would like a simpler life

[William Bravin]

Hello all

I am posting this tread because i'm utterly frustrated with my situation. Ever since a versions of freenas back all was simpler for me.

I have windows 10 and windows 7 pcs I am the only user in the house and therefore i really do not need all the security offered by freenas.

my question today is:

can i strip all security on my pools, shares and jails?

i would like to access the shared folders from any pc regardless if win 10 or win 7 the User on all my pcs is me as administrator and with the same window credentials.


Although i have most issues in windows 7 i would like to simplify my life sop i do not need to worry about security i do not need
Is this is possible how can i do this ? or where can i source this information

Thank you for your help

 

[Samuel Tai]

Yes, this is feasible.

1. Let's assume you've created a Microsoft account for yourself on FreeNAS called wb, along with a corresponding wb group. (Adjust as needed for your specific accounts/groups.)
2. Then, in the SMB service, set wb as the guest account:
   
   
   
   
3. For your share, set the permissions as follows, filling in the user/group fields with your wb account and group (adjust as needed for your specific account and group):
   
   
4. Finally, in the share definition, enable guest access by checking both boxes:
   
   
   
   
5. Restart the SMB service after all these changes. You will now have login-free access to this share from all machines.

 

[kherr]

I'm in the same boat ...... Thank you. I already had most of this. You 'filled in the blanks' of some details.

 

[William Bravin]

@Samuel Tai

thank you very so much the solution worked perfectly now all my pcs see and access the shared drives on freenas

If i may be pedant, I can access all folders and i can delete the contents all fine. The move to a recycle bin in a folder under my name Great.

now i do to delete them and i get and access error saying i need permission from \\freenas\wbravin or \\freenas\root

the one with root i can understand however the one with wbravin i do not. In all my pcs i have credentials for freenas with wbravin and the password used in freenas

wht can i do

again many thanks for responding so quickly

 

[Samuel Tai]

You'll need to disconnect from the shares, and delete any saved credentials in Credential Manager. Then remap to the shares as guest.

 

[William Bravin]

thank you Samuel

sorry for being so obtuse (i'm old). when you say disconnect from the share you mean in freenas under sharing window share delete all the share folders and the re add them as guest?

once again i appreciate you taking the time to respond

 

[Samuel Tai]

No, on the Windows client-side, disconnect from the share (right-click the share, and pull down to Disconnect), and then open the Credential Manager control panel and delete any saved logins to those shares. Then reconnect to the share via Map network drive.

 

[William Bravin]

Hello Samuel


Thank you for responding so quickly

I've been playing with this proposed solution all morning including rebooting the PC several times (which in this case is a win 10 laptop) to no avail.

If i go to the recycle bin sub folder and I right click on it and go to securities I see that no one has any privileges. all my recycle bin owners are freenas\root. Root user does not show up in any acl for any datasets or mounted shares.

I tried to change owner under folder properties security advance and try to change the owner to wbravin i get failed to enumerate objects in the container.

on the windows 7 pcs your earlier solution works like a charm. however on these machines i see all the sub folder of each share but not the recycling bin.

to add more information If I go to the sub folders of the recycle bin and go to the properties security can select everyone and add full controls over the folder and its sub folders The permission change and i can delete this folder

 

[Samuel Tai]

Yes, unfortunately the best way forward is to disable the recycle bin, and then rm -rf the recycle bin directories. This is a feature that isn't really that robust.

 

[anodos]

There was a limitation in older versions of the SMB recycle bin where it wasn't ACL-aware, which could result in unhelpful permissions being set on the auto-generated directory tree. Generally speaking, the module has limited utility and should be considered in almost all ways inferior to using ZFS snapshots.

The correct behavior for the module is to auto-generate
./recycle with 777 at the root of your share.
As your users delete things, new directory trees with permissions of 700 will be automatically generated ./recycle/<username>/<tree> to rebuild the path to the original file. In case of a single dataset, the file is _moved_ to the new path, in the case of a nested dataset, the file may be _copied_ to the new path.

Users only ever have access to their own recycle bin. When you have guest access enabled on a share with a recycle bin, behavior can be unpredictable (some SMB clients will try to authenticate as the local user, and if the account doesn't exist on the FreeNAS server, they will end up with a guest session as the user specified as the "guest" account).

 

[William Bravin]

Hello all Thank you for these responses. @Samuel Tai please let me ask a dumb question

When i delete a file or folder from a dataset and the file ends up in the recycle bin, is the file or folder still physically on the drive?

because my understanding is that the file is deleted from the drive only when it is deleted from the recycle bin if not then there is no need of the recycle bin. Correct?

to @anodos I would agree with your statement. however my point is that i was trying to simplify my life. as mentioned i am the only user. I can access my share from any pc i have. this is fine. However i should be able to manage add and delete (your 777 I think).

my original question was how to i set up the ACLs, my windows credentials and my windows permissions so i do not need to deal with this functionality i do not need. I am a fervent practitioner of the KISS system (once i have already complicated my life LOL)

again thank you all for your responses it is greatly appriciated

 

[William Bravin]

Hello all I fixed it myself by adding a root user to my windows credentials

thank you all for your help[

 

[geoffwhere]

Yes, this is feasible.

1. Let's assume you've created a Microsoft account for yourself on FreeNAS called wb, along with a corresponding wb group. (Adjust as needed for your specific accounts/groups.)
2. Then, in the SMB service, set wb as the guest account:
   View attachment 41394
3. For your share, set the permissions as follows, filling in the user/group fields with your wb account and group (adjust as needed for your specific account and group):
   View attachment 41395
4. Finally, in the share definition, enable guest access by checking both boxes:
   View attachment 41396
5. Restart the SMB service after all these changes. You will now have login-free access to this share from all machines.

Dear Samuel,
With reference to your above instructions which I have just implemented unsuccessfully, and regarding our separate conversation in a previous thread, I'm still unable to map my FreeNAS Shares.
I continue to get the Windows error message "The specified network password is incorrect" regardless of any password I enter, including a null entry, to the Windows mapping request.
There's obviously a rogue setting somewhere among the maize of settings, but nothing I've tried seems to work.
Is there another way to approach this?
For example, given that I've previously established share partitions, been able to map those to Windows and added files to the pool, is it feasible to delete the existing users and groups and recreate new accounts to attach to those shares, without endangering my data in the FreeNAS pool?
Or maybe I'm completely misunderstanding the structure of all these elements and parameters and need to seek outside assistance to get me out of this pickle.
I'm hoping you can advise.