How to configure Home Share?

[depasseg]

I have an AD domain and am trying to setup Home Shares for users.

Users can see their share when browsing to \\FreeNas1 but are unable to open the share.

I'm guessing this is due to permission of the dataset. The docs don't discuss (or I can't find) what the permissions are supposed to be on the dataset that contains the home share.

I get the following smb error:

Code:

Dec 14 13:06:06 freenas1 smbd[20200]: [2014/12/14 13:06:06.522996,  0] ../source3/smbd/service.c:792(make_connection_snum)
Dec 14 13:06:06 freenas1 smbd[20200]:   canonicalize_connect_path failed for service greg, path /mnt/tank/home/DEPASSE/greg

Here's smb4.conf:

Code:

[global]
    server max protocol = SMB2
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    max open files = 3771029
    syslog only = yes
    syslog = 1
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = nobody
    map to guest = Bad User
    obey pam restrictions = yes
    directory name cache size = 0
    kernel change notify = no
    panic action = /usr/local/libexec/samba/samba-backtrace
    server string = FreeNAS Server
    ea support = yes
    store dos attributes = yes
    hostname lookups = yes
    time server = yes
    acl allow execute always = true
    acl check permissions = true
    dos filemode = yes
    domain logons = yes
    idmap config *: backend = tdb
    idmap config *: range = 90000001-100000000
    server role = member server
    netbios name = FREENAS1
    workgroup = DEPASSE
    realm = DEPASSE.NET
    security = ADS
    client use spnego = yes
    cache directory = /var/tmp/.cache/.samba
    local master = no
    domain master = no
    preferred master = no
    winbind cache time = 7200
    winbind offline logon = yes
    winbind enum users = yes
    winbind enum groups = yes
    winbind nested groups = yes
    winbind use default domain = no
    winbind refresh tickets = yes
    idmap config DEPASSE: backend = rid
    idmap config DEPASSE: range = 10000-90000000
    allow trusted domains = no
    client ldap sasl wrapping = plain
    template shell = /bin/sh
    template homedir = /home/%D/%U
    pid directory = /var/run/samba
    smb passwd file = /var/etc/private/smbpasswd
    private dir = /var/etc/private
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = CP437
    unix charset = UTF-8
    log level = 1
   

[backup]
    path = /mnt/tank/backup
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare
   

[homes]
    valid users = %D\%U
    path = /mnt/tank/home/%D/%U
    comment = Home Directories
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = no
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = recycle zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare
   

[media]
    path = /mnt/tank/media
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = yes
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare

Here's the Share:

Here's the dataset:

 

[pilotjunky]

... I'm having the same issue ... interested in a solution too.

 

[hica]

If you want to have a full access to your dataset without password prompt you can check " Allow Guest Access" in CIFS share

 

[depasseg]

Thanks @hica but that isn't what we are talking about. Home shares are the opposite of guest access. They are individual user folders that are only accessible by that user. @dlavigne - any way to get some insight on Home shares? There isn't anything in the docs.

 

[depasseg]

Looks like this bug is related, but there is still a lacking amount of info in the docs on how to configure permissions, or use it.
https://bugs.freenas.org/issues/7138

 

[dlavigne]

Looks like the bug has been fixed. Any ideas on what you'd like to see added to the docs or does it "just work" now that the bug is fixed?

 

[depasseg]

Has the update been pushed? Looks like it's ready for release.

As for directions, a little info on what it will do - does it automatically create folders or datasets for each user who logs in? Do we need to set any permissions? Do we need to do any configuration after we click the "Home Shares" checkbox.

Maybe it will be more useful to see the fix first and then see what else is needed.

 

[SweetAndLow]

I would spin up a VM and test it with your configuration. When I set them up I had to create folders for users before things worked. Lucky just setting a users home directory when creating a user does the same thing. I didn't have to touch permissions. One thing to watch out for its how windows is case incentive and Unix isn't.

 

[depasseg]

SnL - are you using the 9.3 version? I've got it setup but couldn't figure it out, hence this thread. I created a dataset (windows), created a CIFS share, and enabled the home share option. Nothing. Nothing in the dataset. Nothing on the Windows side that looks like a home share. Did all your users appear in the home share immediately? At login? Once a day? Any insight would be greatly appreciated.

 

[depasseg]

I'm still trying to figure out how to use Home Shares option. I'm guessing it's a dataset permissions issue, but I'm not sure. I'm not sure what to use. I've tried nobody, domain admin, my domain user. Does anyone have this working?

 

[depasseg]

@dlavigne - Any feedback you can add from a documentation perspective? I followed the instructions for a CIFS share, but I can't get Home Shares to work properly.

Thank you,
Greg

 

[dlavigne]

There's still an open bug on home shares, I'm waiting for that to settle.

 

[anodos]

Since this is an AD environment, it may be a good idea to eschew using the special [homes] definition and configure your home shares via AD. See samba documentation here: https://wiki.samba.org/index.php/Setting_up_a_home_share

 

[Erik Franzén]

Have also run into this trouble with home shares and Actrive Directory using FreeNas version 9.10.2.U3
Is there a solution?

 

[dlavigne]

It's best to start another thread that contains your config so that we can help troubleshoot your specific setup.