Access rights problem

Hello,

I would really appreciate it if someone please help me with fixing the rights because I’m out of inspiration.

relevant structure:

- pool1
    - shares
        - data
            Permissions
            Owner: root  Group:root
            Click an item to view NFSv4 permissions
            person
            owner@ - root: Allow | Full Control
            people
            group@ - root: Allow | Modify
            people
            Group - gr_media_a: Allow | Traverse
            people
            Group - gr_media_c: Allow | Traverse
            - a  (for the 14+)
                Permissions
                Owner: root  Group: root
                Click an item to view NFSv4 permissions
                people
                Group - gr_media_a: Allow | Traverse
                person
                owner@ - root: Allow | Full Control
            - c  (for the children)
                Permissions
                Owner: root  Group: root
                Click an item to view NFSv4 permissions
                people
                Group - gr_media_c: Allow | Traverse
                person
                owner@ - root: Allow | Full Control

Alle datasets were created with the Preset: Multiprotocol and have an ACL Type SMB/NFSv4, ACL Type Inherit and ACL Mode Inherit

The dataset /pool1/share/data is shared as an SMB share with default share parameter. User @Everyone and the group gr_media_a and the group gr_media_c have FULL .CONTROL.

The user testuser had SMB access and is member of the group gr_media_a.

On a Ubuntu client:

smbclient -L 10.10.10.10 -U testuser

results in

Password for [WORKGROUP\testuser]:

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (TrueNAS Server)
    private         Disk      
    docker          Disk      Docker data
    data            Disk      Data share

SMB1 disabled – no workgroup available

Mounting a share with

sudo mount -v -t cifs -o username=testuser,password= //10.14.10.10/data /mnt/data

results in

mount: /mnt/data: cannot mount //10.10.10.10/data read-only.
dmesg(1) may have more information after failed mount system call.

The relevant dmesg says

[ 4857.065533] CIFS: Attempting to mount //10.10.10.10/data
[ 4857.081055] CIFS: Status code returned 0xc000006d STATUS_LOGON_FAILURE
[ 4857.081069] CIFS: VFS: \10.10.10.10 Send error in SessSetup = -13
[ 4857.081086] CIFS: VFS: cifs_mount failed w/return code = -13

What am I doing wrong?

What are the permissions on pool1/shares?

Thank you so much for taking your time to look into this.

Permissions
Owner: root Group: root
Click an item to view NFSv4 permissions
person
owner@ - root: Allow | Full Control
people
group@ - root: Allow | Modify
people
Group - gr_media: Allow | Traverse
people
Group - gr_media_r: Allow | Traverse

Can you connect from a Windows machine or Mac to rule out an issue with your mount command? Or even via the GUI on a Linux box?

Also if thats no good can you share your permissions as you see them from the TrueNAS UI?

After rebooting my client and the NAS and issuing exactly the same commands (from the buffer), I can mount the drive but I’m upgraded to “permission denied” when I do ls on the mounted drive. :slight_smile:

I presume your testuser has ‘SMB User’ checked in the TrueNAS UI?

Yes, it has. After the reboot of the NAS and client, I can now mount the share but not list the contents. As you asked, I have switched clients and I’m now on EndeavourOS (Arch). I freshly Ubuntu, just to make sure there were no Arch issues. I have no Windows or Mac, unfortunately.

ls: reading directory ‘.’: Permission denied

Well, that was easy to solve. It needed modify rights to list the contents.
Thank you very much for your time. It is hard to believe a simple reboot solved it. Too bad I don’t now if the issue was client or NAS related.