I'm having all sorts of trouble getting a FRESH Windows Server 2019 to connect to a samba share on Truenas 12.
Originally, when I tried to log in, Windows kept saying You Can't Access This Shared Folder Because Your Organization's Security Policies Block Unauthenticated Guest Access.
, so I went into registry and changed the lanman workstation setting AllowInsecureGuestAuth
to 1. That solved that issue.
Now when I try to map the share, it just says Access is denied
when I try and enter the user credentials.
Checking truenas log.smbd:
[2021/11/07 14:33:36.554336, 1] ../../source3/smbd/service.c:369(create_connection_session_info)
create_connection_session_info: guest user (from session setup) not permitted to access this share (Backup)
[2021/11/07 14:33:36.554346, 1] ../../source3/smbd/service.c:557(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Enabling guest access to the SMB share in Truenas lets windows mount the folder, but it still says You do not have permission to access \\server\Backup\.
despite the Truenas folder being owned by the user and having read write permission.
Log entries for that error:
[2021/11/07 14:55:22.096249, 0] ../../source3/smbd/service.c:171(chdir_current_service)
chdir_current_service: vfs_ChDir(/mnt/MainPool/Backup) failed: Permission denied. Current token: uid=65534, gid=65534, 3 groups: 65534 90000001 90000002
[2021/11/07 14:55:22.096273, 0] ../../source3/smbd/service.c:183(chdir_current_service)
chdir_current_service: vfs_ChDir(/mnt/MainPool/Backup) failed: Permission denied. Current token: uid=65534, gid=65534, 3 groups: 65534 90000001 90000002
But before I solve that part, I am confused about the log saying guest user
.
So why is Windows server trying to use a guest user when I gave it credentials of the user I created in truenas? I never said use guest login on windows…
Best Answer
Did you actually invoke an
net use \\servername\$IPC /user:YOURCREATEDUSER
?An resulting config on the TrueNAS could look like this.
The ACLs on that Share are ususally the route of all problems.
The new GUI has a a few gimmicks for that.
EDIT:
I played it through and it worked. I didn't have an Windows-Server on Hand but even a SMB3-Connection should suffice.
For testing-purposes i suggest you create a new Dataset.
Check that your User on the TrueNAS has the Option 'Samba Authentication' enabled.
Now you can 'ADD" a new Share and Choose the untouched Dataset and fill in a Name. For 'Purpose' you will choose 'Default share parameters'. After submitting these Settings the Gui will Ask you if you want to Configure the ACL's. - Do that - . Then you will select the ACL-Preset 'RESTRICTED'. After that insert your User and Group in the Box at the Left top and select the corresponding 'Apply User/Group'-Checkboxes. Down at the Bottom you will also Select 'Apply permissions recursively'. There will be a warning - 'Confirm' and 'Continue' and all that is left is the 'Save' Button.
I can also provide you with Screenshots if needed. But i would need to upload them because of my LOW status'. Holla' if needed :-).