Hi,
I'm looking for some help with configuring Windows SMB shares with Active Directory authentication. I work on FreeNAS-11.3-U1. My setup is as follows:
Active Directory config:
LDAP config:
I guess it works correctly, because in ACL config I see a list of domain users and groups.
My goal is to create a Windows share and allow one AD group to access it. I created "test_share" with the following config:
owner: fuser (local FreeNAS user, doesn't have any permissions)
group: my_domain.local\freenas_test_group (I want this group to have the access)
ACL is shown on the image below. I believe changes took place, because the permissions for the share (when checked from the shell) are: d---rwx---
This configuration doesn't work as I expected: it lets member of "freenas_test_group" log in to share, but creating folders causes some weird behaviours. When I created folder, a few of them appeared. When I tried to delete them, permission error was displayed (screenshot below). I checked from the shell permissions for the new folders, and they were: d---------. This behaviour occurs only with folders - I can create and modify files without any problems.
I checked one more thing: I added ACL with specific user ("freenas_test_user" on the next screenshot). In this case everything works fine. "Freenas_test_user" can create both files and folders normally and new folders have permissions: drwx------.
To summarize, this config works for AD user, but not for AD group. If anyone has any idea what the problem is, please share.
I'm looking for some help with configuring Windows SMB shares with Active Directory authentication. I work on FreeNAS-11.3-U1. My setup is as follows:
Active Directory config:
LDAP config:
I guess it works correctly, because in ACL config I see a list of domain users and groups.
My goal is to create a Windows share and allow one AD group to access it. I created "test_share" with the following config:
owner: fuser (local FreeNAS user, doesn't have any permissions)
group: my_domain.local\freenas_test_group (I want this group to have the access)
ACL is shown on the image below. I believe changes took place, because the permissions for the share (when checked from the shell) are: d---rwx---
This configuration doesn't work as I expected: it lets member of "freenas_test_group" log in to share, but creating folders causes some weird behaviours. When I created folder, a few of them appeared. When I tried to delete them, permission error was displayed (screenshot below). I checked from the shell permissions for the new folders, and they were: d---------. This behaviour occurs only with folders - I can create and modify files without any problems.
I checked one more thing: I added ACL with specific user ("freenas_test_user" on the next screenshot). In this case everything works fine. "Freenas_test_user" can create both files and folders normally and new folders have permissions: drwx------.
To summarize, this config works for AD user, but not for AD group. If anyone has any idea what the problem is, please share.
