Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

ACL : unable to add/find user via Windows GUI

Description

When trying to add a new user in ACLs of SMB shares via Windows 10 GUI, I am asked to authenticate, and then I get an error (“security object can’t be found”).

I tried to authenticate with only user name without typing password (which used to work), with user and password, with netbios/user, with IP/user, with all combinations with and without typing password… but nothing works.

I tried a deliberately wrong password, and I get no authentication error, just the same message, so I guess the problem is with authentication.

Logged user is the owner of the dataset and has full control over it.

Permissions of users or groups already present in the ACL can be modified though.

Shares work normally, and ACLs are applied normally, no problem on this side.

I use no domain, just a workgroup.

I use a workaround which is to add in parent dataset via TrueNAS ACL manager ALL the users and groups that any children could need, to propagate the ACL, and then to remove useless users in children folders one by one via Windows GUI… but this is not ideal.

My ACLs had been set for a long time, and I don’t modify them every day, so I can’t say when it started “not working any more”. I discovered it these days while reorganizing my pools with new disks.

Problem/Justification

None

Impact

None

Attachments

8

Activity

Show:

Ludo76 September 28, 2023 at 11:29 AM

I tried logging from 2 other laptops with root credentials. Fail.

I also tried version 13.1_MASTER (2023-09-26). Fail.

I’m out if ideas…

Andrew Walker September 25, 2023 at 6:51 PM

Unsupported means that this version of SMB server we are treating it as an unsupported feature (not exposed in webui, no bugs related to its implementation will be investigated or fixed).

Ludo76 September 25, 2023 at 6:45 PM

I tried commenting out both parameters and restarting SMB, it failed.

By the way, disabling “server multi channel support = yes" divides by two the transfer bandwidth between TrueNAS and Windows (I have 2 wired gigabit links between TrueNAS and my Windows PC)… I guess mutli channel support is definitely supported.

I can read “serviceDescription": "SMB2" in your log line. Is that OK since I use Windows 10 Pro ? Furthermore with muti channel support enabled (SMB3 feature) ?

Andrew Walker September 25, 2023 at 6:12 PM
Edited

I see significant number of auth requests failing with bad password. Though normally you wouldn’t get permission denied when doing rpc (at least for the search).

I see that you’ve enabled unsupported multichannel support on the server. Comment out all auxiliary parameters, restart the SMB server and see if the issue resolves itself.

Ludo76 September 25, 2023 at 5:53 PM

This is exactly what I have always done. I get an authentication prompt, which always fails, whatever I type in.

Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Labels

Impact

High

Ready For Review?

True

Components

Fix versions

Affects versions

Priority

More fields

Katalon Platform

Created September 19, 2023 at 12:11 PM
Updated September 29, 2023 at 8:06 AM
Configure