS is rejecting the login?

 

[anodos]

Code:

[2020/11/03 07:15:10.046243,  0] ../../source3/smbd/service.c:183(chdir_current_service)
  chdir_current_service: vfs_ChDir(/mnt/KNOX/RJ) failed: Permission denied. Current token: uid=1000, gid=1000, 5 groups: 1000 545 90000001 90000002 90000004

Now the password isn't being rejected, but your user doesn't have permissions.

Code:

Mountpoint ACL:
# file: /mnt/KNOX
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

Specifically, it looks like we've had a "chmod 770" on /mnt/KNOX. Your feet are cut out from under yourself. Run following command: chmod 755 /mnt/KNOX

 

[5hiftyy]

That solved it. You're a legend. Worked on both shares I couldn't access before. I had tried to use the chmod 777/775 commands previously, I guess this is my inexperience showing.

Thank you SO much for your help!

 

[5hiftyy]

Code:

[2020/11/03 07:15:10.046243,  0] ../../source3/smbd/service.c:183(chdir_current_service)
  chdir_current_service: vfs_ChDir(/mnt/KNOX/RJ) failed: Permission denied. Current token: uid=1000, gid=1000, 5 groups: 1000 545 90000001 90000002 90000004

Now the password isn't being rejected, but your user doesn't have permissions.

Code:

Mountpoint ACL:
# file: /mnt/KNOX
# owner: root
# group: wheel
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

Specifically, it looks like we've had a "chmod 770" on /mnt/KNOX. Your feet are cut out from under yourself. Run following command: chmod 755 /mnt/KNOX

Would you also mind letting me know which log file you looked at to find the info? I'd like to be able to check this in the future if I ever run into this again. Thank you again!!

 

[anodos]

/var/log/samba4/log.smbd