Hello
Being locked at home I've got time to spend on a few long overdue tasks.
One was updating to 11.2, a second one looking at my SMB access control.
My task was to move from a very basic access control for SMB shares to a more structured one.
As suggested in the documentation, I went through anodos' "Methods For Fine-Tuning Samba Permissions" and a couple of good videos on this matter.
I started revising my groups and users. In doing this I created-deleted groups before understanding what I really wanted (this might be relevant).
Then I reassigned the owner group in the dataset permissions (not the user) and applied changes recursively (ACLS not modified in the Windows client in the past).
When I switched to Windows File Explorer/Properties/Security things were not what I expected. Under "Group and user names" the owner group is often "Account Unknown" (a SID-like string is displayed), there's also a share where the old deleted group is displayed. Apparently server and client are not in sync.
I tried restarting the SMB service, rebooting freenas, rebooting the client with no results.
If I knew how, I'd first check settings on the server side using the cli and then do the same on the client side. But I do not have enough knowledge of unix and samba to do that without directions.
I'm looking for suggestions. Thanks.
PS: I know 11.3 is bringing new features for ACLS management, but it's still a bit early for me to switch.
Being locked at home I've got time to spend on a few long overdue tasks.
One was updating to 11.2, a second one looking at my SMB access control.
My task was to move from a very basic access control for SMB shares to a more structured one.
As suggested in the documentation, I went through anodos' "Methods For Fine-Tuning Samba Permissions" and a couple of good videos on this matter.
I started revising my groups and users. In doing this I created-deleted groups before understanding what I really wanted (this might be relevant).
Then I reassigned the owner group in the dataset permissions (not the user) and applied changes recursively (ACLS not modified in the Windows client in the past).
When I switched to Windows File Explorer/Properties/Security things were not what I expected. Under "Group and user names" the owner group is often "Account Unknown" (a SID-like string is displayed), there's also a share where the old deleted group is displayed. Apparently server and client are not in sync.
I tried restarting the SMB service, rebooting freenas, rebooting the client with no results.
If I knew how, I'd first check settings on the server side using the cli and then do the same on the client side. But I do not have enough knowledge of unix and samba to do that without directions.
I'm looking for suggestions. Thanks.
PS: I know 11.3 is bringing new features for ACLS management, but it's still a bit early for me to switch.
