sysadmin97
Cadet
- Joined
- Dec 19, 2021
- Messages
- 3
Hello everyone,
I'm fairly new to TrueNAS and I'm currently testing TrueNAS Scale with Active Directory integration in a virtual environment.
I successfully deployed a Pool and a couple of Datasets for permission testing.
I plan to create just one SMB-Share for the whole pool so I need some kind of access controll for the different Datasets.
I already created an Active-Directory group called "truenas_allow" which is meant to grant a user access to a specific Dataset but no read, write or modify rights whatsoever.
Also I want to add another group (truenas_admin) with full read, write or modify rights for the administrators.
Additional permissions will be managed in Windows using Active-Directory groups.
The ACL permissions bellow where created using the POSIX method.
It does work but if I look at the permissions set in Windows I noticed that somehow the Domain Users group got in there with full Permissions!
How did it get there in the first place? I never configured the Domain Users group in TrueNAS.
If I disable the inheritance and set the permissions manually it works as intended.
Is there a better/more efficient way to do this?
I also enabled the "Access-Based Share Enumeration" to hide the folders users have no permissions for but it doesn't seem to be working for me since it still shows everything.
Is there a different setting for that or do I have to configure something on the Windows side as well?
Thank you all in advance for your tips and tricks
I'm fairly new to TrueNAS and I'm currently testing TrueNAS Scale with Active Directory integration in a virtual environment.
I successfully deployed a Pool and a couple of Datasets for permission testing.
I plan to create just one SMB-Share for the whole pool so I need some kind of access controll for the different Datasets.
I already created an Active-Directory group called "truenas_allow" which is meant to grant a user access to a specific Dataset but no read, write or modify rights whatsoever.
Also I want to add another group (truenas_admin) with full read, write or modify rights for the administrators.
Additional permissions will be managed in Windows using Active-Directory groups.
The ACL permissions bellow where created using the POSIX method.
It does work but if I look at the permissions set in Windows I noticed that somehow the Domain Users group got in there with full Permissions!
How did it get there in the first place? I never configured the Domain Users group in TrueNAS.
If I disable the inheritance and set the permissions manually it works as intended.
Is there a better/more efficient way to do this?
I also enabled the "Access-Based Share Enumeration" to hide the folders users have no permissions for but it doesn't seem to be working for me since it still shows everything.
Is there a different setting for that or do I have to configure something on the Windows side as well?
Thank you all in advance for your tips and tricks