ACL : unable to add/find user via Windows GUI
Description
Problem/Justification
Impact
Attachments
Activity
Ludo76 September 28, 2023 at 11:29 AM
I tried logging from 2 other laptops with root credentials. Fail.
I also tried version 13.1_MASTER (2023-09-26). Fail.
I’m out if ideas…

Andrew Walker September 25, 2023 at 6:51 PM
Unsupported means that this version of SMB server we are treating it as an unsupported feature (not exposed in webui, no bugs related to its implementation will be investigated or fixed).
Ludo76 September 25, 2023 at 6:45 PM
I tried commenting out both parameters and restarting SMB, it failed.
By the way, disabling “server multi channel support = yes
" divides by two the transfer bandwidth between TrueNAS and Windows (I have 2 wired gigabit links between TrueNAS and my Windows PC)… I guess mutli channel support is definitely supported.
I can read “serviceDescription": "SMB2"
in your log line. Is that OK since I use Windows 10 Pro ? Furthermore with muti channel support enabled (SMB3 feature) ?

Andrew Walker September 25, 2023 at 6:12 PMEdited
I see significant number of auth requests failing with bad password. Though normally you wouldn’t get permission denied when doing rpc (at least for the search).
I see that you’ve enabled unsupported multichannel support on the server. Comment out all auxiliary parameters, restart the SMB server and see if the issue resolves itself.
Ludo76 September 25, 2023 at 5:53 PM
This is exactly what I have always done. I get an authentication prompt, which always fails, whatever I type in.
Details
Details
Assignee

When trying to add a new user in ACLs of SMB shares via Windows 10 GUI, I am asked to authenticate, and then I get an error (“security object can’t be found”).
I tried to authenticate with only user name without typing password (which used to work), with user and password, with netbios/user, with IP/user, with all combinations with and without typing password… but nothing works.
I tried a deliberately wrong password, and I get no authentication error, just the same message, so I guess the problem is with authentication.
Logged user is the owner of the dataset and has full control over it.
Permissions of users or groups already present in the ACL can be modified though.
Shares work normally, and ACLs are applied normally, no problem on this side.
I use no domain, just a workgroup.
I use a workaround which is to add in parent dataset via TrueNAS ACL manager ALL the users and groups that any children could need, to propagate the ACL, and then to remove useless users in children folders one by one via Windows GUI… but this is not ideal.
My ACLs had been set for a long time, and I don’t modify them every day, so I can’t say when it started “not working any more”. I discovered it these days while reorganizing my pools with new disks.