General smb/cifs Truenas

[tiberiusQ]

Dear Folks,

While awaiting the Big upcoming Truenas (whoop) I decided to double think about several aspects to understand it better.

1. User
Since truenas samba auth. is a new setting and enabled per default but ms.account is disabled per default. I was not able to understand the difference or impact of these settings ?

2. Dataset settings for smb (windows10 and macos clients)
So the recommended way (performance) seems to be smb and not generic, with the downside that it is tricky to use rsync and problematic with eg. syncthing inside of smb datasets. So I wonder if there is somewehere a comparsion pro&contra generic/smb options or Documentation about these settings ?
I do not need a complex acl structure for my shares - I just have a bunch of shares and I only need to restrict the users and groups on per shares basis and I struggled a lot in the close past with exotic behaviour eg. when acrobat reader comments a pdf which creats a undeletable tmp file (root/wheel) as well as libreoffice did things like that, etc.
Is there a simple way to create acls just on a share level but inside the share whithout acls at all ?
I don't know, I just think loud But I guess I'm not the only one.....

All the Best & Greets!

 

[anodos]

Dear Folks,

While awaiting the Big upcoming Truenas (whoop) I decided to double think about several aspects to understand it better.

1. User
Since truenas samba auth. is a new setting and enabled per default but ms.account is disabled per default. I was not able to understand the difference or impact of these settings ?

That's perhaps not the clearest worded text. When this is checked, then an NT hash is generated for the user and it is inserted into samba's passdb.tdb file (and is then available as an SMB user). Otherwise it's not. This is a mechanism to differentiate between system/service accounts and actual user accounts.

2. Dataset settings for smb (windows10 and macos clients)
So the recommended way (performance) seems to be smb and not generic, with the downside that it is tricky to use rsync and problematic with eg. syncthing inside of smb datasets. So I wonder if there is somewehere a comparsion pro&contra generic/smb options or Documentation about these settings ?
I do not need a complex acl structure for my shares - I just have a bunch of shares and I only need to restrict the users and groups on per shares basis and I struggled a lot in the close past with exotic behaviour eg. when acrobat reader comments a pdf which creats a undeletable tmp file (root/wheel) as well as libreoffice did things like that, etc.
Is there a simple way to create acls just on a share level but inside the share whithout acls at all ?
I don't know, I just think loud But I guess I'm not the only one.....

All the Best & Greets!

You can create a generic share, don't set an ACL on it, and when you create the SMB share, uncheck the "ACL" checkbox.

 

[tiberiusQ]

1. User
So the microsoft account chechbox is the gui version of smbpasswd ?
If this is true what does samba auth. checkbox do ?

2. Dataset / Smb Share
Ok. and which impact does this have on performance (generic) ?
How does it affect a migration task of data from a smb dataset to a generic dateset (sensitivity, acl mode). ?

 

[anodos]

"samba auth" is for setting the passwd in passdb.tdb. "Microsoft Account" is a legacy anti-feature that maps the email address of the user to the username.