Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Simple example of how to configure share permissions - FreeNAS 9

ChiknNutz

FreeNAS Experienced
Joined
Nov 6, 2015
Messages
179
Thanks
6
#22
What is the suggested permission setup for folders that are intended to be wide open to all users? I've tried using the "nobody" user and "nogroup" group but that doesn't seem to work. What I was able to do was to use the family surname group I created (for family members), but how would I go about it up to be open to anyone on my network? I was under the impression that the FreeNAS GUI share setting of "Allow Guest Access" would accomplish this very thing, but so far has not worked for me if that is in fact its intended function.
 
Joined
Aug 31, 2015
Messages
82
Thanks
6
#23
http://cuddletech.com/?p=23
In some distro or better... not in freebsd you can use the -v flag in ls -v instead of getfacl. And there is also a -A flag in chmod.


Have been searching for this now and then but I can't get my search queries right. My question goes ...
From my findings you only have user, group and everyone.
It doesn't matter how many user or groups you add from you windows client (right click on the share -> properties -> security..) ..
Dos adjustment will have no impact what so ever.. or mimic the behaviour they will be having in real windows environment. They show up in getfacl but that's far as it goes.

true or false ?
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,416
Thanks
1,488
#24
http://cuddletech.com/?p=23
In some distro or better... not in freebsd you can use the -v flag in ls -v instead of getfacl. And there is also a -A flag in chmod.


Have been searching for this now and then but I can't get my search queries right. My question goes ...
From my findings you only have user, group and everyone.
It doesn't matter how many user or groups you add from you windows client (right click on the share -> properties -> security..) ..
Dos adjustment will have no impact what so ever.. or mimic the behaviour they will be having in real windows environment. They show up in getfacl but that's far as it goes.

true or false ?
Yes... err... 42... I'm confused.

The general recommendation I've seen in the samba mailing lists is to choose a single method of manipulating ACLs (either through the CLI or through samba via a windows client). Since you're already using samba, then it's best to just ignore the CLI *facl tools (unless you're troubleshooting a problem). The samba server's behavior should be almost indistinguishable from a windows environment.
 

ChiknNutz

FreeNAS Experienced
Joined
Nov 6, 2015
Messages
179
Thanks
6
#27
I accomplished this in the shared folder in Windows. Go to the appropriate folder, select Properties, then Security. Apply the permissions you want for each folder accordingly. In my case, I have a folder for each user. For each user you make that user able to do whatever you want (say full access to their folder) and be sure to exclude everyone else. I added myself as a user with full permissions to each folder since I am the Admin.
 
Joined
Jan 12, 2017
Messages
10
Thanks
3
#29
This is by far the vaguest "tutorial" ever. I appreciate the effort. but I have a lot of questions.

First off, this post alone doesnt tell you all the steps needed to log in.....what username and password do i connect to the share with? the "domain" will default to the client hostname so the user and password created on Freenas will NOT work. I have tried with the freenas hostname, the IP, the workgroup...NONE work

Second, why do I need to set it to "Windows" permissions? The data set I want to share is already shared via NFS and has many *nix users connected to it? Does setting to "Windows" permissions break NFS / Linux machines?

Third, what about how I do NOT want the owner of the data set to be the user I am trying to connect to SMB? I am the admin, i have the root account, i want to be the owner, but I want other (multiple) windows machines to be able to connect with unique log ins...i could NOT repeat your tutorial and connect 2 users to the same dataset (not with the instructions provided).

Fourth, short of the one quip about not "turning the knob" that disables a users password, you provided ZERO instruction on ANY of the steps you gave. Not even so much as a "Hey make sure your screens look like mine and have the settings set that I have in the pictures (which is what I tried to do, but it didnt work). Also on this topic, a worthwhile set of instructions gives brief explanation for doing something, so that the reader actually learns as they go. You give no reasoning for what you want us to do.

Fifth, at the end you say "mucking around with permissions"...where? on the freenas box? On the windows client that i CANNOT get connected? Why / how would a user who is following a how to setup SMB shares from freenas logically have been even ABLE to mess with perms...presumably the readers of your post are in need of assistance to get SMB working.

I will say, i suppose I am just stupid, but I have been an IT Professional for 10+ years now and have setup countless windows and *nix servers (and have even run several freenas instances) but i have followed article after article and read through so much documentation only to be told that what I am doing is accurate but to find that it doesnt work is the most frustrating thing there is. I have redone my entire network bottom up, I have gone from FreeNAS 9.10 stable to 10 nightlies, to 10 beta 2, to 9.10 stable again, and am currently at 10 Beta 2 (since the behavior / failure with SMB is identical between all versions I have tried).

I am sorry to be taking my frustration out on you, but I have posted far and wide about this and have gotten no help and to come across this post at the top of "SMB on FreeNAS 10" just was the last straw...this utterly empty (and not version 10) tutorial is one of the most worthless I have seen.....I do not expect anyone to help me but I wanted to share so the author knows just how uninformative their tutorial is. I am not sure how others followed this and had any success, but I suspect that there are vastly more users that find this, try it, and turn away in disgust because of its failure rate.
 

Ericloewe

Not-very-passive-but-aggressive
Moderator
Joined
Feb 15, 2014
Messages
16,025
Thanks
3,880
#30
First off, this post alone doesnt tell you all the steps needed to log in.....what username and password do i connect to the share with? the "domain" will default to the client hostname so the user and password created on Freenas will NOT work. I have tried with the freenas hostname, the IP, the workgroup...NONE work
Of course it will, something else is wrong.

Second, why do I need to set it to "Windows" permissions? The data set I want to share is already shared via NFS and has many *nix users connected to it? Does setting to "Windows" permissions break NFS / Linux machines?
tl;dr - they are incompatible and you should not try that under penalty of losing any hair you might still have on your head. And your data, too.

Third, what about how I do NOT want the owner of the data set to be the user I am trying to connect to SMB? I am the admin, i have the root account, i want to be the owner, but I want other (multiple) windows machines to be able to connect with unique log ins...i could NOT repeat your tutorial and connect 2 users to the same dataset (not with the instructions provided).
There's nothing to it. Users log in and can see shares they have read permissions for. Just setup proper permissions for your scenario.

Fourth, short of the one quip about not "turning the knob" that disables a users password, you provided ZERO instruction on ANY of the steps you gave. Not even so much as a "Hey make sure your screens look like mine and have the settings set that I have in the pictures (which is what I tried to do, but it didnt work). A
What instructions do you want? All steps are either "fill in forms" or "change permissions like you would for a local file on Windows or a Windows server.

Fifth, at the end you say "mucking around with permissions"...where? on the freenas box? On the windows client that i CANNOT get connected? Why / how would a user who is following a how to setup SMB shares from freenas logically have been even ABLE to mess with perms...presumably the readers of your post are in need of assistance to get SMB working.
There are all kinds of scenarios. Obviously, the warning doesn't apply to clean configurations.

I am sorry to be taking my frustration out on you, but I have posted far and wide about this and have gotten no help and to come across this post at the top of "SMB on FreeNAS 10"
What? Link please. This is, quite obviously, based on FreeNAS 9.x. The FreeNAS 10 interface has nothing to do with this (though the steps are mostly analogous).
 

anodos

Belly-button Lint Extraordinaire
iXsystems
Joined
Mar 6, 2014
Messages
5,416
Thanks
1,488
#31
This is by far the vaguest "tutorial" ever.
That's not a great way to start.

First off, this post alone doesnt tell you all the steps needed to log in.....what username and password do i connect to the share with? the "domain" will default to the client hostname so the user and password created on Freenas will NOT work. I have tried with the freenas hostname, the IP, the workgroup...NONE work
You are correct. Sometimes you need to specify <hostname of samba server>\<username> (or at least make sure that the client's domain name isn't being prepended to the username). For instance, if you want to use a local user account on a domain-joined freenas server.

Second, why do I need to set it to "Windows" permissions? The data set I want to share is already shared via NFS and has many *nix users connected to it? Does setting to "Windows" permissions break NFS / Linux machines?
the goal of my example was to show a reliable method to set default permissions. Those items are off-topic. I cover some in posts in my forum signature.

Third, what about how I do NOT want the owner of the data set to be the user I am trying to connect to SMB? I am the admin, i have the root account, i want to be the owner, but I want other (multiple) windows machines to be able to connect with unique log ins...i could NOT repeat your tutorial and connect 2 users to the same dataset (not with the instructions provided).
manipulate the permissions like any windows server. Add acl entry for the group the other users are members of.

Fourth, short of the one quip about not "turning the knob" that disables a users password, you provided ZERO instruction on ANY of the steps you gave. Not even so much as a "Hey make sure your screens look like mine and have the settings set that I have in the pictures (which is what I tried to do, but it didnt work). Also on this topic, a worthwhile set of instructions gives brief explanation for doing something, so that the reader actually learns as they go. You give no reasoning for what you want us to do.
that quip was probably added at a later date out of frustration because there was a checkbox in the User creation GUI to disable password authentication for the user. Someone wrote up a tutorial advising to check this box, which of course will prevent a user from being able to authenticate.

Fifth, at the end you say "mucking around with permissions"...where? on the freenas box? On the windows client that i CANNOT get connected?
It sounds like you are having some issues that aren't related to permissions

Why / how would a user who is following a how to setup SMB shares from freenas logically have been even ABLE to mess with perms...presumably the readers of your post are in need of assistance to get SMB working.
Once you set default permissions on the share, you will be able to access it. It is impossible to list all the ways a person can misconfigure a client, server, or network.

I will say, i suppose I am just stupid, but I have been an IT Professional for 10+ years now and have setup countless windows and *nix servers (and have even run several freenas instances) but i have followed article after article and read through so much documentation only to be told that what I am doing is accurate but to find that it doesnt work is the most frustrating thing there is. I have redone my entire network bottom up, I have gone from FreeNAS 9.10 stable to 10 nightlies, to 10 beta 2, to 9.10 stable again, and am currently at 10 Beta 2 (since the behavior / failure with SMB is identical between all versions I have tried).
It sounds like you need to start a thread and provide lots of info about what you're doing and provide config details and logs. Samba isn't broken.

I am sorry to be taking my frustration out on you, but I have posted far and wide about this and have gotten no help and to come across this post at the top of "SMB on FreeNAS 10" just was the last straw...this utterly empty (and not version 10) tutorial is one of the most worthless I have seen.....I do not expect anyone to help me but I wanted to share so the author knows just how uninformative their tutorial is. I am not sure how others followed this and had any success, but I suspect that there are vastly more users that find this, try it, and turn away in disgust because of its failure rate.
Okay... If you're actually interested in getting help, start a new thread.

At the time I wrote this quick example, the forums were flooded with people having issues configuring permissions. This has largely died down - no doubt in large part to @m0nkey_ YouTube videos on setting samba permissions.
 
Last edited:
Joined
Dec 27, 2013
Messages
89
Thanks
2
#33
Will this tutorial work in similar fashion with Macs and Windoze PCs in the same network?
 
Joined
Dec 27, 2013
Messages
89
Thanks
2
#35
Thanks anodos! Appreciate the reply.
 
Joined
Aug 10, 2017
Messages
1
Thanks
0
#36
never mind all that stuff below.... Always remember to reboot kids.... :p
  • Not sure what I'm doing wrong here, but I followed these steps to the letter, but I'm failing on authentication. I can connect to the server, my share on my windows PC, the share name shows up. i double click it and it asks me to "Enter network credentials". I tried putting in the username and password and "Access is denied." I then tried appending the server name "BatchFlix.local" to the username as so BatchFlix.local\Chris to the username and putting in the password, and still no luck. At first I thought it was some of my initial config that was causing issue. I deleted the group, the user, the dataset, and the share. I then recreated each one again exactly as demonstrated in the tutorial and I'm seeing the exact same behavior....

  • Build: FreeNAS-11.0-U2 (e417d8aa5)
    Platform: Intel Core i7 9600
    Memory: 12241MB

  • Client: Windows 10 PRO PC

  • Any idea where I can go from here?
 
Last edited:
Top