Please stop me from installing windows server

[anodos]

Post a link to NASA's guide.

While you're at it, post the following enclosed in [ code ] tags:

• Contents of /usr/local/etc/smb4.conf
• Getfacl output for one of your shares - i.e. (getfacl /mnt/Zpool1/Peter)
• Output of "net getlocalsid"
• Output of "net getdomainsid"
• Output of "net usersidlist"
• Output of "smbstatus"
• Output of "pdbedit -L"
• Anything relevant from /var/log/messages, /var/log/samba4/log.smbd, /var/log/samba4/log.wb-FREENAS

Edit: Disregard request for NASA's guide. Found it - https://forums.freenas.org/index.ph...-permissions-set-up-example-for-dummies.8894/

That permissions example is for FreeNAS 8.2. Do not use howtos for old versions of FreeNAS.

Here is a video from a canadian monkey - https://forums.freenas.org/index.php?threads/how-to-freenas-and-samba-cifs-permissions-video.41210/

 

[ProjectMorris]

AnodOs, I'm going to try the Unix rather than Windows based permissions and see how I go. I've actually cleared the original configuration in a fit of exasperation last night so it's a clean slate to start with. But that will have to wait for the weekend for the time to be available for me. But I promise to keep you posted.

 

[m0nkey_]

If you're wanting to use SMB/CIFS, I can highly recommend the video I created on setting up Windows datasets and SMB shares.

https://forums.freenas.org/index.php?threads/how-to-freenas-and-samba-cifs-permissions-video.41210/

 

[russellsouthey]

Hi Peter

I experienced a similar frustration with file permissions - I couldn't get Freenas to do what I wanted. After much trial and more errors than I care to think about I kept things simple and it seems to work. This is what I did:-

1) created users and groups as I needed them (3 users, 2 specific groups [each user is also a group])
2) created datasets/volumes as I needed them ( 3 volumes - 1 for each user, and 3 volumes that would be used by everyone)
2.1) for each volume I set the PERMISSION TYPE to UNIX (I didn't change owner/group/other settings here)
3) created SMB/CIFS shares for each volume

So I ended up with users, groups, volumes and shares
- for the "root" volume (top level volume) the Owner (user) is nobody and Owner (group) is nogroup.
- each users' volume is allocated to its own user - Owner (user) is user's name and Owner (group) is me as a user (this gives me admin rights to everything)
- and for two of the volumes to be used by everyone I set Owner (user) to me so that I could change things and Owner (group) to nogroup, and for the third volume (the common folder to be used for anything by everyone and anyone) Owner (user) to nobody and Owner (group) to nogroup.

Then - and this seems to be what I did to "make things work" as I wanted them - I used SHELL and Linux commands to set permissions on the directories. This method is granular and specific so I was able to set the volume/folder permissions as I wanted them. I was not able to get this right using the complicated UI in Freenas and using Windows properties|security was tedious, confusing and did not get me the result I wanted. I learnt how to use CHMOD and ls -ld and some rudimentary Linux commands and I got it right!

Now I have a set of volumes where only each user has access to their folder, I have ''admin" access to their volumes/folders and to the 3 shared volumes. For 2 of the shared folders users can read contents but not add or delete, for the third shared folder - each user can read, write and execute - which is exactly what I wanted.

What I have done may be simplistic and not the best way of doing things - however it works for me and my happy little bunch of users.

Once I got this right Freenas has been perfect for me.

PS - I may be wrong about this but.. with SSH you log in a user and not root - whereas using SHELL you are root... you'd have to sudo all commands if you use SSH - and then user settings must "permit sudo".

 

[danb35]

PS - I may be wrong about this but.. with SSH you log in a user and not root - whereas using SHELL you are root... you'd have to sudo all commands if you use SSH - and then user settings must "permit sudo".

With SSH you can log in as root (if your SSH configuration permits) or as an unprivileged user. If you log in as an unprivileged user, you can either use sudo for each relevant command, or su to root and do what you need to do. Do not use the web shell for any significant work--it's very difficult to work with, eats many control characters, etc. Especially if you're going to be using a text editor, it's completely unsuitable.

It's my observation (no doubt incomplete and at least partially incorrect) that the idea of never logging in as root, and instead sudo-ing everything, is somewhat of a Linux-ism, and even more particularly a Ubuntu-ism. BSD types seem to be rather more comfortable with using the root account.

 

[russellsouthey]

With SSH you can log in as root (if your SSH configuration permits) or as an unprivileged user. If you log in as an unprivileged user, you can either use sudo for each relevant command, or su to root and do what you need to do. Do not use the web shell for any significant work--it's very difficult to work with, eats many control characters, etc. Especially if you're going to be using a text editor, it's completely unsuitable.

It's my observation (no doubt incomplete and at least partially incorrect) that the idea of never logging in as root, and instead sudo-ing everything, is somewhat of a Linux-ism, and even more particularly a Ubuntu-ism. BSD types seem to be rather more comfortable with using the root account.

Thanks! I learned something from your post - and that's awesome!

 

[maglin]

I'm pretty sure it's not just a linux thing about logging in at root. I'm physically not able to log into my server as root. I just log in as my user and su to root privilege. This keeps less vulnerabilities from effecting me (I hope). I to had issues with windows permissions and went to UNIX and all was well as it was with Russell above. Also I believe CIFS uses certs and one connection ie. your user gets put into use and when you try to change you have to flush out the cert that was last used. Otherwise you can't connect as your credentials are invalid. I had this issue and some googling helped me find the command to flush/clear the cert to be able to log in as another user for testing access permissions. I just don't remember what it was and it was on my windows 10 machine not a MAC. I'm probably using wrong terminology here but I think you can pick up what I'm throwing down. And wouldn't unix shares work better for multi OS access?

Best of luck on this venture.

 

[fullspeed]

I haven't read through this thread fully but I wanted to chime in as I've had similar trouble with Windows permissions, For me the worst problem was it stopping me from using FTP. It seems like by going Windows permissions I was totally screwing myself over for anything Non-Windows.. but if I went UNIX permissions I could get Windows clients to connect easily.

Gold standard for me is UNIX dataset with Windows permissions layered on top, hasn't created a problem for me yet.

 

[ProjectMorris]

Ok trying now?

 

[ProjectMorris]

This is truly doing my nut in

 

[diedrichg]

Post #2 is what you need to do. It's super simple.

1. Set each dataset to UNIX
2. Each dataset: Set the owner (the user) and group (the user's group)
3. Admin account settings: add each user's group to the admin account
4. Set up a CIFS share
5. Go to the client and connect to \\192.168.1.100\CIFSShareName (for example)

That's it. Long ago I tried the whole Windows permissions dog and pony show and it was terrible. I experienced the same frustrations as you. Just go with the UNIX/CIFS setup and you won't have any problems at all.

 

[ProjectMorris]

Three resets in ...what a waste of f'in time

 

[ProjectMorris]

diedrichg going to try that

 

[ProjectMorris]

OK FINALLY....I ditched the Windows thing and did exactly as diedrichg said and it worked a treat

 

[diedrichg]

OK FINALLY....I ditched the Windows thing and did exactly as diedrichg said and it worked a treat

Glad to hear it. I hope it went smoothly. Don't give up on FreeNAS yet, it's extremely powerful. Come here with all your questions - but exhaust your research first.

 

[ProjectMorris]

I'm not sure if I can thank you all enough for helping me through a very frustrating if simple problem.

The configuration using Windows permissions just didn't seem to make sense and then having to use a windows client to finalise the process made it even more so. Whether I was suffering with inherited or cascading permission conflicts or insufficient reboots of CIFS or the clients I don't know but ditching widows permissions for (old faithful) UNIX ones resolved the issue.

My "admin upbringing" was to always use business activity or job role as group names to manage and deliver permissions then adding individual starters movers or leavers users to or from the group even if it was a one user group. In the fact that users came and went but the job role or activity remained. I was trying to apply this thinking to my home server configuration. With users guest and admin roles.

Given the very frustrating experience I have just had and quite possibly others are having and the simple solution which was posted by maglin and diedrichg (thanks again, I'm forever in your debt). I'm tempted to to put together either a "How To" post or video.

Should I?

 

[maglin]

It never hurts but I can guarantee others will still fall victim to the same windows permissions issues. Admins are the worst as they are used to running windows servers and want to stick with what they know. And I'm not bad mouthing admins as I used to be one on a small network with 400 users and 10 servers located in 4 different locations. I'm glad it's up and running with the functionality you where looking for. Wife is yelling at me as my keyboard is to loud, so I'll end it here.

 

[DiViDeR]

A "How To" post or video would be very useful, especially for us Noobs who have little or no admin experience and only require a home share setup for 3 or 4 users :)

 

[pirateghost]

A "How To" post or video would be very useful, especially for us Noobs who have little or no admin experience and only require a home share setup for 3 or 4 users :)

Kind of like the guides that our forum users have created over the years?

 

[jgreco]

Given the very frustrating experience I have just had and quite possibly others are having and the simple solution which was posted by maglin and diedrichg (thanks again, I'm forever in your debt). I'm tempted to to put together either a "How To" post or video.

Generally speaking, the problem with those of us who've been doing this "forever" (professionally, whatever) is that it is hard to understand what things are "obvious" and what are merely preconceived notions from a lifetime of working with technology. You may be in a better position to explain things from a newcomer's point of view.