CIFS / SMB Homefolders for users

[ChaosCater]

In the process of migrating from a commodity NAS to my own FreeNAS box. I'm trying to setup homeshares for my users but its not working as intended.

Currently I have a folder setup called "Users". When I create a user I set their home directory to that folder. This works and I get a folder created within Users with their username however everyone can browse each others folders.

I then run setfacl -x everyone@:::allow path/to/directory which limits this. This is working for me but feels like a hacky way of doing it. It also seems to limit the number of connections to the folder, ie I connect from a laptop fine, but if i try from my desktop at the sametime, the same user account has lost all permission and can't access anything - what would be causing this?

If I enable Homedirectory on the "Users" folder which I believe is the proper way to do this, its renames the folder as "homes" but I loose all access to it. No account can access homes or the user folder that appears.

Is my implementation of the home folders ok?
Is there a way that I can allow an admin user to see and access all users home accounts? (after running setfacl -x everyone@:::allow path/to/directory I loose all access even if I add an admin user to the group)

 

[anodos]

[Homes] share by default will dynamically create a share based on the username of the user who is connected to the server. For instance "bob" connects to samba server "freenas". His home directory will appear as \\FreeNAS\bob.

Regarding permissions on the share, you should remove the "everyone" ACE from \\FreeNAS\Users rather than \\FreeNAS\Users\Bob. This is best done through the Windows File Explorer "security" tab (because it will automatically recurse through subdirectories.

One option to also consider for home directories is setting the nfs4mode samba parameter to "simple". This will expose "CREATOR-OWNER" and "CREATOR-OWNER GROUP" ACEs that Windows may expect to be able to manipulate. I believe you can do this by setting the share auxiliary parameter nfs4:mode = simple. For more information about nfs4:mode see discussion here: https://bugs.freenas.org/issues/21603