CIFS Public shares issues

[Scentle5S]

Hi,

I'm new to FreeNAS as I just finished putting my first box together, and now I'm at the famous step known as "Hit your head to the wall repeatedly because of Samba shares " (how original, I know... :D).

So here is my Dataset :

Storage

Media

Music
Videos

Movies
Shows​

The permissions are 0755 and I'm the owner, all of it being set for the whole Dataset recursively through the GUI ("Set permission recursively" checkbox).

And here are the shares :


As you may have guessed, I want to have access to all the Dataset with full rights by logging in with my user account on FreeNAS (being the owner of the Dataset recursively), and I want anyone else to have free read only access to the media content on my box ("Others" group having read & execute access).

So, I can see "FREENAS" on my network shares (Windows 10), but I can't browse it since all I get is the beloved "Network path was not found" error. BUT, I can browse it by going with the IP address (\\192.168.1.100). However, Windows keeps asking me to log in, even though I'm not in an actual share yet, just trying to browse the available shares on the box. Appart from this, the CIFS shares work fine.

So my questions are :

1. Why can't I browse FreeNAS through \\FREENAS but can through \\192.168.1.100 ?
2. Why does FreeNAS keep asking me to log in even though I'm not actually trying to browse a share yet ?

I think that all of this is connected somehow, I must be missing something and I suppose that once this thing is solved, everything will work fine, that is : free read only access for everyone to the media section, and full secure access to everything for me.

Please note that I kind of know my way with computers and have read a lot about permissions and all the kinds of issues related on FreeNAS forums and elsewhere. I tried many combinations, cleared cache everytime ("net use * /delete" command + restart "explorer.exe"), even changed my Windows username since it was the same as on my FreeNAS but the password didn't match (thought this could be the thing). I just can't get this right and it's driving me crazy, as it seems to be for lots of others around here

If you need anything else to better locate the problem, please don't hesitate ;)

Thanks for the help ! :)

 

[anodos]

Hi,

The permissions are 0755 and I'm the owner, all of it being set for the whole Dataset recursively through the GUI ("Set permission recursively" checkbox).

And here are the shares :

You are sharing:
/mnt/Storage
and
/mnt/Storage/Media/{Music, Videos/Movies, Videos/Shows}

I don't believe samba likes this sort of setup. Remove the share pointing to "/mnt/Storage". Create a new dataset /mnt/Storage/<stuff I want to share that isn't media>, and share that out instead.

So my questions are :

Whoops, I guess i jumped the gun on answering things.

1. Why can't I browse FreeNAS through \\FREENAS but can through \\192.168.1.100 ?

Welcome to the joys and wonders of netbios name resolution. It sometimes works. For your convenience I've attached a diagram of how netbios name resolution used to work.


Make sure you've enabled network browsing on your windows box, then go to "Control Panel\Network and Internet\Network Connections" , right-click on your adapter and click properties, select TCIP/IPv4 and click properties, then click "advanced", select the "WINS" tab and check the box "Enable NetBIOS over TCP/IP". Reboot your windows computer for good measure. Still not working? Read documentation and troubleshooting tips for NetBIOS name resolution / samba. Try setting your freenas server as "preferred master" for the network and make sure that you don't have other devices with samba trying to be preferred master as well. Reboot all the things a few times, make a cup of coffee, come back and see if it's working.

If it's not, read more about NetBIOS troubleshooting. You'll see all sorts of things about A-nodes, B-nodes, H-nodes, M-nodes. Eventually you'll settle on the F-node (F* this! node) at which point you'll set up DNS for your network or just use IP addresses.

2.Why does FreeNAS keep asking me to log in even though I'm not actually trying to browse a share yet ?

It wants you to authenticate before you establish a tree connection (T-con). This is because of the way you've configured your shares.

 

[Scentle5S]

Thanks for the answer ! ;)

I get what you mean, however I think that this solution doesn't really suits my needs. I simplified my directories for this topic, but actually I might have something like this :
Storage

Media
Music (want to share publicly read only)
Videos

Movies (want to share publicly read only)
Shows (want to share publicly read only)​

Pictures

Private (don't want to share publicly)
Family (want to share with family full rights)
Friends (want to share with friends full rights)​

Administrative (don't want to share publicly)
School projects (want to share publicly)
​

All of this will be synced between 3 places for availability and backup purposes : my laptop, an external hard drive, and FreeNAS (with differences on the content regarding to the available space in each of them).

Basically I want to be able to access to all of my data and hide unnecessary content to people that aren't allowed to access it. Hence my idea of a global "Storage" share limited to me and small targeted shares for the rest, so that people wouldn't see that there is an "Administrative" or "Private" folder.

Coming back to your idea then, without the global "Storage" share, I couldn't access the "Private" folder without setting a dedicated "Private" share (and therefore "showing that it's there" to others). I can't move it to the "/mnt/Storage/<stuff I want to share that isn't media>" folder like you said, since it indeed is media

All in all, my problem is that I have an organised structure, really intuitive to me, that I can't / don't want to change for something "want / don't want to share publicly" based. My structure is then totally mixed in terms of sharing and permissions concerns. According to your answer, I'm starting to think that the only solution would be to stay with one unique "Storage" share and then play with permissions on individual folders so that people can access only the content they're supposed to, and let them see that there are folders they can't access...

Do you see another solution ?

If not, I'm still confused on how to do it :

1. Should I have only the "Storage" Dataset and then fine tune the permissions on folders ? Or should I create sub-Datasets and play with permissions through the GUI ? In my exemple that would only be 3 levels (Media/Pictures/Family for instance), but I might have much more complex structure that would be painful to make through Datasets :( So to which extent should I go with Datasets ?
2. If I want to play with permissions on folders, being on Windows and the permissions type being Unix, how does it work ?
3. Should I switch to Windows based permissions ? If so should I also change the "Share type" setting on the Dataset ? How are those two related ?
4. When I sync from a Windows based permissions location to FreeNAS (Unix based permissions), what happens ? Should I override the permissions for the new content to be sure it is appropriate ?

Again, I already read documentation about this but it's just messing with my mind

Thanks again !

 

[anodos]

Basically I want to be able to access to all of my data and hide unnecessary content to people that aren't allowed to access it. Hence my idea of a global "Storage" share limited to me and small targeted shares for the rest, so that people wouldn't see that there is an "Administrative" or "Private" folder.

Uncheck "Browsable to Network Clients" for private shares.

All in all, my problem is that I have an organised structure, really intuitive to me, that I can't / don't want to change for something "want / don't want to share publicly" based. My structure is then totally mixed in terms of sharing and permissions concerns. According to your answer, I'm starting to think that the only solution would be to stay with one unique "Storage" share and then play with permissions on individual folders so that people can access only the content they're supposed to, and let them see that there are folders they can't access...

If someone lacks read permissions for a folder they won't be able to see it.

1) If I want to play with permissions on folders, being on Windows and the permissions type being Unix, how does it work ?

mostly badly.

2)Should I switch to Windows based permissions ? If so should I also change the "Share type" setting on the Dataset ? How are those two related ?

Using "windows" permissions type is generally recommended for SMB shares.

When I sync from a Windows based permissions location to FreeNAS (Unix based permissions), what happens ? Should I override the permissions for the new content to be sure it is appropriate ?

That depends on how you are syncing it. If you have correctly configured permissions, they should inherit from the parent directories.

 

[Scentle5S]

If someone lacks read permissions for a folder they won't be able to see it.

Perfect, I didn't know that.

So I switched to Windows permissions and Windows type shares and went through some testing. I think I can achieve what I want with a single Dataset "Storage", shared with public access and remove permissions for private folders. However something was bothering me during my tests : sometimes it would ask me to authenticate, sometimes not, and sometimes a private folder would be hidden from an unauthorized user, sometimes he would see it. In the end I figured that the authentication cache wasn't correctly cleared, causing those weird behaviors.

So how can I effectively clear the cache ? I usually do the "net use * /delete" command + restart "explorer.exe" and eventually clear the credentials in "Control Panel\All Control Panel Items\Credential Manager". But apparently that's not enough...

And finally : why does it keep asking me to authenticate before I establish a tree connection ? You said because of the way I configured my shares. Can you be more explicit ? This is supposed to be a public share with some folders made visible only to me.

 

[Scentle5S]

My shares seems to work like a charm now, thanks again. But I still don't understand the last two parts. For the cache it seems to be a common problem as there are tons of posts about it but no clear answer... And regarding the authentication I still don't understand why I have to authenticate from the beginning.

Any explanation ?