ACL on SMB joined AD

Douglas_Giovani_Oech · December 12, 2024, 1:21pm

Hello!

We have a TrueNas Scale. The samba is joined with our samba-ad-dc and works fine until last days. So, we have many groups but now we need add other group from AD to access folder group on TrueNas and users from this group can works well inside the folder. I create the folder, users directory, permissions and ok. So, we need add this share for dataset (smb) click on Edit + add Item and choose domain\group. When I did choose the domain\group and try click on Save Access Control List, the system simply does not do the process and does not show any message error, no alerts in the system. Nothing. Is there a limitation ACL uses? We have 24 groups with ACL’s.

Please, somebody can help.

Thanks you so much

awalkerix · December 12, 2024, 1:29pm

Does the task manager show an error for the setacl job? The upper-bound on number of ACL entries is 1024.

Douglas_Giovani_Oech · December 12, 2024, 2:32pm

Hello @awalkerix

No, not. There is no error for the setacl job.

Thanks

awalkerix · December 12, 2024, 2:48pm

What is output of midclt call core.get_jobs '[["method", "=", "filesystem.setacl"]]' | jq ?

Douglas_Giovani_Oech · December 12, 2024, 4:10pm

The output of command in terminal:

midclt call core.get_jobs '[["method", "=", "filesystem.setacl"]]' | jq
[]

awalkerix · December 12, 2024, 4:15pm

It sounds like UI isn’t making an API call. Are you sure you’re clicking on the correct button in the UI?

Douglas_Giovani_Oech · December 12, 2024, 6:39pm

https://imgur.com/a/truenas-smb-acls-DMydSKm

These are my path to enable and configure ACLs with groups.

There are 24 groups add there. All of them are working well. But If I try to add one more group the system, it does not shows error, alert.

Is this way its wrong?

awalkerix · December 12, 2024, 6:40pm

After adding to the list did you click on the button to save the ACL?

Douglas_Giovani_Oech · December 12, 2024, 6:50pm

Yes, perfect. But, when click on the button nothing happens. All others after click on the button the system go on to continue the process.

Douglas_Giovani_Oech · December 13, 2024, 12:18pm

Hello!

After click on Directory Services Monitor - Active Directory I clicked on button Rebuild Directory Service Cache 3 or 4 times. After this I clicked on System Settings - Services and stop smb service, waiting some time and click to start again.

So after these procedures I can manage Dataset permissions Edit and add group from AD. Its working again

Thank you for help and attention

Douglas