About CIFS with authenticated users only

[hellfire93_br]

System Information
Build: FreeNAS-9.2.1.5-RELEASE-x64 (80c1d35)
Platform: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Memory: 8162MB
Storage: 1000GB

Account
Groups: work (owner = assistek), home (owner = wagner)
Users: assistek, wagner

Storage
Volume type: ZFS
Volume size: 1000GB
Volume name: /mnt/dta
Dataset names: /mnt/dta/Assistek, /mnt/dta/Wagner

Sharing
Sharing names: Assistek (/mnt/dta/Assistek), Wagner (/mnt/dta/Wagner)

Services
Service type: CIFS

I’m not using Windows Server/Active Directory. The main share (/mnt/dta) doesn't need a password, anybody can open but, just inside dataset shares that I want to show the login prompt and accept only authenticated owner/group. My network have much devices connected and it would be stupid if I don’t set up a password. So, how set up exclusive access to owner/group above for volume datasets?

 

[Ericloewe]

Uncheck the "allow guest access" checkbox.

Also:

Please note that your hardware is inadequate for FreeNAS and ZFS. You need at the very least 8GB of RAM, ideally ECC (your processor does not support ECC).

 

[hellfire93_br]

Uncheck the "allow guest access" checkbox.

Also:

Please note that your hardware is inadequate for FreeNAS and ZFS. You need at the very least 8GB of RAM, ideally ECC (your processor does not support ECC).

Sorry, specify "inadequate", probably I will have problems using this hardware?

 

[Ericloewe]

Here are some things that are known to happen when ZFS is used with less than 8GB of RAM:

- Random data losses (pools go bad for no apparent reason)
- Random errors that prevent you from using certain features of FreeNAS
- Services may refuse to start

With 6GB you might just get by, if you're lucky. However, the minimum which allows for stability is 8GB.

 

[hellfire93_br]

Here are some things that are known to happen when ZFS is used with less than 8GB of RAM:

- Random data losses (pools go bad for no apparent reason)
- Random errors that prevent you from using certain features of FreeNAS
- Services may refuse to start

With 6GB you might just get by, if you're lucky. However, the minimum which allows for stability is 8GB.

Hmm, I understand that will become unoptimized.
But, if I change ZFS to UFS, runs better with my current memory size?
What's the difference between ZFS and UFS?

 

[Ericloewe]

Hmm, I understand that will become unoptimized.
But, if I change ZFS to UFS, runs better with my current memory size?
What's the difference between ZFS and UFS?

UFS is a traditional filesystem that offers none of ZFS' advantages. It will also not be available starting with the next version of FreeNAS.

 

[hellfire93_br]

UFS is a traditional filesystem that offers none of ZFS' advantages. It will also not be available starting with the next version of FreeNAS.

Right, but I will still using my current hardware.
Going back to my first question, just only disable "Allow guest access"? Nothing else?

 

[Ericloewe]

Right, but I will still using my current hardware.
Going back to my first question, just only disable "Allow guest access"? Nothing else?

If everything else is correctly set up, yes.

 

[hellfire93_br]

Permissions
Mode: Owner/Group/Other
Read: x/x/-
Write: x/-/-
Execute: x/x/-

Have something wrong here, I set up the username with password and share dataset same as above and yet he does not accept the credentials at login prompt.
I need to add some aditional permission?

 

[anodos]

You should leave file and directory permissions open and configure Samba Share ACLs (I believe FreeNAS defaults to 0666 and 0777 respectively).
These are controlled through the Windows file manager by navigating to \\ServerHostname, right-clicking on the samba share, clicking on 'properties, selecting the 'security' tab, and configuring the Samba share's ACLs as one would normally configure access controls for a native Windows share. Refer to Microsoft's documentation for an explanation of the different permissions options: http://windows.microsoft.com/en-us/windows/what-are-permissions#1TC=windows-7

Note that 'chmod -R' on a share can break ntfsv4 acls (don't do that). For reference see: https://bugs.freenas.org/issues/2111 and http://comments.gmane.org/gmane.os.freenas.testing/36
If you have been running "chmod" across your shares, I recommend changing the ACLs for your datasets to "unix" and then back to "windows". This should restore your permissions to the default 'open' permissions and allow you to configure access controls as I highlighted above.

 

[hellfire93_br]

System Updated
Memory: Added more 2048MB (now total is 8162MB, the minimum recommended) :)

 

[anodos]

System Updated
Memory: Added more 2048MB (now total is 8162MB, the minimum recommended) :)

Out of curiosity, do you have a 1-disk zpool? If so you should consider getting a second disk and mirroring.

 

[hellfire93_br]

Out of curiosity, do you have a 1-disk zpool? If so you should consider getting a second disk and mirroring.

Add more one disk to make mirror as a backup purposes you think? I need to add more 1GB if I do that.

 

[anodos]

Add more one disk to make mirror as a backup purposes you think? I need to add more 1GB if I do that.

Not for backup purposes. Redundancy != backup. Mirroring (or RAIDZ) is required to guarantee data integrity. I highly recommend that you read up on ZFS. Cyberjock's materials are a good start.

 

[hellfire93_br]

If I share only one dataset with user1/group1 I can open successfully the share. But if I share a secondary dataset with user2/group2 the main share (/mnt/Dados) ask for username/password (should not ask for username/password in main share, only for inside shared datasets), I put username/password to open, inside appears the Assistek and Wagner shared datasets, but if I try login on anyone, shows a warning:

"Multiple connections to a server or shared resource by the same user, using more than one user name are not allowed. Disconnect all previous connections to the server or shared resource and try again."

How solve this issue? I'm going crazy, lot of hours working on and nothing. :(

 

[anodos]

How have you set up access controls? Attach your smb4.conf file. It is located at /usr/local/etc/smb4.conf
Have you tried accessing shares via IP address? \\[IP address] \[sharenname] (without brackets of course)
Post output of 'testparm'

 

[anodos]

Have you tried clearing cached credentials?

 

[hellfire93_br]

How have you set up access controls? Attach your smb4.conf file. It is located at /usr/local/etc/smb4.conf
Have you tried accessing shares via IP address? \\[IP address] \[sharenname] (without brackets of course)
Post output of 'testparm'

Accessing by ipaddress/sharename or biosname/sharename works but, I want to use a default way too.
How grab smb4.conf? I've tried cat /usr/local/etc/smb4.conf but shell don't show me all the lines.

 

[hellfire93_br]

Have you tried clearing cached credentials?

Sorry, how do that?
I run net use * /del /y inside Windows environment to disconnect from previous connected shares. But I had to run it all the time to allow access inside the share and not showing that warning.

 

[hellfire93_br]

Exist a way to edit something in WebGui/Shell to disable login prompt of main share /mnt/Dados?