This system no longer allows SMB access after update to TrueNAS-12.0-RELEASE
Description
Problem/Justification
Impact
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
@Michael Kammer ping
re-adding the root user for SMB auth through smbpasswd / pdbedit will be unstable (change will be undone the next time we synchronize the passdb with our database).
+--------------------------------------------------------------------------------+
+ Local users in passdb.tdb @1604271686 +
+--------------------------------------------------------------------------------+
[]
debug finished in 1 seconds for Local users in passdb.tdb
This current server has no users in the passdb database (which is why auth fails). They aren't in passdb.tdb because we removed them during synchronization:
[2020/11/01 12:59:54] (DEBUG) SMBService.synchronize_passdb():166 - Synchronizing passdb with config file: deleting user [Plex] from passdb.tdb
[2020/11/01 12:59:54] (DEBUG) SMBService.synchronize_passdb():166 - Synchronizing passdb with config file: deleting user [michael] from passdb.tdb
What is output of following command?
midclt call user.query '[["smb", "=", true]]' | jq
Both users exist on both servers.
Note I was able to find a work-around for the root login not being allowed on the secondary server: sudo smbpasswd -a root
This command is added root access to the smb authorized user list. I am fairly sure people will scream out "don't do that!" (Well for an interim measure I tried it and it worked"
Is there a good tutorial on proper user management for TrueNAS vs FreeNAS transitions?
Thanks.
{"timestamp": "2020-11-01T14:54:32.897540-0800", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.1.231:445", "remoteAddress": "ipv4:192.168.1.91:29656", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "root", "workstation": "DESKTOPMICHAELI", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "root", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 52229}}
{"timestamp": "2020-11-01T14:55:15.634581-0800", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.1.231:445", "remoteAddress": "ipv4:192.168.1.91:29773", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "MicrosoftAccount", "clientAccount": "Michael", "workstation": "DESKTOPMICHAELI", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "Michael", "mappedDomain": "MicrosoftAccount", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 56219}}
Looks like your client is alternating between using either an account "root" and an account "michael". Both fail with NO_SUCH_USER. Former is no longer permitted in 12.0. I'm not sure of the case of the latter. Does a "michael" user exist on the server?
Are you trying to use root to access tourm SMB share? Root can no longer be used to access SMB shares.
I have two identical base server systems with prior FreeNAS (latest version). Both had the same credentials.
Now after update to TrueNAS-12.0-RELEASE, my backup server (this unit) now will show an incorrect user name when attempting to authenticate via SMB from any device.
Note: Web login is unaffected, original credentials work.
Something updated differently on 2nd of 2 servers to TrueNAS-12.0
I have attempted to clear out credentials from all other systems, I have change root password credentials. Still nothing. Note: I have two defects listed, one from server that IS working, and now this one from server that will NOT allow SMB login in hopes the comparison would be useful.