Fangtooth upgrade - SMB system error 86 has occured (existing and new shares)

PaulMcG1970 · May 3, 2025, 4:54pm

I’ve just upgraded from 24.10.1 to 25.04 and my only SMB share is inaccessible. When I try to map a network drive on a Windows client I get the error:

C:\Users\Me>net use z: \\192.168.0.49\files
Enter the username for '192.168.0.49': me
Enter the password for 192.168.0.49:
System error 86 has occurred.

The specified network password is not correct.

I have created a new share with the same result.

I am using a bridged network adapter to allow a Truenas hosted Instance to connect to the SMB share.

Does anyone have any ideas for troubleshooting and fixing this? Thanks

neofusion · May 3, 2025, 5:05pm

Do you have any user account on your TrueNAS system that checks both these two boxes:

Has Samba Authentication enabled in the user credentials
Has an no password set/empty password

Again, my question is if you have any account at all that matches both of the above.
The existence of such an account will prevent ALL accounts from logging in, since 25.04.

Related bug report:

PaulMcG1970 · May 3, 2025, 5:20pm

Now a different error

So I discovered one users ‘emby’ which was a SMB user without a password. I’ve changed that to a non-SMB user now. The only SMB user is my named account ‘paul’ which has a password.

Now the error is:

System error 1272 has occurred.

You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

PaulMcG1970 · May 3, 2025, 5:29pm

I’ve found that the ‘Administrators Group’ for the SMB Service is ‘mysql’. I don’t know if that is correct or how it happened!

Should it be something else and how can I change it?

neofusion · May 3, 2025, 5:43pm

PaulMcG1970:

Now the error is:

System error 1272 has occurred.

You can't access this shared folder because your organization's security policies block unauthenticated guest access. These policies help protect your PC from unsafe or malicious devices on the network.

Do you have Guest access enabled on the share in question? Shares → Edit (on the share) → Advanced Options → Allow Guest Access

I recommend disabling it.

I am not sure what you mean here, can you post a screenshot to clear things up?

PaulMcG1970 · May 4, 2025, 8:54am

As requested the image of the admin user on the SMB service.

The only way I can get into my SMB share at the moment is to enable guest access on the share, make my ‘paul’ account the guest in SMB advanced settings and change network security setting on my client “Enable insecure guest logons”.

Not ideal but I needed urgent access to some of my files.

neofusion · May 4, 2025, 11:29am

Okay, that mysql group is peculiar, not sure what to make of that other than that it’s not normal. I don’t think it’s related to your guest access though.

Guest usage will be an uphill battle. Microsoft doesn’t want people to use guest access and consequently, neither does iXsystems in TrueNAS. I highly recommend you try to solve that underlying issue, likely due to incorrect Dataset ACLs related to the share in question.

PaulMcG1970 · May 4, 2025, 12:33pm

Thanks
Would the dataset ACLs prevent authentication?

When I am trying to login with my account ‘paul’ I get this error in the logs

Logon ID: '0'
Logon Type: 3
Local Address: ipv4:192.168.0.49:445
Remote Address: ipv4:192.168.0.175:55064
Service Description: SMB2
Auth Description: Null
Client Domain: .
Client Account: paul
Workstation: DESKTOP-LGM9K06
Became Account: Null
Became Domain: Null
Became Sid: Null
Mapped Account: paul
Mapped Domain: .
Netlogon Computer: Null
Netlogon Trust Account: Null
Netlogon Negotiate Flags: '0x00000000'
Netlogon Secure Channel Type: 0
Netlogon Trust Account Sid: Null
Password Type: NTLMv2
Client Policy Access Check: Null
Server Policy Access Check: Null
Vers:
  Major: 0
  Minor: 1
Result:
  Type: NTSTATUS
  Value Raw: 3221225572
  Value Parsed: NT_STATUS_NO_SUCH_USER

neofusion · May 5, 2025, 6:31pm

That specific error apparently means no “passdb entry”, whatever that means:

Unfortunately, I don’t know how to guide you further.

PaulMcG1970 · May 7, 2025, 7:57am

Thank you anyway for your help so far. I will try a few things when I get some time.

noclaf · May 8, 2025, 8:43pm

There is something inherently broken. Run into same set of issues.
What helped me was to:

remove SMB user indication for one password-less user ← I tried that because I was getting error 1219 at the beginning and I found it as one of the potential problems, but on it’s own it was not enough and I “moved” just to error 86.
go to the user in credentials and literally reenter the same password again for the impacted users.

I have 2 shares, both with the same issue - recreating one share (same ACL applied afterwards) did not help, but adjusting the users as above make both of the shares work.

Would LOVE to know what was the problem and how to avoid it.