Symbolic link to another dataset to be seen in SMB

[bmac6996]

Hello.

Looking for help. Trying to create a symbolic link to another folder, in another dataset so it can be seen in SMB shares like a Windows client.

I have these options set in advance SMB:
allow insecure wide links = yes
unix extensions = no
host msdfs = yes
follow symlinks = yes

SMB has been restarted.
Tried using the "ln -s" and "ln -rs" to create my link and while they do show up in ssh, but not in smb.

I read something about configuring /etc/fstab but not sure. My search is ending up with the same articles.

Running version: TrueNAS-SCALE-22.12.3.1
Thanks in advance.

 

[sretalla]

I don't think it's going to work like you think.

You're probably on the right track with dfs, but you'll need to share the second dataset and use dfs to put them together.

 

[bmac6996]

I don't think it's going to work like you think.

You're probably on the right track with dfs, but you'll need to share the second dataset and use dfs to put them together.

was trying to get the symbolic link to work but couldn't, then tried DFS and that didn't work.

Can you not share sym links in an SMB anymore with new versions of scale?

As I understand with DFS, or at least the examples I've seen, it's an SMB share that is a centralized aggregate of other SMB shares? Correct me if I'm wrong. But based on the examples, it looks like you can only share the root of the share, but not folder-layers deep? Example: you can share \\truenas\media but you cannot share \\truenas\media\album\popular ?? Anyways couldn't get that work either but you are saying even the dataset where \\truenas\media\album\popular resides in, needs to be setup for DFS also, not just the newly created DFS dataset share I created?

 

[sretalla]

If you want the result of:

Code:

DFS root share
    Share1
    Share2
    Share3

You need all 3 "members" of the DFS to be shared

Like:

pool1/dataset1 -> Share1
pool1/dataset1/dataset2 -> Share2
pool1/dataset3/whatever -> Share3

 

[bmac6996]

You need all 3 "members" of the DFS to be shared

Like:

pool1/dataset1 -> Share1
pool1/dataset1/dataset2 -> Share2
pool1/dataset3/whatever -> Share3

In your example, dataset1 and dataset3, will those dataset need to be setup as DFS also?

 

[anodos]

You could probably just perform local bind mounts rather than trying to do symlinks. Then you don't need to try to downgrade security settings of your NAS. You'll need to come up with strategy of how to maintain this though (will be more admin overhead for you).

BTW, we blacklist the widelinks parameter that controls whether users can follow symlink out of share root.

Generally, it's better to just have multiple shares and train users.

 

[sretalla]

As DFS targets.

I haven't got a box set up with AD here, so can't really walk through screens to check.

I don't think you have access to the same parameters under SCALE (maybe not even under CORE anymore).

FreeNAS and Samba Standalone DFS - Basil's Tech Diary

Intended Audience This post may be of interest if you’re interested in accessing SMB shares hosted on different servers on your network through a single namespace. Assumptions The guide is suitable for a small business or home network that doesn’t use a domain controller for authenticated...

blog.udance.com.au

 

[bmac6996]

You could probably just perform local bind mounts rather than trying to do symlinks. Then you don't need to try to downgrade security settings of your NAS. You'll need to come up with strategy of how to maintain this though (will be more admin overhead for you).

BTW, we blacklist the widelinks parameter that controls whether users can follow symlink out of share root.

Generally, it's better to just have multiple shares and train users.

Local bind mounts? that can be done in scale and that can be seen and shared via SMB? can you do different across different datasets?
Is that using the command "mount -o bind /some/where /else/where"

 

[anodos]

Local bind mounts? that can be done in scale and that can be seen and shared via SMB? can you do different across different datasets?
Is that using the command "mount -o bind /some/where /else/where"

Bind mounts do not present security issues (beyond obvious ones regarding making more things accessible via SMB).
This information is provided with the following caveats:
* We do not validate this configuration and would not recommend it for production / customer workloads
* This sort of thing is inherently fragile (you have to manage the mounts yourself)
* There will most likely not be bugfixes for issues that are uncovered by doing this and are exclusively caused by the bind mounts.

As is usual, you make your own decisions about how you structure data and do things. The supported (i.e. we are on hook for fixing things) way of sharing data in this situation is to have multiple shares and not do anything wonky with symlinks and bind mounts.