Thanks for using the TrueNAS Community Edition issue tracker! TrueNAS Enterprise users receive direct support for their reports from our support portal.

Issues

Select view

Select search mode

 
1 of 10

TrueNAS Core 13.0-U6.2 Bug report: UI not passing UID/GID in when editing ACLs

Not Applicable

Description

Please see this thread in your support forums for original report (in which Andrew Walker asks me to file this bug report):

https://forums.truenas.com/t/acl-editor-wont-access-ad-users-groups/11026

 

I have just installed TrueNAS Core 13.0-U6.2, and I am trying to get Active Directory and SMB working for the first time. I am using Microsoft Edge as my primary web browser.

 

I have connected to AD fine, and when I run ‘wbinfo -g’ and ‘wbinfo -u’ from a shell I correctly get a list of all my AD groups and users. I have created a pool, and have created a dataset under that pool (setting the Share Type to ‘SMB’). I then created an SMB share, choosing ‘No presets’ for the Purpose, ticking ‘Enable ACL’, ‘Browsable to Network Clients’, and ‘Enable Alternate Data Streams’ as my options.

 

I tested the share by browsing to \\nas\asdfg on a Windows 10 machine (where ‘nas’ is the hostname of the TrueNAS box, and ‘asdfg’ is the SMB share) and this resolved fine (i.e. when I typed '\\nas' Windows automatically presented ‘\\nas\asdfg’ so it was clearly advertising the share correctly), but when I tried to browse it I got the usual ‘Windows cannot access…’ error. This was to be expected as I hadn’t set any ACLs yet.

 

From the TrueNAS ‘Windows Shares (SMB)’ screen I then selected ‘Edit Filesystem ACL’ on the share I created, and saw that it had created 4 default ACLs, for ‘everyone@’, ‘owner@’, ‘group@’, and ‘Group’ builtin_users. For the purposes of testing, I wanted to set this share to be accessible for all users on my domain. I went to the ‘Group’ ACL and deleted ‘builtin_users’, and clicked the little down-arrow expecting to see a list of my AD groups. Unfortunately this was not the case; it showed a list of what I assume are built-in groups (wheel, daemon, kmem, sys, tty, etc. down to nslcd, ntpd, and 3 builtin_ groups). So I entered ‘wbinfo -g’ to a shell, and from the results I copied ‘BOBBY\domain users’ (where BOBBY is my domain name), then pasted this into the the Group field in the ACL GUI. I then clicked ‘Save’, but got the following error:

 

Error: [dacl] Item#3 is not valid per list types: [id] Not an integer.

 

I have tried clearing my browser cache, and have tried in a private window, but the error persists. I also tried installing a different browser (Chrome) but got exactly the same results.

 

I have attached screenshots showing the error, and the output of the command ‘midclt call core.get_jobs | jq’ in case this is helpful.

 

Thank you.

Problem/Justification

None

Impact

None

Attachments

5
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Impact

High

Components

Fix versions

Affects versions

Priority

More fields

Katalon Platform

Created August 14, 2024 at 2:37 PM
Updated August 19, 2024 at 11:17 AM
Resolved August 19, 2024 at 11:17 AM

Activity

Show:

Bug Clerk August 19, 2024 at 11:17 AM

This issue has now been closed. Comments made after this point may not be viewed by the TrueNAS Teams. Please open a new issue if you have found a problem or need to re-engage with the TrueNAS Engineering Teams.

Bug Clerk August 19, 2024 at 11:17 AM

Thank you for reporting this issue! This bug has been resolved in TrueNAS SCALE and is not planned to be back-ported to CORE. If this is a critical workflow issue for you, we would strongly advise promptly upgrading to TrueNAS SCALE.

Rob Clydesdale August 17, 2024 at 12:35 PM

I uploaded a debug log on 2024-08-14, ref is:

 

TPF-3739

 

Thanks.

Rob Clydesdale August 16, 2024 at 8:53 AM

I should have added in my initial report - shell command ‘wbinfo’ correctly shows all my AD users and groups, but none of them are displayed anywhere in the GUI. I have tried leaving the domain and re-joining but the results are the same - it successfully connects to the domain (Directory Services Monitor shows green ‘HEALTHY’ state, and the trueNAS box appears in AD Users & Computers on the DC) but there is no trace of my AD users & groups anywhere in the trueNAS UI.

Bug Clerk August 14, 2024 at 2:37 PM

Thank you for submitting this TrueNAS Bug Report! So that we can quickly investigate your issue, please attach a Debug file and any other information related to this issue through our secure and private upload service below. Debug files can be generated in the UI by navigating to System -> Advanced -> Save Debug.

https://ixsystems.atlassian.net/servicedesk/customer/portal/15/group/37/create/153

Loading...