grinder.madman
Cadet
- Joined
- May 1, 2022
- Messages
- 2
24 hours ago my TrueNAS-12.0-U8.1 SMB shares were working perfectly by after making some changes to permissions the shares no longer work. I've spent 24h trying to get it back to a working state a including replicating the earlier settings but nothing is working.
Have Tried the following:
rebuiling the users/groups/shares from scratch.
multiple windows 10 clients, and using various users.
As best I can tell, my ACLs, users and groups seem OK. But I get access denied on
2 of 3 shares . The 2 that fail are in a subfolder off the main dataset
Followed many forum post solutions
I can login into the truenas server, but see the follow error in the log.smbd
and auth_audit.log
Any help greatly appreciated,
testparm output below:
smbstatus
Have Tried the following:
rebuiling the users/groups/shares from scratch.
multiple windows 10 clients, and using various users.
As best I can tell, my ACLs, users and groups seem OK. But I get access denied on
2 of 3 shares . The 2 that fail are in a subfolder off the main dataset
Followed many forum post solutions
I can login into the truenas server, but see the follow error in the log.smbd
Code:
[2022/05/02 01:37:17.249770, 0] ../../source3/smbd/service.c:169(chdir_current_service) chdir_current_service: vfs_ChDir(/mnt/mainstor/transfer/store4) failed: Permission denied. Current token: uid=1001, gid=1002, 6 groups: 545 1001 1002 90000040 90000041 90000043
and auth_audit.log
Code:
{"timestamp": "2022-05-02T01:37:12.780751+1200", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.0.101:445", "remoteAddress": "ipv4:192.168.0.57:64075", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "UE4-SERVE", "clientAccount": "glen", "workstation": "UE4-SERVE", "becameAccount": "glen", "becameDomain": "TRUENAS", "becameSid": null, "mappedAccount": "Matt", "mappedDomain": ".", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 1757}}Any help greatly appreciated,
testparm output below:
Code:
# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
disable spoolss = Yes
dns proxy = No
enable web service discovery = Yes
kernel change notify = No
load printers = No
logging = file
max log size = 5120
nsupdate command = /usr/local/bin/samba-nsupdate -g
registry shares = Yes
restrict anonymous = 2
server role = standalone server
server string = TrueNAS Server
unix extensions = No
idmap config *: range = 90000001-100000000
fruit:nfs_aces = No
idmap config * : backend = tdb
directory name cache size = 0
dos filemode = Yes
[store4]
access based share enum = Yes
ea support = No
kernel share modes = No
mangled names = no
path = /mnt/mainstor/transfer/store4
posix locking = No
read only = No
vfs objects = catia fruit streams_xattr shadow_copy_zfs noacl recycle crossrename aio_fbsd
recycle:subdir_mode = 0700
recycle:directory_mode = 0777
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/%U
fruit:resource = stream
fruit:metadata = stream
fruit:encoding = native
nfs4:chown = true
[store1]
access based share enum = Yes
ea support = No
kernel share modes = No
mangled names = no
path = /mnt/mainstor/transfer/store1
posix locking = No
read only = No
vfs objects = catia fruit streams_xattr ixnas recycle crossrename aio_fbsd
recycle:subdir_mode = 0700
recycle:directory_mode = 0777
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/%U
fruit:resource = stream
fruit:metadata = stream
fruit:encoding = native
nfs4:chown = true
[tester1]
ea support = No
kernel share modes = No
mangled names = no
path = /mnt/mainstor/tester1
posix locking = No
read only = No
vfs objects = catia fruit streams_xattr shadow_copy_zfs noacl recycle crossrename aio_fbsd
recycle:subdir_mode = 0700
recycle:directory_mode = 0777
recycle:touch = yes
recycle:versions = yes
recycle:keeptree = yes
recycle:repository = .recycle/%U
fruit:resource = stream
fruit:metadata = stream
fruit:encoding = native
nfs4:chown = truesmbstatus
Code:
Samba version 4.13.17 PID Username Group Machine Protocol Version Encryption Signing ---------------------------------------------------------------------------------------------------------------------------------------- 2773 glen glen 192.168.0.57 (ipv4:192.168.0.57:64075) SMB3_11 - partial(AES-128-CMAC) 2757 matt matt 192.168.0.50 (ipv4:192.168.0.50:61686) SMB3_11 - partial(AES-128-CMAC) Service pid Machine Connected at Encryption Signing --------------------------------------------------------------------------------------------- store4 2757 192.168.0.50 Mon May 2 01:36:23 2022 NZST - - store1 2757 192.168.0.50 Mon May 2 01:36:27 2022 NZST - - IPC$ 2757 192.168.0.50 Mon May 2 01:36:21 2022 NZST - - IPC$ 2773 192.168.0.57 Mon May 2 01:37:13 2022 NZST - - tester1 2757 192.168.0.50 Mon May 2 01:38:30 2022 NZST - - store4 2773 192.168.0.57 Mon May 2 01:37:15 2022 NZST - - Locked files: Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time -------------------------------------------------------------------------------------------------- 2757 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/mainstor/tester1 . Mon May 2 01:38:30 2022 2757 1000 DENY_NONE 0x100081 RDONLY NONE /mnt/mainstor/tester1 . Mon May 2 01:38:30 2022
