Home Directory Setup Recommendations

[Thousandbuckle]

Hello all, I am running FreeNAS 9.3 and wanting to setup Home Directories for 10 users. I am planning to create the same login username/password from their Windows or Mac in FreeNAS accounts to match. The intent is when they logon they can browse to their folder and only see the data in their folder, no one elses.

So I intended to create a new data set "home_directory" and then create a data set underneath that for each user. My first questions is what permissions for user and group should I give and what share type should the "home_directory" data set be set to, Unix, Mac, or Windows? My users use only Windows or Mac's or a combination of both.

Second question what what share type should the user data set be set to? Some users use only Windows but some have Windows and Mac. I would configure the user data set to give permission based on the user/group accounts I created in FreeNas matching their PC login.

Next I would create a CIFS share to make the "home_directory" data set browsable. I know I need to check the "Use as home share" but should I check "Apply default permissions"? This is where it is confusing as I am not sure if it is applying permissions from the top level "home_directory" data set of the individual user data sets.

Any help is greatly appreciated.

 

[Nick2253]

Have you considered setting up Active Directory? FreeNAS supports running a Samba-based active directory, which would help you solve your user management issues.

As for setting up your home directories, you would not want to use "Apply default permissions". From the documentation:

sets the ACLs to allow read/write for owner/group and read-only for others; should only be unchecked when creating a share on a system that already has custom ACLs set

That would give everyone read access to the share and all its subfolders. You could go back and modify those permissions easily if you wanted, but there is no need to do that.

Also, if you are sharing everything with CIFS, then the permissions need to be "Windows". Again, that's in the documentation. You probably don't need to create a dataset for each user, unless you are sharing that dataset directly, or the users folders will hold wildly different material, unless you want to enforce strict quotas against your users.

 

[Thousandbuckle]

I dont have the resources to setup a Windows AD box and dont really want to add any more overhead to making this work.

Maybe I am not understanding the way Home Directory is supposed to work. Am I only supposed to create one Home Directory data set and then point the user accounts in FreeNas to that top level Home Directory Data set I created? So when the user logs on it maps them and creates a folder for them automatically?

Since you should only have one CIFS share marked as Home Share according to the documentation I am not sharing the user data sets individually only the top level data set. I assumed that the Home Directory CIFS share would then map to the user data set created for them.

 

[Nick2253]

I dont have the resources to setup a Windows AD box and dont really want to add any more overhead to making this work.

There's no need to set up a Windows box. Samba is built right in to FreeNAS (it's how it does CIFS sharing in the first place), and Samba will serve as a domain controller. Samba does not recommend that you use the same instance as both a file server and a domain controller, so if you want to go this route, the preferred setup would be a jail with samba running.

Maybe I am not understanding the way Home Directory is supposed to work. Am I only supposed to create one Home Directory data set and then point the user accounts in FreeNas to that top level Home Directory Data set I created? So when the user logs on it maps them and creates a folder for them automatically?

Since you should only have one CIFS share marked as Home Share according to the documentation I am not sharing the user data sets individually only the top level data set. I assumed that the Home Directory CIFS share would then map to the user data set created for them.

The way a home directory "should" work is that, when user UserA logs in, he sees folder \\freenas\UserA, and when UserB logs in, he sees \\freenas\UserB, but he does not see \\freenas\UserA, etc. Under the covers, you have a single directory (and usually a single dataset), which is the home dataset, and inside that directory, you have one folder for each user.

However, home folders can be finicky in the best of times. The easiest thing to do, in my opinion, is probably create, like you did, a single share called "Home" (or whatever), but treat this share no differently than any other share. Inside, you have a directory for each user, and you have the ACLs set properly so that the user can only access their folder. In this setup, UserA would go to \\freenas\Home\UserA, and UserB would go to \\freenas\Home\UserB. UserB would also see \\freenas\Home\UserA, \\freenas\Home\UserC, etc, but he would not have access to those folders.[/QUOTE][/QUOTE]

 

[Thousandbuckle]

I was finally able to get Home Directory to work so that when I logged on as one user or the other I would see two shares one called "Homes" and the other "UserA". Both shares would have the same information. Not sure why the "Homes" share and the "share name of the user" both get created. I am also playing around with having one dataset not configured as a Home Share and managing access by Windows ACL's.

Thank you for your feedback.

 

[anodos]

I was finally able to get Home Directory to work so that when I logged on as one user or the other I would see two shares one called "Homes" and the other "UserA". Both shares would have the same information. Not sure why the "Homes" share and the "share name of the user" both get created. I am also playing around with having one dataset not configured as a Home Share and managing access by Windows ACL's.

Thank you for your feedback.

In the FreeNAS webgui, select the share you configured as a "Homes" share and uncheck "Browseable to Network Clients".