Windows 11 Cannot Access SMB Shared Pool Originally Created on FreeNAS 11

TrueNAS General
, ,
1

I installed FreeNAS on a machine several years ago and created a dataset pool to use as a NAS. I loaded a good amount of data on it, shut off the machine and left it for several years. Recently, I tried to boot it back up, updated it (at the time to version 12) and all of a sudden, I could no longer access the dataset pool through the Windows SMB share using any of my family computers. I tinkered with it a good bit with no success and gave up.

I am now trying to get access to the data again so I can download my wedding and family photos, then wipe everything clean to pass the machine onto someone else. I haven’t been into this in multiple years and feel as if I’m in over my head.

Current Version: TrueNAS-13.0-U6.2

Problem: Windows 11 tells me I do not have permission to access dataset.

Things I’ve Tried:
-Resetting ACLs
-Enabling guest access
-Creating a full control ACL for everyone@
-Creating a user with the same name and password as my Windows 11 computer and adding it to the share
-Stripping ACLs and restarting from scratch
-Formatting the TrueNAS boot drive and reinstalling TrueNAS fresh then importing pools (this is where I’ve currently left off)

See below for snapshots of my pools, ACLs on the Dataset1, and the error messages I receive when trying to access the shares through file explorer on my Windows 11 computer. I’m not sure if it matters, but Fitz-NAS is ACL Mode Restricted while Dataset1 is set as passthrough. I currently have the user of root as well as another user named “admin” with the exact same password as root.

Pools

pools
pools1417×452 26.2 KB

Dataset1 ACLs

Dataset1 ACLs
Dataset1 ACLs501×763 23.1 KB

Error when connecting under root as username

Denied - Attempting under root User
Denied - Attempting under root User565×522 12.3 KB

Error when connecting under admin as username

Denied - Attempting under Admin User
Denied - Attempting under Admin User745×437 21.7 KB

Error when connecting to the Fitz-NAS network drive
Denied - Attempting to connect to FITZ-NAS

Can anyone help make sens of all this? I’ve followed countless tutorials, looked up tons of forum posts addressing similar issues, and after all this troubleshooting it feels like there is something baked in that is denying all access. Any help would be so greatly appreciated.

2

Do you have a separate user created to ‘own’ the data on TrueNAS. I don’t know if ‘root’ is currently allowed as an owner and user. (i just checked my root account and Samba authentication is set to FALSE where my other user has TRUE)
Try creating a new user and group on TrueNAS and allow the new user and group to share the SMB dataset. I use and different name from my Windows users and log into the SMB share using that new users credentials. You will need to restart the SMB service for changes.

You might provide screenshots of your current SMB share settings.

Link to docs on SMB share creation. Attempt a walk through of the process and check your against your settings.
https://www.truenas.com/docs/core/13.0/coretutorials/sharing/smb/smbshare/

3

Go to Storage → Windows Share and create/configure you Dataset1 (or whatever name you want for the SMB) with the full path /mnt/Fitz-nss/Dataset1

4

“root” is no longer a permitted SMB user account as of TrueNAS 12 (11.3 we started phasing this in IIRC).

1 Like
5

Alright, so I went through the full tutorial linked there and got the same issues. I created a new user (“admin”) and a usergroup along with a password. I tried accessing the share through file explorer on my windows 11 home version computer and after typing in the credential for the admin user, it said windows could not access. See below for screenshots.

Error Message
Error Connecting as admin user

Dataset1 SMB Share Settings

SMB Share Settings
SMB Share Settings1302×772 38.5 KB

Dataset1 SMB Share ACLs

Dataset1 SMB Share ACL
Dataset1 SMB Share ACL1387×526 20.9 KB

Dataset SMB Share Filesystem ACL (Partial settings. There are more users/groups all with full access)

Filesystem ACL 1
Filesystem ACL 1402×628 17.5 KB

Filesystem ACL 2
Filesystem ACL 2382×662 18.3 KB

Is there something client-side (client-side refers to the user’s computer accessing the share, yes?) that may be preventing this? I saw at the bottom of the tutorial that you may need to change settings in the “Local Security Policy” which Windows 11 Home does not have. Is it possible there might be something else standing in the way of this access on the client side instead of within TrueNAS?

I also have this notification/warning about a new ZFS version available for my pool, Fitz-NAS. It states that it is a one-time process that can prevent being able to roll back to previous TrueNAS versions. However, I don’t see anywhere in the web interface to take action on this upgrading this pool in any way. Is this something that may have an impact on the share?

@oxyde That dataset shows that exact path when I open up the settings. See the screenshot above. Is that how it should look or did I do something wrong? I did also try to create a share to a child directory and had the same error.

@awalkerix Ah, good to know. In that case, I’ll stop trying with root and focus on trying to get it to work with a different user. I used root to access it back before 11.3 and I believe that changing is what caught me off guard and got this scenario going. Thanks for clarifying that part, I at least know where NOT to look now! :smiley:

6

If you go to the Accounts, User page and look at ‘admin’ properties. Do you have Samba Authentication = true

Are you able to log into the admin account on TrueNAS directly, like in SSH or Console?

If you need to make changes are you stopping and restarting the SMB server afterwards?

Have you tried setting up a new share by using the guide and is it still giving you problems with access from Win 11? Trying to rule out DataSet1 as having the problem or any sharing using SMB.

‘admin’ user is only on TrueNAS and doesn’t exist on Windows? Sort of guessing as there are so many places to look

7

Making a simple “find the difference” from how i setup the SMB:

  • on the SMB share settings, the only difference is you have enable Allow Guest Access (dont think is rilevant but try disable)
  • on the SMB ACLs, i have put Type ALLOWED instead of DENIED (sound like the problem to me)
  • on Dataset ACL, instead of the everyone@ i have the owner@ (dont think rilevant)
8

Actually having guest access enabled on a share can cause authentication failures from Windows:

9

Yes it is.
Yes for SSH.
Yes I have restarted SMB fro TrueNAS each time.
Yes and I still had issues so I have since deleted the share.
That’s correct. I only have one user on Windows, and it is not named “admin” like TrueNas.

@oxyde Understood. I made each of those changes as well but still no luck. Same issue unfortunately. Are there any other areas you see that you think may cause issues?

@awalkerix Oh, good to know! Thanks for mentioning that! I’ve turned off guest access and am still having the same issue. Would Windows have an issue with having ACL permissions for everyone@?

10

I’m really starting be confused, because from the screen you post i really don’t see anything strange about your conf.
Maybe can be worth try to put the ACL rule on the owner, with the recursive flag applied (if you still didn’t try).

Screenshot 2024-07-16 130821
Screenshot 2024-07-16 1308211111×776 34.5 KB

As you can see, my ACL rules are pretty simple (in this case im the only one supposed to accesso to dataset), in other dataset i just add 1 or more users allowed only read.
Have you try to connect to SMB providing just the ip of the machine, instead of the full path?
Have you made some change to the SMB service? This is my conf, maybe try find some difference:
Screenshot 2024-07-16 130357
Screenshot 2024-07-16 1303571625×817 41.5 KB

Have you already try to connect to SMB with other device, like a smartphone? (for avoid the possibility of some Win client problem, despite you have try some device but if i uderstand correctly only Windows machine)

11

Oh. I just saw your share ACL. You’ve literally denied access to everyone of course you’re having access problems :slight_smile:

12

@oxyde
-I tried your first suggestion and actually already had a owner@ setting for the ACLs with identical settings to your setup it seems.
-I have tried accessing it both by clicking the icon in file explorer marked “Fitz-NAS/Dataset1” as well as by typing in the ip address in into file explorer. Both seem to give me the same error.
-It seems by SMB service settings are identical to yours.
-I have tried with my iphone (the only other non-windows device I have) and I can access the menu to open both Dataset1 and Fitz-NAS by typing in the server ip. It says read-only at the bottom and when I try to open either Fitz-NAS or Dataset1, it tells me I don’t have permissions to view the content.

@awalkerix I actually changed that setting to “ALLOWED” after my last post and it doesn’t seem to have made a difference. :confused:emphasized text

13

Do you have the network drives mapped on Windows? I had to destroy mine and recreate them.

Do you have any other computer to try connecting to the NAS over SMB? If not try searching internet for ‘clearing smb network credentials windows 10’ or something like that.

Adding link to another post that may be helpful.

14

Im out of idea, sorry. At this point i dont think that the problem is in the TN configuration (seems correct to me).
I agree with @SmallBarky, you must start debugging from your Windows client, starting reset SMB (check if all features are well installed from “turn on off Windows features” menù too)… Or maybe somehow Windows Is forcing the login to the SMB with wrong username

15

I think Windows stores all smb passwords inside “Windows Credential Manager”
Just remove you stored nas account there and see if your are promted for the password again – and be sure you got the right one

16

Sorry for the delay, went out of town for a bit.

I actually just tried to connect from a different Windows 11 machine and am receiving the same error. I have been mapping the network drive each time I boot the NAS and then unmapping it after trying a new suggestion with no success.

I also did try to go into Windows Credential Manager as @make-nz mentioned, but nothing was saved for login information to the NAS.

@oxyde I tried to restart SMB each time before connecting and made sure that each of the features under SMB are turned on under Windows Features as well. It allows me to type in my own login for the NAS when trying to connect to it. I go to “Network” in File Explorer, select “TRUENAS” and enter my login credentials, then it offers be the network files of Dataset1 and Fitz-NAS, both of which give me the “Windows cannot access… You do not have permission” error.

Is it possible for me to rollback the TrueNAS OS to an older version of FreeNAS and hope that I can get access to copy the files, then wipe the entire system clean?

17

Until you don’t have upgrade your pool, basically yes.

One last thing, i don’t remember the answer: when you applied ACL on users, have you set the flag on recursive option?

18

Yes, I did choose the recursive flag when I set the ACLs.

As for rolling back, how would I tell if my pool is upgraded and no longer compatible with rolling back to an earlier version of FreeNAS?

19

if you don’t have run zpool upgrade <pool> or zpool upgrade -a you should be fine.
You can also see if upgrade are available with zpool status . Don’t know other specific command sorry.

If i was in your situation, before try to downgrade, I would also try to access the data with another protocol, for example via FTP… setup should be fast than try to downgrade, give it a try

20

Forgive me for the ignorance, but how would you go about accessing the data via FTP and copying it? I did try to access the data via an SSH client (PuTTY) and I could see the directories, but I don’t think I was able to access them or copy them.