Permission denied on a new 11.3-RELEASE

[DL2ROY]

Hello,
First of all, thx for this great solution it's self "FreeNAS"

I just set up a FreenNAS 11.3-RELEASE a few days ago.
I'm not sure if I should post here, or in the beginner forum or maybe in the share forum or elsewhere.

I will describe my Problems and I hope that we can find the solutions for this...

I want 4 Directories with 2 Users (later one more Users with more directories).

Users:
roy (Admin can access everywhere)
julija (User can access it's own, share and media)

Directories:
roy (only for roy)
julija (for julija and the Admin)
media (for roy and julija and later on some other users)
shared (for everyone "guests")

So what I did:
In Pools:
Main Pool "NAS"
in NAS actually I have 3 Datasets: roy, julija and share (media and more i will create when I know how to get it working)

In Share:
I created the same 3 shares: roy, julija and shared

My Problems:
1. "No Permission" for everything. Independent on the user (or guest) I can't access to roy, julija or shared.
2. On my PC, I ones was connected with an other user, and now when I try to connect with roy, he says that it is impossible to connect from one client with more than one user and that i have to disconnect the other user before connecting with a new one. BUT how? I rebooted the PC, I rebooted FreeNAS, nothing helped... With the Laptop I had the same Problem, but after rebooting the Laptop, I could connect with an other User.

Is there a tutorial for this or could someone help me getting out of this mess of permission changes I made the last 2 days??
Maybe it would be better to begin from zero with a tutorial for 11.3 or a person who know what to do instead of testing around till nothing works, because at the beginning I had the Pool "NAS" and I could access it with one user, and after trying to create more directories with different permissions everything crashed into a mess with no way out for me :-(

greets
Roy

PS: if it helps I can upload some pics of my users and permissions a.s.o. when i'm back home later on...

 

[DL2ROY]

here some pics...

users:

pools:

acl of shared/guest:

acl of julija:

acl for roy:

for the shares:

after all this someone said, that i have to set the aux groups, so i did this for roy, but nothing changed, still no permission to every directory...

hope someone can hep with this :-(

greets
Roy

 

[KrisBee]

@DL2ROY Vids that might help with Windows Shares / File Sharing Permissions & ACL :

https://youtu.be/dDs0DLj7J9w ( FN13 with new ACL editor )

- YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

youtu.be

( FN9 & FN11 - but principles are the same)
https://www.ixsystems.com/blog/plex-permissions/ ( A useful example if and when you start using plugins )


The first two vids explain how to make use of groups, and making users members of groups, when sorting out access to SMB shares. Compare this to your own screenshots and you might see a way to configure things as you want.

For example, if you want to make user "roy" an admin with full control over all your datasets, then its more flexible to create an "admin" group and make "roy" a member of that group. The "admin" group can then be given full control over any dataset. If you later need to change who is an admin user then you can just remove "roy" from the "admin" group and make another user a member of that group, etc.

Just give a little more though to how groups can help you here: e.g. do you need a "guest" user or should it be a "guest" group? Do you need a guest group at all for a dataset that anyone can access if say "everyone" has full control over that dataset?

 

[DL2ROY]

@KrisBee i'll try this after the work, when i'm back home.

thx a lot. I only searched for 11.3 because I saw a video for 11.2 and already there is a difference in the permissionsettings...

 

[DL2ROY]

@KrisBee OK,
I deleted the Pool and created everything from zero.

On my Laptop i logged in with roy and i can enter the 3 directories, but still only edit roy, the other two i don't have the right permissions...
I will check that.

But with my PC I still can't connect with my user because he don't disconnects me with the old testuser... What could I do there?

 

[DL2ROY]

@KrisBee Update, on my Laptop it works now as it should... thx for this Video

Only the PC is the Problem, BUT I already deleted the credentials on my PC, so maybe there should be a hack to disconnect a user from the freenas???

 

[Newfoundland.Republic]

@DL2ROY - There is a video by Tom Lawrence of Lawrence Systems on FreeNAS 11.3 Windows Shares / File Sharing Permissions & ACL Configurations.

Tom does a good job in explaining things.

 

[DL2ROY]

Hello @Newfoundland.Republic
does he explain how to fix this login Problem?

Because the Permissions are good now...
I did nothing special, I would say that the main thing was the mess of permissions...
After deleting all de users, groups and datasets incl. the pool it self, I just made everything again, pool, groups, users, datasets, shares and now it works like it should.

Only my PC, I can't login, because he (my PC or FreeNAS) sais that i'm already logged in with another user and I can't log in with more than one user from the same client. And now I have to find out, how to log off, because the user i'm logged in with doesn't exist anymore...

I watched this video (https://www.youtube.com/watch?v=dDs0DLj7J9w) for a remake of my directories, but in fact, he does what i did before, and after this i changed the permissions and the users and the groups and the shares and the datasets, and again the users and the permissions, after after changing all this, I just had a big mess of permissions and users, an I needed to redo everything and now it works...

 

[Newfoundland.Republic]

Ah... That seems like a Windows logon issue. I have seen that with Windows Server shares as well when I have tried to connection to share A using username A but also with username B - Windows complains that I am trying to logon with two different accounts.

Are you trying to connect to the same share with two different logon names?

 

[DL2ROY]

I try to connect to freenas with one user that is other than my windows login user.

But on my Laptop (win 7) and on the Laptop of my wife (win 10), there is no Problem with that.
Only onmy PC (win 10) there is a problem.

On my Laptop I had this Problem too, but after rebooting the Laptop and the freenas, everything was fine, but not for my PC...)

 

[Newfoundland.Republic]

Hi @DL2ROY - on your PC do a net use and see if you have a share mounted under a different username. You may have a share already mounted persistently under a different username.

 

[diedrichg]

You need "Inherit" set on those ACL permissions pages. Also, I would remove "Permit sudo" from roy.

 

[DL2ROY]

@Newfoundland.Republic thx a lot, it's working now...

@diedrichg what does the "inherit" do?

 

[DL2ROY]

@Newfoundland.Republic thx a lot, it's working now...

@diedrichg what does the "inherit" do?

EDIT: it only seemed like... I created .txt files in every of the 3 directories with the user "roy" (of the Admin Group), yesterday over my laptop. Today i can still create files, and i can even create directories in nas/roy BUT I can't delete something AND while creating a directory, he says that i need the permission to do this and when i click "Cancel" he create it, and when i first click 10time on "try again" and after this on "cancel" he creates 10 new folders... and i'm not able to delete them...

 

[diedrichg]

Because under "Flags" you have No Inherit set. Inherit means anything under that ACL will take on the permissions of the parent. I have no idea why you are getting multiple copies of files and folders though.

 

[DL2ROY]

@diedrichg
now after setting inherit and flags, i still can't delete on shared or julija and i'm unable to connect to roy...

 

[diedrichg]

In post #2, your last image doesn't have roy set to 'write' for the group. Therefore roy won't be able to create or delete anything in the shared dataset. You only show us a screenshot of shared/guest ACL rather than /shared. I would also set home directories (if you want that) for each user pointing to their dataset, this way you will get shadow copies (if I understand this feature correctly) and can revert to previous versions of files within Windows Explorer's context menu.

 

[DL2ROY]

@diedrichg
I will upload new pictures tomorrow morning.
Post #2 is out of date... after Post #4 i deleted the hole pool, users and groups and i began from zero...

So after this everything looked good, 'till i tried to delete the files and directories i created with my own user...
I could create but not delete...

Than you said me to set inherit, and after i did this, i wasn't able even to connect my dir "roy" with my user "roy".
So I think that there something happened...

I will post new screenshots of my user, datasets, and shares...

 

[DL2ROY]

As promised, here some pics...

User roy

User julija

Pools

ACL roy

ACL julija

ACL shared

Windows Shares

I hope that helps...
But I think, when I know how to set it up corect, than I will have to redo everything because now it's again a mess of permission changes and i think that this could be a problem too, because the more i change and the more i try, the less work it as it should...

 

[anodos]

Please try upgrading to 11.3-U1, there was a fix related SMB permissions.