On several of our TrueNAS systems, when editing ACLs by the “Advanced Security Settings” dialog on a mounted CIFS share (at a windows client), I get an “I/O device error” on applying the changes. This had worked before (as it is our common practice of adjusting permissions) and it still works at one server (our latest and the only one I set up myself). All servers (including the latest) had been upgraded from “Core” to “Scale” some months ago and it is currently unclear, if the problem is directly linked to the upgrade.
Here the configuration differences I could spot by testparm -s:
under global options, the “idmap range” differs (probably not the cause)
under the shares’ options, the following “vfs objects” are active (among others, common with all our servers)
functional machine: io_uring, ixnas and zfs_core
“broken” machines: zfsacl and zfs_space
But now I am stuck as I can’t figure out, where these parameters are to be configured.
Generally speaking you shouldn’t be using zfsacl and zfs_space on SCALE. The only way these can be set is if there are unsupported auxiliary parameters set on the share.
Thank you - and yes, it seems, that these parameters had been set on ‘core’ and then have been “inherited” through the upgrade to ‘scale’. It seems, that the webGUI does not offer any way to access the ‘auxiliary parameters’ anymore. But where are they stored? As the “official” recommendation is to use only TrueNAS tools for configuration changes: Is there a tool to access the samba configuration? Resp. if not, where can I edit it to be permanently (and safely) changed?
Using grep and tdbtool, I was able to identify /var/db/system/samba4/registry.tdb, key SAMBA_REGVAL\HKLM\SOFTWARE\SAMBA\SMBCONF\NAME_OF_THE_SHARE as the most promising target. Still, as these are productive systems, I hope for advice on how to edit the configuration ~safely:
Does this make sense at all?
Can it be safely done “online”? And if so:
Are there any services I need to stop / restart besides smbd aka cifs?
Is there a more comfortable editor for .tdb files than tdbtool?
NB: For availability reasons, I’d prefer to go this way instead of trying to delete and re-create the shares.