Access denied when connecting to share

somonenew

Dabbler
Joined
Nov 5, 2019
Messages
13
So wierd. I have run the command you said above and tried again. This tie I get the the login box (but no immediate error). But I still cant login, all I get is access denied. Tried root and my Username.

Going to blow away this VM and start again
 

DAKnn

Cadet
Joined
Nov 15, 2019
Messages
3
Hello!
I have the same problem
11.2 U5 - work fine.
11.2 U6 - smb is broken
user spp
group spp
share spp - /mnt/bp1/spp

log:
2] ../source3/param/loadparm.c:2815(lp_do_section) Processing section "[bdc]"
2] ../source3/param/loadparm.c:2815(lp_do_section) Processing section "[spp]"
2] ../source3/auth/auth.c:316(auth_check_ntlm_password) check_ntlm_password: authentication for user [spp] -> [spp] -> [spp] succeeded
1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record!
1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers) pcap cache not loaded
1] ../source3/printing/printer_list.c:234(printer_list_get_last_refresh) Failed to fetch record!
1] ../source3/smbd/server_reload.c:64(delete_and_reload_printers) pcap cache not loaded
2] ../source3/smbd/service.c:849(make_connection_snum) pc (ipv4:192.168.0.7:57318) connect to service spp initially as user spp (uid=1002, gid=1001) (pid 41278)
0] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed!
0] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed!
0] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed!
0] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed!
 

Attachments

  • Screenshot_2.png
    Screenshot_2.png
    15.6 KB · Views: 427

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
0] ../source3/smbd/uid.c:453(change_to_user_internal) change_to_user_internal: chdir_current_service() failed!

This means you've stripped permissions to traverse from /mnt/bp1. setfacl -m everyone@rxaRc::allow /mnt/bp1
 

bpak

Cadet
Joined
Nov 22, 2019
Messages
2
Hi,

I can confirm the exact same issue with a fresh install of 11.2-U6, during which I initialized a brand new dataset (/mnt/tank/).
I ended having no permissions for "everyone@" on this new dataset:
Code:
 everyone@:--------------:-------:allow


This actually led to this issue with shares (and days of investigations...): access was possible by the owner or group, but all other permissions were ineffective.
I got plently of those entries in /var/log/samba4/log.smbd:
Code:
[2019/11/22 10:05:41.351965,  0] ../source3/smbd/uid.c:453(change_to_user_internal)
  change_to_user_internal: chdir_current_service() failed!


As suggested above, I just applied the proposed workaround:

Code:
# set default permissions
setfacl -m everyone@:rxaRc:d:allow /mnt/tank01/
setfacl -m everyone@:rxaRc:d:allow /mnt/tank01/nas
# propagate to the whole "nas" dataset
winacl -a clone -rv -p /mnt/tank01/nas

And it seems to work perfectly now.

I'm new to Freenas, so maybe I did a mistake that broke the default ACL... but frankly I can't remember touching anything on ACL before facing this issue.

Do you think there could be an actual issue with ACL initialization on newly created datasets, using v11.2-U6 (and U7 possibly)?
 

bpak

Cadet
Joined
Nov 22, 2019
Messages
2
to be more precise : I created a new pool from this freshly installed 11.2-U6. The main dataset (/mnt/tank01) is the one initialized from there, and I suppose it didn't get the proper permissions for 'everyone@' automatically.
Strange I know, but...
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
to be more precise : I created a new pool from this freshly installed 11.2-U6. The main dataset (/mnt/tank01) is the one initialized from there, and I suppose it didn't get the proper permissions for 'everyone@' automatically.
Strange I know, but...
That's a design feature. The default ACL for an SMB share does not grant world read access. We have a very large number of TrueNAS servers deployed in enterprise environments where granting world read access by default is unacceptable. 11.3 has an ACL manager that will allow you to fine-tune the permissions however you like from the webui.
 

therealego

Cadet
Joined
Dec 1, 2022
Messages
4
Same issue, everything was working perfectly fine yesterday and no configuration changes were made. This morning I just happened to notice my network storage locations in Win10 were disconnected so I tried remapping and was met with said problem. Credentials that worked perfectly all day after installing just suddenly fail seemingly out of nowhere. The only thing I could think that possibly had some bearing was the fact that I set up a port forward this morning to access nextcloud remotely but I disabled the forward and still nothing. I’ve ran both “setfacl” commands, pointing them at the correct directories for my configuration and still nothing.

Attached is the output of “getfacl” for the mount point and subdirectory in question.

Not only can I not access the specific path to the “NAS” dataset, I can’t even access the parent directory of all datasets via my server’s local IP or hostname “truenas.local” as I was able to before.

Any help is greatly appreciated, seems as if many user’s configurations are breaking for seemingly no reason.
 

Attachments

  • image.jpg
    image.jpg
    415.3 KB · Views: 155
Top