SOLVED Getting CIFS Shares Working In 8 -- Lots of Details -- Multiple Roles

[John Morris]

FreeNAS 8 is proving to be a bigger challenge -- Problem No. 1 is Volume Change Permissions keeps reverting to "unchecked write" for "Group".

1. BACKGROUND -- Serving a small business and a family, we have FreeNAS 7 working fine, on an older machine. Time now to consolidate a lot of storage resources on a new machine, on ZFS mirrored 3 TB drives, via FreeNAS 8. This is now nicely working, at least at the macro level. (I have found FreeNAS 8 to have some nice features, but slightly fewer controls in the GUI.)

2. OBJECTIVE -- "More user access control than we currently have in place". Specifically we want controlled shares by user login from a LAN with Windows 7, Windows XP, and OpenSUSE clients, via CIFS/Samba. Samba is working between other systems on a peer-to-peer arrangement -- i.e. we have no LDAP or domain controller. We do have DNS servers.

3. DIFFERENCE BETWEEN V7 AND V8 -- Our current Version 7 FreeNAS access is only via Guest and a login from any given client. In Version 8, I'd like to more rigorously separate business and family data, by creating ZFS DataSets and Groups.

4. SUCCESS SO FAR -- Using the new Version 8 FreeNAS system, from XP clients, I can browse directories and copy and edit files on the FreeNAS 8 box. But I can't create a file when connecting from a Windows 7 client -- although I CAN edit a file which was created via the XP client.

5. SPECIFIC PROBLEM NO. 1 -- "Check box that doesn't stay checked". On View Volumes, and clicking to bring up the Change Permissions dialogue on a ZFS DataSet, I see that under "Mode", that "Group/Write" is "unchecked". Seeing as permissions are defined by group, it's important that the user have this, I think. So I check the check box. but after "Change" (i.e. "save"), and going back in, the checkbox reverts to "unchecked". Any advice on this? Am I even asking the right question?

6. DOCUMENTATION -- There seems to be a sentiment floating around that permissions in FreeNAS (and/or CIFS/Samba) are a little tricky. I've read too many "how toos" so far -- most of them are well-meaning but either too detailed or not detailed enough. Having spent part of my career in open source, I understand this phenomenon! What would be the best documentation to answer systematically all the questions that a person wants to know? Like for example, the meaning of a group owner being "root" versus "nobody", or why "set permission recursively doesn't stay checked. I believe I need to master all these details in order to solve the problem.

Thanks for help. I promise to document my eventual success when done!

John

 

[John Morris]

Re: Getting CIFS Shares Working In 8 -- Lots of Details -- Problem No. 1

Here's some more details of the situation. I can go ("obsessively") back and forth between different ZFS DataSets (constructed in a heirarchy) and check "write group". And as long as it "stays", from Windows 7 I can actually create a new file. HOWEVER, a minute later, it will have reverted again. I go to all the different DataSets and click the box, and then it will revert -- sometimes immediately, sometimes not. I've played around with inheritances etc. And some DataSets seems to "stick" longer than others. But there's something going on here I don't understand, obviously.

FYI, the same "write group" check box is present in the Users dialogue box. I was wondering if it was inherited from there -- but the box won't stay clicked in the User definition either (well, one user DOES stay clicked and the other doesn't -- and they are otherwise identical.)

Very strange. And not intuitive. : (

 

[John Morris]

Re: Getting CIFS Shares Working In 8 -- Lots of Details -- Problem No. 1

This is a partial reply, with good news:

SUCCESS -- With the nested ZFS datasets, I've been able to achieve the following:

1) The "Write by Group" checkbox now stays "checked", whereas previously it would automatically uncheck.
2) Access for read/write is now working on all clients.
3) Everything was done via the GUI; there was no necessity to go to a shell.

I hope this is stable and correct; I haven't checked everything.

The following functions were involved in some way:

a) User dialogue setting: "home directory"
b) User dialogue setting: "read/write/execute settings for owner/group/other"
c) The ZFS dataset heirarchy seems to be dependent on settings a level up.
d) Individual datasets now have a common "nasadmin" owner and individually set group owners.

FYI, the individually set group owners are the key to keeping business and personal life separate.

BIG QUESTION: OK, I think/hope it works. But why does it work? What specific documentation is there (or that needs to be written) which would cover something like this. This usecase shows up quite often in questions, and the answers are often very involved and require going out to the CLI via a shell. When you do that, you lose 90% of the potential market for FreeNAS usage. I'm not even completely sure that the correct topic is here.

SUMMARY SEARCH TOPIC: Here's my attempt to summarize the problem, in case someone searches for this answer: "How should FreeNAS 8 be configured to support a small LAN or workgroup with several different distinct work topics and user groups, and files that need to be kept separate and where access is controlled by role?" This is probably one of five top NAS use cases!

I'm looking forward to any clarification. And it would be good to review, dialogue by dialogue, every single setting, to ensure that for this use case, that it is done correctly. Lots of people will benefit I'm sure.

All-in-all, FreeNAS is great; good work.

 

[John Morris]

Not so sure now. Haven't been able to make it work and have no more time. FreeNAS was originally targetted at people who don't need to spend a lot of time on the CLI.

 

[cyberjock]

Not to sound like a douche but setting up file sharing in Windows 8 shouldn't be any different than Windows 7/Vista/XP/2000/whatever-uses-CIFS from a FreeNAS point of view. If things aren't working right then its a client-side issue.

 

[gpsguy]

The OP is comparing FreeNAS 8 vs FreeNAS 0.7, not Winders.

Windows 8

 

[cyberjock]

I saw that part but ignored the comparison because they share nothing except the name. The developers and source code is different and not related at all. I just thought he was implying things were different for Windows 8 because he mentioned Windows 8 in the thread title.