SMB Authentication breaking after TrueNAS (FT) reboots

After upgrading to Fangtooth, I’ve noticed that each time the device reboots, I can’t authenticate to SMB shares. If I reset the password for the user, it will let me back in, even if I reset it to the same password.

I can confirm the password is correct / not changing, as cached passwords work until the reboot, then stop working unless reset.

Originally, I thought this may have been related to the SMB / NFS issue, so I disabled all NFS shares and even the service, but the problem is persisting even with NFS disabled.

Is anyone else able to confirm / replicate this behavior?

There is an issue regarding the passdb for SMB server getting broken because of users setting empty passwords rather than properly disabling password authentication for accounts. You can look for error messages in /var/log/middlewared.log for error messages about accounts having invalid SMB hashes.

You can fix it by changing the accounts so that (1) password is disabled via checkbox and (2) not making them SMB accounts.

1 Like

I had to rollback to EE yesterday due to SMB not working and me not having time to diagnose. Today I saw this and it sounded like my problem so I upgraded to FT again and sure enough changing the password of my user allowed SMB access to work again!

Is it an issue of some/any accounts having empty passwords and being SMB accounts? In my case both of the accounts that connect to SMB have/need passwords. :thinking:

Any accounts that have SMB checked and have an empty password will break synchronization.

1 Like

Every time I reboot TruNAS the problem reappears and I have to go into credentials and set the password again for the SMB user account. Anyone know if there is likely to be a permanent fix for this?

Yes. As already mentioned here, this is caused by specific accounts that you have configured with empty passwords without checking the “disable password authentication box”. The fix will be in 25.04.1, but you can simply fix it yourself in 25.04.0 by fixing the affected accounts.

I had passwords set previously so I’m not sure if that’s the same issue.

You can look through /var/log/middlewared.log for accounts raising an error about invalid SMB hashes.

The error I see in the middlewared.log is:

[2025/04/20 15:48:59] (ERROR) middlewared.job.run():530 - Job <bound method SMBService.synchronize_passdb of <middlewared.plugins.smb_.passdb.SMBService object at 0x7fe15cc18650>> failed @cee:{"TNLOG": {"exception": "Traceback (most recent call last):\n  File \"/usr/lib/python3/dist-packages/middlewared/job.py\", line 515, in run\n    await self.future\n  File \"/usr/lib/python3/dist-packages/middlewared/job.py\", line 562, in __run_body\n    rv = await self.middleware.run_in_thread(self.method, *args)\n         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/middlewared/main.py\", line 599, in run_in_thread\n    return await self.run_in_executor(io_thread_pool_executor, method, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/middlewared/main.py\", line 596, in run_in_executor\n    return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3.11/concurrent/futures/thread.py\", line 58, in run\n    result = self.fn(*self.args, **self.kwargs)\n             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/middlewared/plugins/smb_/passdb.py\", line 89, in synchronize_passdb\n    insert_passdb_entries(to_update)\n  File \"/usr/lib/python3/dist-packages/middlewared/plugins/smb_/util_passdb.py\", line 363, in insert_passdb_entries\n    samu_data = _pack_pdb_entry(entry)\n                ^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/lib/python3/dist-packages/middlewared/plugins/smb_/util_passdb.py\", line 256, in _pack_pdb_entry\n    data += _pack_samba_pascal_string(bytes.fromhex(entry.nt_pw))\n                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^\nValueError: non-hexadecimal number found in fromhex() arg at position 0", "type": "PYTHON_EXCEPTION", "time": "2025-04-20 14:48:59.297903"}}

The password that I have set for the SMB user is a mixture of lower and upper case characters and numerals. No special characters. As soon as I set the password again under credentials in the UI I can access the SMB share but following a reboot of TrueNAS the problem comes back and I have to go back into Credentials and set the same password again. It’s not a massive issue just more of an annoyance really.

Run the command midclt call user.query '[["smb", "=", true], ["unixhash", "=", "*"]]. Do you have any hits?

1 Like

Aha, yes I had a “backuppc” user which is used to allow BackupPC to backup logs etc. “SMB User” was checked in the UI so I unchecked it, rebooted and I was able to then access the CIFS shares via the regular user account. That seems to have been my problem, having that backuppc user account with “SMB User” checked. Thanks for the tip :slightly_smiling_face:

I think you’ve got a spurious double quote and missing end quote.
midclt call user.query '[["smb", "=", true], ["unixhash", "=", "*"]]'

Indeed. I free-handed that.

2 Likes