Hi all
I have just setup Truenas Scale. I have enabled SMB with a few shares that worked fine for access prior to setting up 2FA. Since enabling it I am no longer able to access them. Is there a way to have 2FA enabled and still have SMB?
What version of SCALE is this? 2FA should have no impact on SMB authentication.
1 Like
Its version 25.04.1.
root@testU3T3M66YVY[~]# midclt call user.renew_2fa_secret smbuser '{}'
{"id": 69, "uid": 3000, "username": "smbuser", "unixhash": "$6$rounds=656000$On0eZrWhR1/h1bJy$OiWLbUjVMQmrwfg8As6dKmJAleeWoGjcXmInG/AIsKruintoJMi.VBiVcSGmVuDzjtHEUj7mXpMv1e9aE8ffS0", "smbhash": "B3F34FF0FBB772A1A70810CBB3320740", "home": "/var/empty", "shell": "/usr/sbin/nologin", "full_name": "smbuser", "builtin": false, "smb": true, "userns_idmap": null, "group": {"id": 107, "bsdgrp_gid": 3000, "bsdgrp_group": "smbuser", "bsdgrp_builtin": false, "bsdgrp_sudo_commands": [], "bsdgrp_sudo_commands_nopasswd": [], "bsdgrp_smb": false, "bsdgrp_userns_idmap": 0}, "groups": [89], "password_disabled": false, "ssh_password_enabled": false, "sshpubkey": null, "locked": false, "sudo_commands": [], "sudo_commands_nopasswd": [], "email": null, "id_type_both": false, "local": true, "immutable": false, "twofactor_auth_configured": true, "sid": "S-1-5-21-743500226-3324216601-1029890835-20069", "last_password_change": {"$date": 1749038505000}, "password_age": 0, "password_history": [], "password_change_required": false, "roles": [], "api_keys": [], "twofactor_config": {"provisioning_uri": "otpauth://totp/iXsystems:smbuser-testU3T3M66YVY%40TrueNAS?secret=H2CU3AAX3DY3W7RQ3XZ7PZHJOYTED2Z7&issuer=iXsystems", "secret_configured": true, "interval": 30, "otp_digits": 6}}
WARNING: above is to demonstrate 2FA token is set. Do not run this command on an active system as it will replace your 2FA token and break authentication to the NAS.
root@testU3T3M66YVY[~]# smbclient //127.0.0.1/SHARE -U smbuser%Cats
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Wed Jun 4 05:02:10 2025
.. D 0 Wed Jun 4 05:02:10 2025
9647744 blocks of size 1024. 9647616 blocks available
Can’t reproduce this. I’m deeply skeptical that it’s related to 2FA. What is the SMB server config testparm -s? What are the error messages you’re seeing? Did you check the SMB authentication audit logs to verify your client is actually sending the correct username?
1 Like
I reinstalled it and the issue has gone away. Thanks for the advice
Hi,
what have you reinstalled? I’m having the same issue, so I’ve created an SMB only user, now it works.
@all Would someone care to explain why the issues with 2FA? I’m also running 25.04.01.
KR
Rok
The whole OS. I stared from scratch as this was a new setup.
There is no issue with 2FA and SMB access.
Then please explain this:
Success: False
Logon ID: ‘0’
Logon Type: 3
Local Address: ipv6:fe80::5a47:caff:fe7a:4091:445
Remote Address: ipv6:fe80::3a1b:defb:cd39:75af:49970
Service Description: SMB2
Auth Description: Null
Client Domain: MINI-PC
Client Account: rok
Workstation: MINI-PC
Became Account: Null
Became Domain: Null
Became Sid: Null
Mapped Account: rok
Mapped Domain: MINI-PC
Netlogon Computer: Null
Netlogon Trust Account: Null
Netlogon Negotiate Flags: ‘0x00000000’
Netlogon Secure Channel Type: 0
Netlogon Trust Account Sid: Null
Password Type: NTLMv2
Client Policy Access Check: Null
Server Policy Access Check: Null
Vers:
Major: 0
Minor: 1
Result:
Type: NTSTATUS
Value Raw: 3221225572
Value Parsed: NT_STATUS_NO_SUCH_USER
If I log in with a user that doesn’t have 2FA then the connection works… The User that has an active 2FA doesn’t work.
User: smb_share (WORKS)
Log:
Success: True
Logon ID: ‘0’
Logon Type: 3
Local Address: ipv6:fe80::5a47:caff:fe7a:4091:445
Remote Address: ipv6:fe80::3a1b:defb:cd39:75af:50872
Service Description: SMB2
Auth Description: Null
Client Domain: MINI-PC
Client Account: smb_share
Workstation: MINI-PC
Became Account: smb_share
Became Domain: TRUENAS
Became Sid: S-1-5-21-1838473801-253889626-1381556817-20076
Mapped Account: smb_share
Mapped Domain: MINI-PC
Netlogon Computer: Null
Netlogon Trust Account: Null
Netlogon Negotiate Flags: ‘0x00000000’
Netlogon Secure Channel Type: 0
Netlogon Trust Account Sid: Null
Password Type: NTLMv2
Client Policy Access Check: Null
Server Policy Access Check: Null
Vers:
Major: 0
Minor: 1
Result:
Type: NTSTATUS
Value Raw: 0
Value Parsed: SUCCESS
Kind regards
Rok