SOLVED Share permissions CIFS W/o AD

Status
Not open for further replies.

anthony3689

Cadet
Joined
Aug 31, 2016
Messages
6
Hey guys I'm new to FreeNAS and trying to learn it before getting a server running for my company.

Currently testing the last release v9.10.1, I have done the basic first steps beside installation.

I've created a pool then a dataset called "windows_share" (set up with Windows share options)

I created multiple users for testing lets say A + B + C who can access anywhere, D who can access only a few datasets later, and E who can access only is own dataset.

I've created groups following the same purpose (admin, personal, and all_users)

I've created the CIFS Share following the youtube official video from FreeNAS Team ; and mapped it on drive P:

I access it with authentification on any user along with the right password.

Until there everything is working perfectly.

Now coming to permissions settings, I do it as explained in the video straight from Windows.

I can definitely see my share set as intended (owner = root, group = all_users) however when I try to add another group/user, windows won't find any from the ones I've created from FreeNAS web GUI.

Here's a few screenshots from how it looks :

691414421.png


415247892.png


I'm guessing the problem is about the UID/GID mapping but I can't find how it's working on freeNAS.

Any idea please ?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
Post contents of /usr/local/etc/smb4.conf. Review winbind logs at /var/log/samba4/log.wb* and contents of /var/log/messages.

Post output of following:
  • pdbedit -Lv
  • net getlocalsid
  • net users if list
  • net groupmap list
 

anthony3689

Cadet
Joined
Aug 31, 2016
Messages
6
Hi thank you for your answer, here is what u asked :

smb4.conf

847824473.png

772954664.png

697077735.png

--------

Logs, nothing special

--------

pdbedit -Lv

219016966.png

622960227.png

763218678.png

8089947310.png


-----
netusersidlist

2993343111.png

----
net getlocalsid

8254102212.png


----

net groupmap list

4707042313.png
 

anthony3689

Cadet
Joined
Aug 31, 2016
Messages
6
Hello guys, still trying to figure what to do to make it work. I've read somewhere setting permissions up from windows could be really messy and there are plenty of reasons it could not work. However I really wish to learn and I just dont know where to start looking. Help would be much appreciated :)
 

anthony3689

Cadet
Joined
Aug 31, 2016
Messages
6
Ok I finally found the thing to make it work.

I had to find the information deep in the french Wiki. But really guys who create guides never talk about it ANYWHERE.

Since there's no AD set up to control the authentification and users, to set the permissions on windows you have to create an user who fits the same NAME + PASSWORD ON THE CLIENT.

Thus, let's say your admin session windows is called "John" and password is "123456" then you have to create this "John" user along with password "123456" on freenas web gui. Make it owner user of the shared dataset, then you ll be able to access the share on windows and it will let you see every groups and users you have created from the gui before.

Use this user to get all the permissions jobs done and this is it.
 

Mirfster

Doesn't know what he's talking about
Joined
Oct 2, 2015
Messages
3,215
Thus, let's say your admin session windows is called "John" and password is "123456" then you have to create this "John" user along with password "123456" on freenas web gui. Make it owner user of the shared dataset, then you ll be able to access the share on windows and it will let you see every groups and users you have created from the gui before.

Use this user to get all the permissions jobs done and this is it.
Yeah, this is pretty much how "Workgroups" function to any Network Share (regardless if it is FreeNAS or another).

However, do note that Administration of this is a PITA and not really the correct way to do it. Just image what happens when User "John" decides to change their password on their local machine. Worse yet, what if passwords were set to expire after X amount of days?

Now you are running around trying to ask each User for their new password so you can change it on FreeNAS? Not a good idea and if I were a User and you started asking me to provide you with my password I would tell you to go fly a kite. :P
 

anthony3689

Cadet
Joined
Aug 31, 2016
Messages
6
Hey ! Yeah of course user's password could be changed but I didnt mean it in this way. I created a full admin session on windows with my own password and from there the user into freenas. The other sessions on windows can use their own password or either change it, it wont affect then my "admin user" just created, unless they get to know the password of the session I've set before.

And not to mention this computer could be easily put away of use from regular users aswell.

I was just trying to figure a way to make it work, not sure it is the correct way but at least somehow I could configure everypermissions atm.

Still new in this job thus I enjoy your help; gratitude
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
You can use 'credential manager' to store your NAS credentials. I believe on off-domain computers, the credentials will take the form of " \\<NetBIOS name of freenas>\username".
 

Wallybanger

Contributor
Joined
Apr 17, 2016
Messages
150
I was having this same problem and found that a fresh install of windows fixed the problem. I didn't need to create windows credentials that matched the FreeNAS credentials. This seems more like a workaround than a solution.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
I believe on off-domain computers, the credentials will take the form of " \\<NetBIOS name of freenas>\username".
That's the format the security tab for files shows, at least.
 
Status
Not open for further replies.
Top