CIFS SHARING, USER PERMISSIONS DON'T WORK CORRECTLY

Status
Not open for further replies.

Mike77

Contributor
Joined
Nov 15, 2014
Messages
193
In the GUI, click on "System", then click on "Advanced", then click on "Save Debug".

I've added the debug.

So the problem again:

The NAS doesn’t show under the network Tab in Windows explorer. But I can access the NAS and al it’s shares by entering the IP in the file explorer. On one computer (exactly the same user and password as the owner in Freenas and member of the a group I’ve created) I can’t write, copy, cut or move files and on another computer (exactly the same username and password as a group member as mentioned in Freenas) it says the same. If I look in the security tab in Windows it shows the group Everyone (with read permission), the Owner (Unix user) and the Group with full control.

The goal is to have three accounts:

  • USER1 (admin on Windows desktop; User with same name and password exists on Freenas) should have full control
  • USER2 (admin on Windows laptop; User with same name and password exists on Freenas) should have full control
  • GUEST (guest account for everyone else) read, copy and execute
And I don’t know if it matters, but the plugins in Freenas also use the files on the server. So I think that they should also be able to access the information. But maybe this works automatically.

In Freenas I’ve made the following group and users:

NAS-Users (Group, group ID 1001)

- USER1 (owner and member of group NAS-USERS, user ID 1004, Disable password login: false, Lock user: true, Permit sudo: false, Microsoft account: true, Auxiliary groups: wheel (build in);
- USER2 (member of group NAS-USERS, user ID 1002, Disable password login: true, Lock user: true, Permit sudo: false, Microsoft account: false, Auxiliary groups: wheel (build in);
- GUEST (member of group guest (build in ID 31), user ID 1003, Disable password login: true, Permit sudo: false, Microsoft account: true.

The NAS has the following volumes/datasets/shares:

NAS1 (Volume, 2 drives mirrored)

- NAS (Dataset, Apply owner (user): checked, Owner (user): USER1, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);

-- NAS-Media (CIFS Share, Apply owner (user): checked, Owner (user): USER1, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);

-- NAS PLJails (UNIX Share/Dataset, Apply owner (user): checked, Owner (user): USER1, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Unix, Set permissions recursively);

NAS2 (Volume, 2 drives mirrored)


- NAS2 (Dataset, Apply owner (user): checked, Owner (user): USER2, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);

-- NAS BU (CIFS Share, Apply owner (user): checked, Owner (user): USER2, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);

-- NAS network disk (CIFS Share, (CIFS Share, Apply owner (user): checked, Owner (user): USER2, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);


NAS-Speedy
(Volume, 1 drive)

- NAS-Speedy (Dataset, Apply owner (user): checked, Owner (user): USER2, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);

-- Speedy-NAS (CIFS Share, Apply owner (user): checked, Owner (user): USER2, Apply owner (group): checked, Owner (group): NAS-Users, Apply mode: checked, Mode: everything checked except write under Other, Permission type: Windows, Set permissions recursively);

In the end the goal is, to:
- set the above persmissions;
- make the NAS visible in the Network tab in Windows File Explorer;
- make NAS-Media browsable for all users, members of the above group and the guests using the above mentioned permissions;
- make NAS BU browsable for all users and members of the above group (not the guests), using the above permissions;
- make NAS network disk only browsable to USER2, with full control; and
- make Speedy-NAS browsable to all users, with fulle control.
 

Attachments

  • debug-HS33-NAS-20150616170119.tgz
    1.8 MB · Views: 423

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
Thank you for adding required information
 
Last edited:

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Get rid of "null passwords = yes " parameter from your cifs config.
Per FreeNAS documentation, "Disable password login" "when checked, the user can not log into the system or authenticate to a CIFS share " uncheck that box! Don't lock the users either.
Your samba guest user is "nobody", and not your "guest" account. This means that any user that hits as a "bad user" gets mapped to the "nobody" account, which does not have write privileges.

These are some misconfigurations I saw over the course of briefly looking at your config. I'd say you should probably reset to factory defaults and have a redo with less 'knob twisting'.
 

Mike77

Contributor
Joined
Nov 15, 2014
Messages
193
Thank you for adding required information
Sorry,

Didn't know about the letters. I'm not yelling. I've created this new thread because Anodos asked me to in a diffrent threat "CIFS (Windows sharing) guide"

Am I in the wrong place? Where should I be?

Edit: Sorry, didn't see the reaction from Anodos till know
 

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
Sorry,

Didn't know about the letters. I'm not yelling. I've created this new thread because Anodos asked me to in a diffrent threat "CIFS (Windows sharing) guide"

Am I in the wrong place? Where should I be?

This forum is the right one. No worries there. The initial post prior to your edit seemed really vague. You added appropriate information which is why I edited my comment.

It's just common internet knowledge that all caps indicates yelling. ;)

No worries, dude. You're OK.
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Another thing I noticed is that you modified the permissions on your jails dataset this is something you can't do and still expect your jails to work. You will have to delete that dataset. I suggest wiping everything and rebuilding your array so you eliminate any issues that have been created.
 

Mike77

Contributor
Joined
Nov 15, 2014
Messages
193
modified the permissions on your jails dataset this is something you can't do and still expect your jails to work. You will have to delete that dataset. I suggest wiping everything and rebuilding your array so you eliminate any issues that have been created

Done it and got it working.

But now there's a new problem after upgrading to Windows 10 and moving the user files to a CIF on my NAS. Something with the recycle.bin beïng corrupted. Ivé created a new thread on this forum concerning this problem. I believe that I don't only need the FreeNas Manual on persmissions but alsoo need one on Windows. I've posted the problem on various Windows forums, but until now sadly to no avail.
 
Status
Not open for further replies.
Top