Windows 11 Cannot Access SMB Shared Pool Originally Created on FreeNAS 11

I installed FreeNAS on a machine several years ago and created a dataset pool to use as a NAS. I loaded a good amount of data on it, shut off the machine and left it for several years. Recently, I tried to boot it back up, updated it (at the time to version 12) and all of a sudden, I could no longer access the dataset pool through the Windows SMB share using any of my family computers. I tinkered with it a good bit with no success and gave up.

I am now trying to get access to the data again so I can download my wedding and family photos, then wipe everything clean to pass the machine onto someone else. I haven’t been into this in multiple years and feel as if I’m in over my head.

Current Version: TrueNAS-13.0-U6.2

Problem: Windows 11 tells me I do not have permission to access dataset.

Things I’ve Tried:
-Resetting ACLs
-Enabling guest access
-Creating a full control ACL for everyone@
-Creating a user with the same name and password as my Windows 11 computer and adding it to the share
-Stripping ACLs and restarting from scratch
-Formatting the TrueNAS boot drive and reinstalling TrueNAS fresh then importing pools (this is where I’ve currently left off)

See below for snapshots of my pools, ACLs on the Dataset1, and the error messages I receive when trying to access the shares through file explorer on my Windows 11 computer. I’m not sure if it matters, but Fitz-NAS is ACL Mode Restricted while Dataset1 is set as passthrough. I currently have the user of root as well as another user named “admin” with the exact same password as root.

Pools

Dataset1 ACLs

Error when connecting under root as username

Error when connecting under admin as username

Error when connecting to the Fitz-NAS network drive
Denied - Attempting to connect to FITZ-NAS

Can anyone help make sens of all this? I’ve followed countless tutorials, looked up tons of forum posts addressing similar issues, and after all this troubleshooting it feels like there is something baked in that is denying all access. Any help would be so greatly appreciated.

Do you have a separate user created to ‘own’ the data on TrueNAS. I don’t know if ‘root’ is currently allowed as an owner and user. (i just checked my root account and Samba authentication is set to FALSE where my other user has TRUE)
Try creating a new user and group on TrueNAS and allow the new user and group to share the SMB dataset. I use and different name from my Windows users and log into the SMB share using that new users credentials. You will need to restart the SMB service for changes.

You might provide screenshots of your current SMB share settings.

Link to docs on SMB share creation. Attempt a walk through of the process and check your against your settings.
https://www.truenas.com/docs/core/13.0/coretutorials/sharing/smb/smbshare/

Go to Storage → Windows Share and create/configure you Dataset1 (or whatever name you want for the SMB) with the full path /mnt/Fitz-nss/Dataset1

“root” is no longer a permitted SMB user account as of TrueNAS 12 (11.3 we started phasing this in IIRC).

Alright, so I went through the full tutorial linked there and got the same issues. I created a new user (“admin”) and a usergroup along with a password. I tried accessing the share through file explorer on my windows 11 home version computer and after typing in the credential for the admin user, it said windows could not access. See below for screenshots.

Error Message
Error Connecting as admin user

Dataset1 SMB Share Settings

Dataset1 SMB Share ACLs

Dataset SMB Share Filesystem ACL (Partial settings. There are more users/groups all with full access)


Is there something client-side (client-side refers to the user’s computer accessing the share, yes?) that may be preventing this? I saw at the bottom of the tutorial that you may need to change settings in the “Local Security Policy” which Windows 11 Home does not have. Is it possible there might be something else standing in the way of this access on the client side instead of within TrueNAS?

I also have this notification/warning about a new ZFS version available for my pool, Fitz-NAS. It states that it is a one-time process that can prevent being able to roll back to previous TrueNAS versions. However, I don’t see anywhere in the web interface to take action on this upgrading this pool in any way. Is this something that may have an impact on the share?

@oxyde That dataset shows that exact path when I open up the settings. See the screenshot above. Is that how it should look or did I do something wrong? I did also try to create a share to a child directory and had the same error.

@awalkerix Ah, good to know. In that case, I’ll stop trying with root and focus on trying to get it to work with a different user. I used root to access it back before 11.3 and I believe that changing is what caught me off guard and got this scenario going. Thanks for clarifying that part, I at least know where NOT to look now! :smiley:

If you go to the Accounts, User page and look at ‘admin’ properties. Do you have Samba Authentication = true

Are you able to log into the admin account on TrueNAS directly, like in SSH or Console?

If you need to make changes are you stopping and restarting the SMB server afterwards?

Have you tried setting up a new share by using the guide and is it still giving you problems with access from Win 11? Trying to rule out DataSet1 as having the problem or any sharing using SMB.

‘admin’ user is only on TrueNAS and doesn’t exist on Windows? Sort of guessing as there are so many places to look

Making a simple “find the difference” from how i setup the SMB:

  • on the SMB share settings, the only difference is you have enable Allow Guest Access (dont think is rilevant but try disable)
  • on the SMB ACLs, i have put Type ALLOWED instead of DENIED (sound like the problem to me)
  • on Dataset ACL, instead of the everyone@ i have the owner@ (dont think rilevant)

Actually having guest access enabled on a share can cause authentication failures from Windows:

Yes it is.
Yes for SSH.
Yes I have restarted SMB fro TrueNAS each time.
Yes and I still had issues so I have since deleted the share.
That’s correct. I only have one user on Windows, and it is not named “admin” like TrueNas.

@oxyde Understood. I made each of those changes as well but still no luck. Same issue unfortunately. Are there any other areas you see that you think may cause issues?

@awalkerix Oh, good to know! Thanks for mentioning that! I’ve turned off guest access and am still having the same issue. Would Windows have an issue with having ACL permissions for everyone@?

I’m really starting be confused, because from the screen you post i really don’t see anything strange about your conf.
Maybe can be worth try to put the ACL rule on the owner, with the recursive flag applied (if you still didn’t try).


As you can see, my ACL rules are pretty simple (in this case im the only one supposed to accesso to dataset), in other dataset i just add 1 or more users allowed only read.
Have you try to connect to SMB providing just the ip of the machine, instead of the full path?
Have you made some change to the SMB service? This is my conf, maybe try find some difference:

Have you already try to connect to SMB with other device, like a smartphone? (for avoid the possibility of some Win client problem, despite you have try some device but if i uderstand correctly only Windows machine)

Oh. I just saw your share ACL. You’ve literally denied access to everyone of course you’re having access problems :slight_smile:

@oxyde
-I tried your first suggestion and actually already had a owner@ setting for the ACLs with identical settings to your setup it seems.
-I have tried accessing it both by clicking the icon in file explorer marked “Fitz-NAS/Dataset1” as well as by typing in the ip address in into file explorer. Both seem to give me the same error.
-It seems by SMB service settings are identical to yours.
-I have tried with my iphone (the only other non-windows device I have) and I can access the menu to open both Dataset1 and Fitz-NAS by typing in the server ip. It says read-only at the bottom and when I try to open either Fitz-NAS or Dataset1, it tells me I don’t have permissions to view the content.

@awalkerix I actually changed that setting to “ALLOWED” after my last post and it doesn’t seem to have made a difference. :confused:emphasized text

Do you have the network drives mapped on Windows? I had to destroy mine and recreate them.

Do you have any other computer to try connecting to the NAS over SMB? If not try searching internet for ‘clearing smb network credentials windows 10’ or something like that.

Adding link to another post that may be helpful.

Im out of idea, sorry. At this point i dont think that the problem is in the TN configuration (seems correct to me).
I agree with @SmallBarky, you must start debugging from your Windows client, starting reset SMB (check if all features are well installed from “turn on off Windows features” menù too)… Or maybe somehow Windows Is forcing the login to the SMB with wrong username

I think Windows stores all smb passwords inside “Windows Credential Manager”
Just remove you stored nas account there and see if your are promted for the password again – and be sure you got the right one