Set permissions on Samba shares using Active Directory

K

kalero

Dabbler
Joined
May 13, 2019
Messages
17
Hi,

for the first time, I recently installed FreeNAS latest version (11.2-U4) on a RAID for my company and it should share some Windows directories with permissions for users from two Active Directories. I already set FreeNAS for working with our Active Directories but I notice something strange: if I go to a shell and enter "wbinfo -u", I only get the user list of one Active Directory (let's say server1), but if I enter "getent passwd", I get the user list of both Active Directories (let's say server1 and server2), and in the FreeNAS web interface, in Accounts -> Users, I only see the FreeNAS local users.

With that, when I create a Samba share, I don't see where to set users and permissions, there's any section to set them.

Maybe it's a dumb question, but I'm new on FreeNAS, so some help would be so appreciated. Thanks.
 
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
kalero said:
Hi,

for the first time, I recently installed FreeNAS latest version (11.2-U4) on a RAID for my company and it should share some Windows directories with permissions for users from two Active Directories. I already set FreeNAS for working with our Active Directories but I notice something strange: if I go to a shell and enter "wbinfo -u", I only get the user list of one Active Directory (let's say server1), but if I enter "getent passwd", I get the user list of both Active Directories (let's say server1 and server2), and in the FreeNAS web interface, in Accounts -> Users, I only see the FreeNAS local users.

With that, when I create a Samba share, I don't see where to set users and permissions, there's any section to set them.

Maybe it's a dumb question, but I'm new on FreeNAS, so some help would be so appreciated. Thanks.
Click to expand...
Accounts->Users only shows local users. Depending on configuration, the permissions editor will have AD users in permissions dropdowns (and auto-completion). In all cases, if it's joined to AD, you can just type the User or Group prefixed with the domain name ("DOMAIN\User")
 
K

kalero

Dabbler
Joined
May 13, 2019
Messages
17
anodos said:
Accounts->Users only shows local users. Depending on configuration, the permissions editor will have AD users in permissions dropdowns (and auto-completion). In all cases, if it's joined to AD, you can just type the User or Group prefixed with the domain name ("DOMAIN\User")
Click to expand...

Hi anodos, thanks for your answer. The problem is that there is no permissions editor when I edit a Samba share.
 

Attachments

  • captura_samba.png
    captura_samba.png
    22.2 KB · Views: 563
K

kalero

Dabbler
Joined
May 13, 2019
Messages
17
anodos said:
You edit the dataset permissions for the dataset underlying the share.
Click to expand...
OK, I understand. Anyway, why the dropdowns are not being populated by AD's users and groups? What's the configuration in which that's depending on?
 
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
There's a checkbox in Directory Services-> Active Directory 'disable freenas cache' . It should be unchecked. Not populating may be an indication that your server is not joined to AD. You can check this by opening a shell and typing 'wbinfo -t'
 
K

kalero

Dabbler
Joined
May 13, 2019
Messages
17
anodos said:
There's a checkbox in Directory Services-> Active Directory 'disable freenas cache' . It should be unchecked. Not populating may be an indication that your server is not joined to AD. You can check this by opening a shell and typing 'wbinfo -t'
Click to expand...

"Disable FreeNAS cache" was already unchecked, and if I enter "wbinfo -t" I get "checking the trust secret for domain MYDOMAIN via RPC calls succeeded", so I understand the FreeNAS is correctly joined to our AD. Anyway, I think it's strange "wbinfo -u" returns only users from one AD and "getent passwd" returns users from both ADs. One AD is MYDOMAIN and the other one is SUBDOMAIN.MYDOMAIN. Any idea?
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
kalero said:
"Disable FreeNAS cache" was already unchecked, and if I enter "wbinfo -t" I get "checking the trust secret for domain MYDOMAIN via RPC calls succeeded", so I understand the FreeNAS is correctly joined to our AD. Anyway, I think it's strange "wbinfo -u" returns only users from one AD and "getent passwd" returns users from both ADs. One AD is MYDOMAIN and the other one is SUBDOMAIN.MYDOMAIN. Any idea?
Click to expand...
Have you enabled trusted domains? (There's a checkbox for that in the webui).
 
K

kalero

Dabbler
Joined
May 13, 2019
Messages
17
anodos said:
Have you enabled trusted domains? (There's a checkbox for that in the webui).
Click to expand...

Yes, "Allow trusted domains" is checked. I'm attaching two screenshots with our FreeNAS' Active Directory configuration. Thanks.
 

Attachments

  • ad1.png
    ad1.png
    27.7 KB · Views: 586
  • ad2.png
    ad2.png
    27 KB · Views: 561
You must log in or register to reply here.

Similar threads

K
Users and groups from Active Directory not shown in the pools permissions editor dropdowns
Replies
6
Views
3K
kalero
K
K
  • Locked
AFP Permissions Active Directory
Replies
0
Views
1K
keamas
K
A
Samba Share not updating Active Directory group changes
Replies
5
Views
2K
AmIDoingSomething
A
K
Autocreate home directory per Active Directory logged user
Replies
19
Views
5K
Henning Kessler
H
averyfreeman
  • Locked
  • Poll
SMB share broken by implementing Active Directory Domain Controller
2
Replies
26
Views
12K
averyfreeman
averyfreeman
Top