Users, Groups, Home Directory, Pools, SMB Shares - Hierarchy and relationships

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
I've been trying to figure out this monster for 12 months now and have reached the conclusion that I must be stupid. I simply can't fathom the relationship and hierarchy between of Pool-Dataset-HomeDirectory-User and get the thing to work. I just want access to a FreeNAS SMB Windows Share from my Windows 10 Home PC - version 20H2 Build 19042.867
I have created (according to the iXSystems video tutorial) a User - homeuser - a member of a Group by the same name. 'Homeuser' (user) is configured as a Windows Account with a Home Directory /mnt/PrimaryPool/homeuser (see screenshot) or, should it be /mnt/PrimaryPool/windowset - or /dataset?:
1617622691117.png

PrimaryPool/homeuser has a dataset (windowset) with User: homeuser, Group:homeuser
If I try to login from Windows using combinations of either \\Server_name\PrimaryPool or \homeuser or \windowset or even \dataset - (all have the same password), I get the reject message from Windows about wrong User Name or password.
Can somebody tell what I'm doing wrong? I've been in, out, up, down, under and over every combination of the above, and I'm still unable to crack it.
Should it be this hard, or is my lack of comprehension of these hierarchy relationships making it unecessarily hard?
 
Last edited:

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
I think you're confusing the file system name space with the Samba name space. Samba maps file system paths to share paths. How do you have your shares defined? If, as I suspect, you've set /mnt/PrimaryPool/homeuser as your home share, you then access this as \\Server_name\home. In Windows, you also check the box for "Connect using different credentials", and login as homeuser. Did you set a password for homeuser?
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
To help troubleshoot, please provide the output of testparm -sa.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
To help troubleshoot, please provide the output of testparm -sa.
root@freenas[~]# testparm -sa
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

# Global parameters
[global]
aio max threads = 2
bind interfaces only = Yes
disable spoolss = Yes
dns proxy = No
enable web service discovery = Yes
interfaces = 127.0.0.1 192.168.90.14
kernel change notify = No
load printers = No
logging = file
max log size = 51200
nsupdate command = /usr/local/bin/samba-nsupdate -g
restrict anonymous = 2
server min protocol = NT1
server role = standalone server
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
That's the problem. You've not defined any Windows shares under Sharing->Windows Shares.

To have a successful share, you need 4 things:
1. SMB service enabled. Your testparm -sa output shows you've already accomplished this.
2. A user account to use for authentication. You've done that.
3. A dataset owned by the user in step 2. You've done that.
4. Connecting the dataset in step 3 to the SMB service in step 1. This is what's lacking.

For example, on my system, under Sharing->Windows Shares, I've defined this:
1617677821667.png

Note, the path is the parent path to your homeuser dataset. In your case, you've created the home path directly in your pool root; you will need to nest it one level deeper, as the pool's root path is reserved, and not available for sharing.

After saving this home share definition, and restart the SMB service, you'll be able to access your dataset by mapping either to \\<IP or name of your server>\home or \\<IP or name of your server>\homeuser\, and checking the "Connect using different credentials" box to authenticate as homeuser.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
I think you're confusing the file system name space with the Samba name space. Samba maps file system paths to share paths. How do you have your shares defined? If, as I suspect, you've set /mnt/PrimaryPool/homeuser as your home share, you then access this as \\Server_name\home. In Windows, you also check the box for "Connect using different credentials", and login as homeuser. Did you set a password for homeuser?
Thank you for your prompt reply. With respect, your information creates more questions in my mind than I suspect your answer intended. I'll try to explain my uncertainty:
"Confusing the file system name space with the Samba name space" - I don't really understand which is which. I was (I believe) simply following the steps in the iXSystems instructional video. That Samba maps files system paths to share paths is, I assume, a background action that I don't control when setting up a Share. I may be misinterpreting your comment. I'm hoping to grasp these relationships, perhaps via some diagramatic representation. I find the jumping back and forth between the different menu items to set up these parameters adds to my confusion.
"If, as I suspect, you've set /mnt/PrimaryPool/homeuser as your home share, you then access this as \\Server_name\home" - I'm assuming you meant homeuser not "home"?
check the box for "Connect using different credentials", and login as homeuser - have done this as well as not checking the box. Neither works.
Did you set a password for homeuser? - I have done and redone this several times for all Users, but I'll recheck.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
That's the problem. You've not defined any Windows shares under Sharing->Windows Shares.

To have a successful share, you need 4 things:
1. SMB service enabled. Your testparm -sa output shows you've already accomplished this.
2. A user account to use for authentication. You've done that.
3. A dataset owned by the user in step 2. You've done that.
4. Connecting the dataset in step 3 to the SMB service in step 1. This is what's lacking.

For example, on my system, under Sharing->Windows Shares, I've defined this:
View attachment 46334
Note, the path is the parent path to your homeuser dataset. In your case, you've created the home path directly in your pool root; you will need to nest it one level deeper, as the pool's root path is reserved, and not available for sharing.

After saving this home share definition, and restart the SMB service, you'll be able to access your dataset by mapping either to \\<IP or name of your server>\home or \\<IP or name of your server>\homeuser\, and checking the "Connect using different credentials" box to authenticate as homeuser.
This is the screenshot from my Windows Shares menu:
1617678293330.png
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
OK, note the name of the share is windowshare. Have you tried mapping to \\<your server name>\windowshare\?

This is what I mean by Samba having a different name space than the file system. Samba's share names are what clients map to, not the actual file system paths.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
Note, the path is the parent path to my equivalent to your homeuser. In your case, you've created the home path directly in your pool root; you will need to nest it one level deeper, as the pool's root path is reserved, and not available for sharing.
I think I get the drift of what you're saying. But I neither understand how 'homeuser' didn't become attached underneath 'windowset', nor why it's not flagged as an ACL. I must have misunderstood the video instructions. My quandry now is how to fix it.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
You'll have to create a dataset or directory underneath /mnt/PrimaryPool/windowset named homeuser, and change the homeuser account's home directory to the correct path.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
Have you tried mapping to \\<your server name>\windowshare
You've just pointed me to something that I'd overlooked (possibly because it shows on the SMB Shares screen as 'windowset'. But, now trying to map to 'windowshare' still refuse entry (using user name 'homeuser'. It seems obvious this is one giant mess and I need to start over, but where can I find easy to follow, step by step instructions to set this right? All I want is a Windows Share that i can use across my LAN as shared storage. I'd like that to ideally include the facility to maintain 'Private' folder/s that require a separate password access - but that's maybe getting too complicated for my limited ability.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
You'll have to create a dataset or directory underneath /mnt/PrimaryPool/windowset named homeuser, and change the homeuser account's home directory to the correct path.
If this is the final remedy to my incompetent attempts to reach my goal, and I need to start over, I'd also like to reconfigure the FreeNAS platform PC to remove the current 320GB system HDD and replace it with a USB stick. Also to use the HDD space to install a second 4TB HDD and mirror that to the existing 4TB HDD data disk. I'm pretty sure this means starting from scratch, with a fresh install of FreeNAS, but I go back to my point about having easy to follow, step by step instructions to get the config you've highlighted just now. Where can I find that? My most recent experience with the iXSystems video has apprently led me astray, or I've led myself astray with my literal interpretations of non-literal instructions.
Thanks for spending the time to get me to this point. I hope I can now make the move to a successful implementation.
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
It's easy enough to start over. You can delete the share definition, the user account, and the datasets, and you'll be back at square 1.

So, here's how I did my Windows home share. You can follow along, and change things to suit your installation.

1. First, enable the SMB service. I use these parameters on mine.
1617680012738.png

You can leave the Guest Account, and Bind IP addresses at the default. What's important are the Auxiliary parameters. On my system, I use:
Code:
wins support = yes
domain master = yes
preferred master = yes
os level = 65
directory name cache size = 0
smb encrypt = desired
restrict anonymous = 2


2. Dataset
1617680065380.png


1617680124833.png


3. User
1617680216024.png


Note, the home directory is underneath the dataset from step 2. In the shell, the permissions look like this:
Code:
root@raven:/mnt/main/home/windows # ls -l
total 36
-rwx------  1 root    wheel   0 Nov 11  2017 .windows*
drwx------  8 samuel  samuel  8 Feb 10 09:18 samuel/


I don't use any ACLs at all, as ACLs confuse everyone to no end.

4. Share
1617680429328.png


Once the share is defined and saved, restart the SMB service to have the share definition take effect. I then map a share as \\<my server name>\samuel\, using "Connect with different credentials", and authenticate to the share as the samuel account and password.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
It's easy enough to start over. You can delete the share definition, the user account, and the datasets, and you'll be back at square 1.

So, here's how I did my Windows home share. You can follow along, and change things to suit your installation.

1. First, enable the SMB service. I use these parameters on mine.
View attachment 46337
You can leave the Guest Account, and Bind IP addresses at the default. What's important are the Auxiliary parameters. On my system, I use:
Code:
wins support = yes
domain master = yes
preferred master = yes
os level = 65
directory name cache size = 0
smb encrypt = desired
restrict anonymous = 2


2. Dataset
View attachment 46338

View attachment 46339

3. User
View attachment 46340

Note, the home directory is underneath the dataset from step 2. In the shell, the permissions look like this:
Code:
root@raven:/mnt/main/home/windows # ls -l
total 36
-rwx------  1 root    wheel   0 Nov 11  2017 .windows*
drwx------  8 samuel  samuel  8 Feb 10 09:18 samuel/


I don't use any ACLs at all, as ACLs confuse everyone to no end.

4. Share
View attachment 46341

Once the share is defined and saved, restart the SMB service to have the share definition take effect. I then map a share as \\<my server name>\samuel\, using "Connect with different credentials", and authenticate to the share as the samuel account and password.
Thanks very much for all that, I'll get to it later today (and tomorrow) after I reconfig the PC with the USB Boot sti8ck and the 2nd 4TGB HDD. Is there anything special I need to do to setup mirroring for those 2 HDDs?
 

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,398
Is there anything special I need to do to setup mirroring for those 2 HDDs?

Just be careful when you add the vdev, or you'll end up creating a stripe of single HDDs.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
It's easy enough to start over. You can delete the share definition, the user account, and the datasets, and you'll be back at square 1.

So, here's how I did my Windows home share. You can follow along, and change things to suit your installation.

1. First, enable the SMB service. I use these parameters on mine.
View attachment 46337
You can leave the Guest Account, and Bind IP addresses at the default. What's important are the Auxiliary parameters. On my system, I use:
Code:
wins support = yes
domain master = yes
preferred master = yes
os level = 65
directory name cache size = 0
smb encrypt = desired
restrict anonymous = 2


2. Dataset
View attachment 46338

View attachment 46339

3. User
View attachment 46340

Note, the home directory is underneath the dataset from step 2. In the shell, the permissions look like this:
Code:
root@raven:/mnt/main/home/windows # ls -l
total 36
-rwx------  1 root    wheel   0 Nov 11  2017 .windows*
drwx------  8 samuel  samuel  8 Feb 10 09:18 samuel/


I don't use any ACLs at all, as ACLs confuse everyone to no end.

4. Share
View attachment 46341

Once the share is defined and saved, restart the SMB service to have the share definition take effect. I then map a share as \\<my server name>\samuel\, using "Connect with different credentials", and authenticate to the share as the samuel account and password.
Well, here we go . . .
I aborted the USB Stick approach, after reading in the iXSystems documentation that this is no longer recommended, managed to stay with the HDD System Drive plus 2 x 4TB Mirrors. Got that part up and running, yet to create a Dataset inside the Pool.
Looking through your screen shots above, I've realised you're on TrueNAS while I'm still on FN 11.3-U5. Your first screen shot threw me as I couldn't find a NetBios screen in my system, then realised that seems to be covering Active Directory, so I guess I can skip over that.
Or, maybe I should take the plunge and, before I get too much further, upgrade to TrueNAS - but I notice that platform is more demanding for R/W RAM Cache, which might be a problem as my system is limited to 8GB RAM
I noticed when creating a new User (gwhitele) that, because I didn't drill down to an as yet non-existent Home Directory (haven't done the Create Dataset step yet), FN assigned my User name to the Home Directory. That's confusing, as I'm now wondering whether that's the name I need to use when creating my first Dataset, or do I change the User Home Directory later, after I've created a more meaningfully named Dataset?
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
Getting further into this, I'm still not able to login via mapping Windows to the SMB Share. As soon as I select the FreeNAS Icon on Windows Explorer, it gives the message "The user name or password is incorrect " - even before I enter either User or Password. I'm getting suspicious about possible conflict between Microsoft Account User name and Local Account user name. I don't have a local account for this system (not since MS converted the world to their ecosystem and, because of so many other MS application and/or service environments, I'm one of the sheep who blindly followed).
Could this be a problem? My frustration levels are getting higher again, I'm determined to crack this monster open, but I'm getting raodblocks everywhere I seem to go.
I haven't completed the steps illustrated by your screenshots yet, pending your feedback re True vs FreeNAS screens and options, but maybe that's what needs to be done for another sanity check.
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
As soon as I select the FreeNAS Icon on Windows Explorer, it gives the message "The user name or password is incorrect "
Add: After attempting initial Login as above, the Windows Login App comes back with "The specified network password is not correct."
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
1617954266247.png
It's easy enough to start over. You can delete the share definition, the user account, and the datasets, and you'll be back at square 1.

So, here's how I did my Windows home share. You can follow along, and change things to suit your installation.

1. First, enable the SMB service. I use these parameters on mine.
View attachment 46337
You can leave the Guest Account, and Bind IP addresses at the default. What's important are the Auxiliary parameters. On my system, I use:
Code:
wins support = yes
domain master = yes
preferred master = yes
os level = 65
directory name cache size = 0
smb encrypt = desired
restrict anonymous = 2


2. Dataset
View attachment 46338

View attachment 46339

3. User
View attachment 46340

Note, the home directory is underneath the dataset from step 2. In the shell, the permissions look like this:
Code:
root@raven:/mnt/main/home/windows # ls -l
total 36
-rwx------  1 root    wheel   0 Nov 11  2017 .windows*
drwx------  8 samuel  samuel  8 Feb 10 09:18 samuel/


I don't use any ACLs at all, as ACLs confuse everyone to no end.

4. Share
View attachment 46341

Once the share is defined and saved, restart the SMB service to have the share definition take effect. I then map a share as \\<my server name>\samuel\, using "Connect with different credentials", and authenticate to the share as the samuel account and password.
Hi Samuel, Well, I bit the bullet and upgraded to TrueNAS CORE in the hope that would allow me to follow your screenshot steps and succeed in this mission but, alas, I'm still unable to map to my Share.
Here are my screenshots of what I've setup:
1617953901705.png

1617954007093.png

1617954539839.png
1617954054868.png
1617954143006.png
1617954296104.png
1617954340609.png

Here's hoping you can spot something that's preventing my mapping connection.
Cheers and thanks again
 

geoffwhere

Contributor
Joined
Apr 23, 2020
Messages
105
Just be careful when you add the vdev, or you'll end up creating a stripe of single HDDs.
Maybe you've seen my further attempts since #15?
I have to confess, in more than 40 years of working with computers (starting with CP/M, MP/M, MS-DOS, then all the Windows flavours and a few Palm Pilot type gadgets along the way, I've never encountered anything less intuitive, or, maybe I'm just not up to this. I just can't get access to a TrueNAS Windows Share.
Very frustrating and disappointing. I hope you haven't given up on me.
 
Top