one user share works, other one doesn't

[justanotherNAS]

so i have userA and userB
both have a home folder
both have different passwords
both have a SMB share

windows sees userA and works fine after username password, maps network drive etc

windows sees userB asks for username and password. Not accessible no permission

like ?

 

[garm]

Dude.. what do you want us to do?
Did you read the rules?

We need some kind of information to help you.. what are the permissions you have set? Do you use different datasets or only one? Are you accessing from different machines? What version of Windows do you use? Are the users set up in FreeNAS or in a directory? What version of FreeNAS do you run?

All those questions we shouldn’t have to ask..

 

[justanotherNAS]

just downloaded so it's FreeNAS version 11
permissions are default
testing from one version of windows 7
set up in FreeNAS under users and under sharing
no dataset just a volume

Not trying anything fancy just install, users, shares, one works other one doesn't with same settings.

FreeNAS userB not accessible unless i make it a home share, in which case it turns into \homes and I can access my data in their share otherwise multiple connections to the same resource by the same user using different user names is not allowed

Ok so I went to userB's win 7 laptop, logged into their share as them, and same thing in reverse. I can see their share but not userA. Homes has userBs data.

So that's great. Aaaaaand thats as far as its going to get isnt it. It works that much.

Thanks for prompting me to try another computer. I was trying to avoid that, but it kinda answered my question.

 

[Artion]

Is this thread Solved? Look at my signature on how to mark this Solved.

BTW in Widows you can't open the same network resource with different credentials simultaneously on the same Windows session.

This means that you have to close the first connection by logging out and logging in if you connect to FN with a different user than userA and userB (If you login as userA or userB the respective home is automatically shown when you connect to FN shares because it automatically creates the connection with the logged in credentials).

Being the shares home folders they can't see each others home. You can make those browsable by the network so you can list them but you can't enter them if the permissions are set per user. You can also set permissions per group and make the users part of the same group so every user sees others home but this makes, IMHO rather than making RO for group and RW for the users, using home shares nonsense....

 

[justanotherNAS]

its not really solved. User B now having this problem. I can map the network drive but have no write permissions. And thats from UserB's laptop

https://forums.freenas.org/index.php?threads/you-need-permission-to-perform-this-action.10357/

 

[garm]

permissions are default
[..]
no dataset just a volume

It’s kind of boring having to pry this out of you..
Is the permissions root/wheel (unix scheme) and no datasets, and you try to connect with users only member of their own groups?

Or are you using one of the predefined groups?

Are you using windows permissions?
What tutorials have you been following?
Have you read the documentation?
What section do you rely on in what you did?

Etc..

Give us something..

 

[justanotherNAS]

It’s kind of boring having to pry this out of you.. but go take a look and you'll see there's a default permissions button. yeah that one. Its ticked.

Mod note:

Edited to remove some less polite bits.

- Ericloewe

 

[garm]

You Sir, should read the documentation, especially storage permissions and SMB shares (but it really doesn't hurt if you read the whole thing...), then you can go watch @m0nkey_ 's video on the topic

If you then still have issues, read the rules you agreed with when you joined yesterday.. try to explain your issue with as much detail as possible, we want your permissions setup, storage layout, FreeNAS version etc...

Mod note:

Edited to remove some less polite bits. As for the storage layout... Well, it really has nothing to do with the question at hand, so you don't strictly have to include it. It's always nice to present extra information like that, though, so feel free to include your pool layout even if it's not really that relevant to the current discussion.

- Ericloewe

 

[anodos]

so i have userA and userB
both have a home folder
both have different passwords
both have a SMB share

windows sees userA and works fine after username password, maps network drive etc

windows sees userB asks for username and password. Not accessible no permission

like ?

Please post contents of /usr/local/etc/smb4.conf

You can do this by enabling the ssh service and using winscp to download it.

 

[Ericloewe]

<Moderator hat>

This post is to clarify the extent of the editing that took place here, specifically why so much was kept.

You Sir, should read the documentation, especially storage permissions and SMB shares (but it really doesn't hurt if you read the whole thing...), then you can go watch @m0nkey_ 's video on the topic

This is actually an important point, because...

but go take a look and you'll see there's a default permissions button. yeah that one. Its ticked.

...this is indicative of a potential misunderstanding. Or rather, it's not the correct approach to most situations. I'll explain more in a bit.

no dataset just a volume

This is also a poor approach.

As a side note, let us all assume good faith from everyone in this thread and act accordingly.

</Moderator hat>

Okay, so let's go over some important tidbits to get this on track:

1. Default permissions give Read to everyone who logs in. This is rarely desirable and permissions should be edited by the owner, as exemplified in @m0nkey_'s videos.
2. Checking the "Set default permissions" box and applying sets the dataset's permissions to those mentioned in 1. As per 1, this is not a routine thing and only makes sense during setup or if something got really mangled as a nuclear option.
3. Shares should always be datasets. They don't strictly have to be, but there's no good reason for them not to be and plenty of very good reasons for them to be.
4. The owner of the dataset being shared is important. On a small non-AD environment, it's going to be either an admin or the physical person who "owns" the respective share. They must then change the defaults to their liking.
5. Using Unix permissions with SMB is less than ideal and may cause trouble. Use datasets set to Windows permissions.
6. If the owner can't login, ensure that Windows isn't trying to use obsolete authentication methods (this sometimes happens when third-party software sticks its dirty fingers in the registry). Also, don't forget that Windows has the extremely irritating behavior of never storing a set of credentials made up of the same username and a different password and will always automatically try using the Windows password for remote authentication. When this fails, you're prompted and can login normally, if all else is well.