Possible to setup CIFS shares with custom name/pass?

[ck42]

[Fresh install of 9.3]
Before I spend any more time trying to make this work, I figured I'd stopped and make sure that what I'm trying to do is even possible....

I simply want to create CIFS shares for several users and have them be forced to authenticate with name/pass to access their share.

I've seen mention that these name/pass need to match the Windows logon values. So, can I create a different share login name/pass - other than that user's Windows login/pass?

As things stand right now, no matter how I set things up, users can directly access any share - there's no login auth prompt when attempting to access any of the shares.

[EDIT]
I seem to have figured out a way to at least get a login window to come up. For the shares, under Advanced, I added: valid users = @user_name

The problem now is that despite entering the correct name/pass, I always get a response that the share is not accessible. I might now have permission to use this network...blah, blah, blah.

 

[Ericloewe]

Well, of course you can. You give them whatever username/password combination you want.

Of course, they are only accessible by the users allowed by the permissions set up by the share owner.

Windows does this on login:

1. Send current username and password
   • If valid, go on its merry way
   • If not, go to 2
2. Ask for credentials and use them to authenticate.
3. If the username does not match, optionally save these credentials for future use

Note that number 3 is exactly as it's written. Imagine my username is Ericloewe on both local computer and Server. Local computer has password 1234567890, but Server has 0987654321. Windows will not store that "new" password (or at least it won't actually send it).

Note to script kiddies: those are not my passwords.

 

[ck42]

Okay...so at least good news that it *should* be possible to make this work! :)

Thanks for the breakdown on how the auth process works, too.
Now, just need to figure out where the auth process is getting hung up. As I mentioned, at least I've now got FN prompting me for a name/pass.....I just can't seem to get it to accept it.

What I've done is basically this:
Created user accounts
Create Volume (ZFS Mirror)
Created 4 Datasets in the volume - one for each user. Set the Owner(user) to the matching name of the user-account created. Set Owner(group) to nogroup. Perm type to Windows.

In the CIFS shares setup:
Created a share for each user and pointed it to the Dataset location
Added to the Auxiliary Parameters: "valid users = <name>" (name being the user's name)

I must be missing a step somewhere, but no idea where....

 

[Ericloewe]

Forget the auxiliary parameters. Do this instead:

Create all the users you'll need in FreeNAS.
Set the owner of the shared ZFS entity (datasets I presume). Repeat for all of them.
On the Windows machine, log on to the server as the owner (or have the owner do it). Right click the share, go to security and edit its permissions as you please.

 

[ck42]

Okay. Removed the Axillary Parameters....restarted CIFS
Opened up an Explorer window on my system and went to properties for *my* shared folder. I removed all groups/users except 'nogroup (Unix\nogroup) and manually created and added my name to the Group/Names list and gave my name full control. It wasn't there before.

When I attempt modify the Properties of the other user's shares, Windows is telling me that I don't have permission to view or edit that object's permission settings.

I can now access my share....but I'm not being prompted for name/pass.

I'm getting the impression that FreeNAS doesn't have the ability to simply create and use local user authentication for shares (e.g. create a user/pass - create a share and assign permission for just that user - attempts to login to that share prompt for the user/pass that was created on FreeNAS).
I find that a little.....odd.

[EDIT]
Never mind....
I went directly to a couple of the other computers and when I attempt from those systems, it seems to be working as expected. Prompted for name/pass and if entered correctly, I get in.
I'm guessing that I'm not being prompted on my own system because at some point I told it to save my login...and so it's simply not prompting me.

 

[Ericloewe]

You can manage stored credentials by searching for credentials manager within windows.