SOLVED Share permissions CIFS W/o AD

[anthony3689]

Hey guys I'm new to FreeNAS and trying to learn it before getting a server running for my company.

Currently testing the last release v9.10.1, I have done the basic first steps beside installation.

I've created a pool then a dataset called "windows_share" (set up with Windows share options)

I created multiple users for testing lets say A + B + C who can access anywhere, D who can access only a few datasets later, and E who can access only is own dataset.

I've created groups following the same purpose (admin, personal, and all_users)

I've created the CIFS Share following the youtube official video from FreeNAS Team ; and mapped it on drive P:

I access it with authentification on any user along with the right password.

Until there everything is working perfectly.

Now coming to permissions settings, I do it as explained in the video straight from Windows.

I can definitely see my share set as intended (owner = root, group = all_users) however when I try to add another group/user, windows won't find any from the ones I've created from FreeNAS web GUI.

Here's a few screenshots from how it looks :

I'm guessing the problem is about the UID/GID mapping but I can't find how it's working on freeNAS.

Any idea please ?

 

[anodos]

Post contents of /usr/local/etc/smb4.conf. Review winbind logs at /var/log/samba4/log.wb* and contents of /var/log/messages.

Post output of following:

• pdbedit -Lv
• net getlocalsid
• net users if list
• net groupmap list

 

[anthony3689]

Hi thank you for your answer, here is what u asked :

smb4.conf

--------

Logs, nothing special

--------

pdbedit -Lv

-----
netusersidlist

----
net getlocalsid

----

net groupmap list

 

[anthony3689]

Hello guys, still trying to figure what to do to make it work. I've read somewhere setting permissions up from windows could be really messy and there are plenty of reasons it could not work. However I really wish to learn and I just dont know where to start looking. Help would be much appreciated :)

 

[anthony3689]

I found that this user : https://forums.freenas.org/index.ph...-windows-gui-can-only-set-on-domain-pc.22878/ came with something very similar from what's happening to me right now. However no answer or ideas have been provided there too :/

 

[anthony3689]

Ok I finally found the thing to make it work.

I had to find the information deep in the french Wiki. But really guys who create guides never talk about it ANYWHERE.

Since there's no AD set up to control the authentification and users, to set the permissions on windows you have to create an user who fits the same NAME + PASSWORD ON THE CLIENT.

Thus, let's say your admin session windows is called "John" and password is "123456" then you have to create this "John" user along with password "123456" on freenas web gui. Make it owner user of the shared dataset, then you ll be able to access the share on windows and it will let you see every groups and users you have created from the gui before.

Use this user to get all the permissions jobs done and this is it.

 

[Mirfster]

Thus, let's say your admin session windows is called "John" and password is "123456" then you have to create this "John" user along with password "123456" on freenas web gui. Make it owner user of the shared dataset, then you ll be able to access the share on windows and it will let you see every groups and users you have created from the gui before.

Use this user to get all the permissions jobs done and this is it.

Yeah, this is pretty much how "Workgroups" function to any Network Share (regardless if it is FreeNAS or another).

However, do note that Administration of this is a PITA and not really the correct way to do it. Just image what happens when User "John" decides to change their password on their local machine. Worse yet, what if passwords were set to expire after X amount of days?

Now you are running around trying to ask each User for their new password so you can change it on FreeNAS? Not a good idea and if I were a User and you started asking me to provide you with my password I would tell you to go fly a kite. :P

 

[anthony3689]

Hey ! Yeah of course user's password could be changed but I didnt mean it in this way. I created a full admin session on windows with my own password and from there the user into freenas. The other sessions on windows can use their own password or either change it, it wont affect then my "admin user" just created, unless they get to know the password of the session I've set before.

And not to mention this computer could be easily put away of use from regular users aswell.

I was just trying to figure a way to make it work, not sure it is the correct way but at least somehow I could configure everypermissions atm.

Still new in this job thus I enjoy your help; gratitude

 

[anodos]

You can use 'credential manager' to store your NAS credentials. I believe on off-domain computers, the credentials will take the form of " \\<NetBIOS name of freenas>\username".

 

[Wallybanger]

I was having this same problem and found that a fresh install of windows fixed the problem. I didn't need to create windows credentials that matched the FreeNAS credentials. This seems more like a workaround than a solution.

 

[Ericloewe]

I believe on off-domain computers, the credentials will take the form of " \\<NetBIOS name of freenas>\username".

That's the format the security tab for files shows, at least.