SMB shares in mixed environment: AD users & local users

[nas4free-user]

I have already shared a folder to an Active Directory domain Group,
But I have not found a way to add local users (or a local group) to the same share as well.
Can somebody help?
(FreeNas 11.2)

 

[anodos]

You can do it through the Windows client's permissions editor in File Explorer.

 

[nas4free-user]

So, New Year! Back to work.

Thanks for replying, but this doesn't work:

If I have a smb share for a Domain user: "Domain1\user1" I cannot add the permission to a non Domain user like ".\user2"
I only can access the share with Domain credentials, not with local users from a non Domain PC simultaneously - but this is what I Need!

In a commercial NAS (QNAP) I can easily apply domain and local users to the same share!

 

[Adytzu]

Happy New Year! I have the same problem. Any solution?

 

[anodos]

So, New Year! Back to work.

Thanks for replying, but this doesn't work:

If I have a smb share for a Domain user: "Domain1\user1" I cannot add the permission to a non Domain user like ".\user2"
I only can access the share with Domain credentials, not with local users from a non Domain PC simultaneously - but this is what I Need!

In a commercial NAS (QNAP) I can easily apply domain and local users to the same share!

You can access the share via "<netbios name of server>\<local_user>" e.g. "FREENAS\localuser".

Likewise the local users should be visible in the permissions manager on the windows client if you specify that the "location" is the FreeNAS server rather than the AD domain.

 

[nas4free-user]

Yes, I already tried, I could do so, but only if I logon exactly with "FREENAS\localuser".
If I just use "localuser" as it would be normal - it doesn't work.
This means I can not directly connect from a PC where I'm loged on as "localuser" - I have to type in the credentials:(!
(btw for me ist not a Problem but for other collegues)

Or do I miss something?

 

[anodos]

Check the box allow trusted domains under Directory Services-> Active Directory. Do note that this will restart the AD service which will cause a service disruption for your SMB clients.

 

[nas4free-user]

:) nice, now it works!
Thanks!

 

[anodos]

:) nice, now it works!
Thanks!

We default to disabling trusted domains because of the need to pre-configure idmap ranges for them. Unfortunately, disabling it also introduces an stricter check during session setup to see whether the domain being passed to us from the Windows client is our domain (i.e. the one we joined <DOMAIN>\user or the server's <NETBIOS name of server>\user).

 

[jackyho]

We default to disabling trusted domains because of the need to pre-configure idmap ranges for them. Unfortunately, disabling it also introduces an stricter check during session setup to see whether the domain being passed to us from the Windows client is our domain (i.e. the one we joined <DOMAIN>\user or the server's <NETBIOS name of server>\user).

so, how to set a write right for the local user?

 

[His.Dudeness]

Hi, I've got a quite similar problem:
I use FN as filer for my little active directory testlab at home but also as target for backups from non domain clients.
So a folder should be accessible for AD Users "DOMAIN\testuser1" but also for users that only exist locally on the FN. ("FN\root" or "FN\backup")

The thing is: both works perfectly fine as long as the Domain Controller is online.

As soon as I shutdown my domain controller I cannot access with a domain user but also not with a local user

Any iders how to access my shares with a local FN user when the directory server is not reachable. ?

cheers
Michael

EDIT: Nevermind. Seems to be fixed after upgrade from 11.2 U8 to latest 11.3...