SOLVED SMB Sharing - files accessible for everyone

[Gen8 Runner]

Hey together,
i followed the Youtube-Tutorial of @m0nkey_ Video about SMB shares.

I have several datasets, where i just want to permit specific users, to have access to specific datasets.
So i followed the tutorial and set the permissions in every dataset to: nobody - videos ; nobody - music ; nobody - holiday pictures ; nobody - manuals etc. (user / group) and chose windows as permission type.

All users i created are having different passwords and their own home-share.
But when i log-in for example with username videos, i also can access all the other datasets (music, pictures, manuals etc.), even if i gave those ones a separate password and didn't activate guest-access in the other SMB shares.

Shortly: Every user can now access all datasets.
Does anyone has another idea for a solution? I am already trying since hours and tried all combinations of permissions etc., to get it working. But all the time ago.
At the initial setup i had to work with the e.g. valid users = music auxiliary parameters, to get it working. But that was never mentioned, neither in the youtube-video, nor the freenas-documentation.

Brgds

Btw.:
I deleted all windows password-information and reset the smb connection by net use * /delete, to ensure, that not old passwords / SMB configurations are kidding me.

 

[Johnny Fartpants]

I'm not familiar with the above video but what I do is create an 'admin' user in FreeNAS and make 'admin' the user / group owner on all the datasets and select Windows permissions. Then set up your Windows SMB shares. Create all your other users that will need access to various areas. Finally connect to the shares one by one from a Windows computer as 'admin' then right-click the share and select 'Properties', 'Security' and remove the 'Everyone' category and assign your users the desired rights from within that window.

 

[Gen8 Runner]

I'm not familiar with the above video but what I do is create an 'admin' user in FreeNAS and make 'admin' the user / group owner on all the datasets and select Windows permissions. Then set up your Windows SMB shares. Create all your other users that will need access to various areas. Finally connect to the shares one by one from a Windows computer as 'admin' then right-click the share and select 'Properties', 'Security' and remove the 'Everyone' category and assign your users the desired rights from within that window.

Thanks a lot for your reply.
In general it works here, but there still exists a problem.

I now setup the admin-account in FreeNAS, like you said.
Then went to Storage -> Pools -> Edit Permissions -> ACL Type Windows -> User "Admin" Group "Admin" -> "Apply Recursively".

Following connected to my FreeNAS-Shares on Windows-Explorer -> Properties -> Security -> Delete "Everyone" and assigned the wanted users...but FreeNAS / the Dataset is always setting again a completely different user as Owner and finally i cannot access it anymore. Really weird.
Is it the same for you?

Here a picture-series of the situation:

User / Group set to "Admin" -> Saved.

Above the former users (Jeder = Everyone), in the opened windows i chose the new persons, who should be allowed to have access.

After changing the above settings to the new users, this appears automatically in the dataset-editor in freenas. User changed by (????) to BackupMartin, instead of leaving it by admin (BackupMartin should NOT have ANY access to this dataset, for this reason i deleted it in all the ACL-Settings in Windows-Explorer.
Now i cannot change anything anymore with the admin-account in the windows-explorer-ACL editor, because in freenas "admin" was removed as owner.

 

[Gen8 Runner]

I think i now found a solution, almost like your way.

1. Create the user accounts (and automatically their groups)
2. Set in the datasets those user accounts to the wanted datasets
3. Create the shares in in the SMB Section in FreeNAS
4. Connect to EACH share SEPARATE with the user & password you chose for this dataset (even if you can see all available shares, you cannot just connect and change the permissions in windows)
5. Change the permissions in properties for the one dataset
6. Windows command net use * /delete, to remove the network-drive
7. Connect to the next SMB-FreeNAS Share and proceed on point 5

That's it. And you never should use admin as account in FreeNAS. You cannot give an owner-permission of "admin" to a dataset - that is blocked, i think because it is like other basic accounts (root, wheel etc.). So always choose another username than admin.

 

[anodos]

I think i now found a solution, almost like your way.

1. Create the user accounts (and automatically their groups)
2. Set in the datasets those user accounts to the wanted datasets
3. Create the shares in in the SMB Section in FreeNAS
4. Connect to EACH share SEPARATE with the user & password you chose for this dataset (even if you can see all available shares, you cannot just connect and change the permissions in windows)
5. Change the permissions in properties for the one dataset
6. Windows command net use * /delete, to remove the network-drive
7. Connect to the next SMB-FreeNAS Share and proceed on point 5

That's it. And you never should use admin as account in FreeNAS. You cannot give an owner-permission of "admin" to a dataset - that is blocked, i think because it is like other basic accounts (root, wheel etc.). So always choose another username than admin.

In 11.2-U4 we're introducing a dropdown under Services->SMB "SMB Admin Group". This group will be automatically added as a member of BUILTIN\Administrators, which will grant all members of the selected group the ability to take ownership of shares. The practical outcome of this will be that you can create a group (for instance NAS_Admins), then select it with the dropdown. Once you authenticate as a member of that group, you can right-click on any share, take ownership of it via Windows File Explorer, then fine-tune permissions as needed. There will be no need to even select a dataset owner in the FreeNAS UI.