Continuous Failed to set ACL message

Running Dragonfish and kept seeing these “Failed to set ACL” messages on my terminal so went to investigate. I’m not a Linux person, but trying to learn. So read the some docs on systemd-journal as it appears that’s where the logs are kept.

The first command I used was “journalctl --since today” and the output was a rude awakening. Firstly, I found message telling me that the logrotate.service failed with with result ‘exit-code’.

Next I noticed that was getting messages about “TNAUDIT_SMB session opened” and “TNAUDIT_SMB session closed” occuring continuously every day, indicating that the same user was logging in and out as fast as possible.

Any idea what might be causing these two issues?



That just means that ACLs are disabled on the dataset underlying /var/log it’s a benign message.

I had to made a dummy user (same user/pass as the windows user) for one of my windows clients with no read/write/execute access because otherwise the pc SPAMMED the SMB service >10,000 times per day that it couldn’t access since it didn’t have a use.

Now it is just logs once, when the PC boots up. I blame windows.

Good point, I glossed over the second part. Sounds like potentially a client bug / misconfiguration that the audit logs are pointing out. Clients shouldn’t be in a tight loop trying to authenticate to the server.

I think that is my problem. I keep getting thousands of audit messages that go like this:

TNAUDIT_SMB[1504330]: @cee:{“TNAUDIT”: {“aid”: + much more data …
systemd-logind[2631]: New session c37148 of user username.
systemd[1]: Started session-c37148.scope - Session c37148 of User username.
TNAUDIT_SMB[1504330]: pam_unix(samba:session): session opened for user username(uid=3000) by (uid=0).
TNAUDIT_SMB[1504330]: pam_unix(samba:session): session closed for user username
systemd[1]: session-c37148.scope: Deactivated successfully.
systemd-logind[2631]: Session c37148 logged out. Waiting for processes to exit.
systemd-logind[2631]: Removed session c37148.

These messages keep repeating over and over continuously. The username being used is the Windows administrator’s username and I have created that same username on the TrueNAS system (uid 3000, gid 3000). This user is the owner of ALL my shares.

The TrueNAS system is running as a VM on a Proxmox box. The first message in the sequence which contains a lot more data, indicates an IP address that is the address of the Proxmox box. I can upload this additional data if it is needed.

In addition, the TrueNAS system has one app installed; Jellyfin, which is getting it’s data
(videos and music) from SMB shares on TrueNAS (not sure is this is relevant).

I can run this instance of TrueNAS as either a VM in Proxmox or as a stand-alone server; depending upon how it is booted. I wanted to run it as a VM so that I could move my PiHole from a Raspberry Pi, to a VM and I could not get the PiHole software working as an app on TrueNAS.

By the way, my hardware is as follows:
ASUS P11C-M/4L with Intel XEON E-2236 CPU and 64GB ECC memory plus 4x4TB Ironwolf drives for data.



I believe that’s a very relevant tidbit.

Doesn’t Proxmox do logins every 10 seconds to smb shares for bookkeeping reasons? There was a post about it just a couple of days ago but I can’t find it.

Answering my own question, I found this on the Proxmox forum to support my claim.

Yes, there have been several complaints about this proxmox behavior as well as users who have resolved the issue by creating their own persistent mounts, which lends credence to the supposition that proxmox behavior is unnecessary.

For me I had to set the same username AND password for the user profile on SMB as it is on Windows (this annoyingly required me to set a password on windows). My guess is that it ain’t a proxmox exclusive issue as I’m running bare metal & had the same windows nonsense. My guess (based on NOTHING AT ALL) is that it is a windows annoyance with defender being a touch too aggro.

I’m just guessing here, but I was wondering if it was my backup settings (for Proxmox) that was causing the username spamming.

I have set up a Proxmox backup storage location to be a CIFS share on my TrueNAS system and then created a Proxmox backup job to backup 2 VMs to this location weekly. The odd thing (in my mind) is that the 2 VMs that are being backed up are my Pihole server and TrueNAS itself. I have a second Proxmox server with a second TrueNAS VM to which I use rsync to backup just the data (which includes the VM backups) weekly. This allows me to recover both the TrueNAS system (both OS and data) and my Pihole server in a very short time should something fatal happen!

I wonder if I set up the CIFS share to be an NFS share, would I get the same username spamming??

Also, TrueNAS hosts a Jellyfin app and the spamming I’m getting from it makes the username spamming look trivial. I get a constant barrage of k3s messages in my journals. Wondering if I should run Jellyfin in a separate Linux VM instead of a TrueNAS app. Of course, this would eliminate the requirement of moving from TrueNAS Core to TrueNAS Scale; I only upgraded because I did not like the intrusiveness of dificulty of maintaining Plex on TrueNAS Core.

I did prefer Core over Scale but could see the light that Core was going the way of the Dodo!