Truenas 12.0,SMB local authentication, read only not working.

dpeley

Cadet
Joined
Jan 3, 2022
Messages
7
SPECS:

TrueNAS Core v 12.0-U5.1
Running as a VM on ESXi 7.0u2 with:
  • 2vCPU 1.7GHz
  • 20gb RAM
  • 40gb vDisk for operating system
  • 8 physical disks in passthrough for storage disk arrays
    • 2 4tb ZFS iSCSI
    • 2 500gb ZFS SMB
    • 4 8tb ZFS
      • 1 pool configured for iSCSI
      • Remaining space given to SMB
Connected to a exclusively windows workgroup home network with no AD, using Truenas SMB with local authentication only. Connecting systems are predominantly Windows 10 Pro and Home systems, with some sprinklings of Windows Server 2019, and Android systems.

SETUP:

SMB access configured using groups. I created two groups FULLCONTROL, and READONLY, leaving their settings at default. I then created two users "Admin" and "Test", checked the box for "Microsoft Account", and added the "Admin" user to FULLCONTROL as a primary group, "TEST" to READONLY group, leaving all other settings at default. Recap:
  • user: Admin - primary group: FULLCONTROL, aux group none, Windows account checked
  • user: Test - primary group: READONLY, aux group none, Windows account checked
I then created a SMB share to a directory on the 4x8tb array with a file path similar to: /mnt/[4x8tbArray]/SMBshare/NetworkDrive
Permissions set as following:
  • 1641226900990.png
  • 1641226944540.png
  • 1641226959742.png
  • 1641227145807.png
    • Full list of permissions in this one is:
      • Read Data
      • Read Named Attributes
      • Execute
      • Read Attributes
      • Read ACL
After finishing all these setups, I set the permissions to apply recursively, and rebooted the TrueNas server just to be thorough.

ISSUE:
The admin user can access the share through windows with the configured username and password just fine, can view and modify any files as they please, the test user is also similarly prompted to input credentials, and afterwards can see that the network share is there, but cannot access it. They are given the Windows error:
1641227855689.png


Goal:
Would like to be able to have users that can ONLY read and view files, but not edit or delete anything, alongside users that have permissions to do as they please with the same files. Am using only local authentication, and am not interested in setting up a domain or LDAP for credential management.


Thank you for any assistance you can give to this!
 

Attachments

  • 1641227033628.png
    1641227033628.png
    32.8 KB · Views: 159
Top