Wanted: Password-free "Authentication" - User aware, but not authenticated with PW

[freshfeesh]

I just set up my first Freenas box about a week ago using 8.0.1, and I've been trying to get the user recognition set up the way I want it ever since. I first set it up for guest only access to test it at least that much, and it worked great. I then set it up for password authenticated read/write access, and that worked too. What I would like, though, is for the sharing on the freenas box to be user aware, but for this to not require passwords. There are two people on my home network, say Bob and Mary, whom I implicitly trust. There are to be two shares, ShareB and ShareM. If I (Bob) sit down at a computer just wanting to play some of my music, but Mary is logged in, I want read access to ShareB without switching users, but I don't want Win Media player or anything else to make changes to metadata, add caches, change icons or whatever. I don't want anything in Mary's environment to be able to make changes to my files, or vice versa, but I want Bob and Mary to each have the convenience of reading each other's files.

Client computers are windows, one 7 and one XP. Freenas box is an AMD athlon II dual core (3500+, I think), 1GB ram, Asus A8N VM CSM mobo with a couple IDE drives and a SATA drive. The test volume is on one of the IDE drives formatted with UFS. CIFS is set up with local user, no guest access (guest access won't give me what I want), password not required. The shares are set up with no password required. Volumes are set up with read/write access to the respective users, but read only for the common user group. Two freenas users are set up matching the names of the Windows users, with "disable password" set.

Is it possible for CIFS "Local User" to work without passwords? A Linux geek friend told me that I probably can't, based on his experience with Linux (knowing that freenas isn't based on linux). All the "no password" options certainly seem to suggest that it's possible. I've been doing a lot of tweaks to settings, starting and stopping the CIFS service, logging on and off on the client side, restarting freenas, and restarting client machines. For a while I was getting at least an option to log onto the share with different credentials (username and password), but now when I double click the share in Windows Explorer, from either the Bob or Mary accounts, I'm getting totally denied with a "Windows cannot access, contact sysadmin" popup. What settings do I need to set to get access from Windows to a freenas share without the need for any passwords?

 

[ProtoSD]

What I would like, though, is for the sharing on the freenas box to be user aware, but for this to not require passwords.

I think some of the things you want are mutually exclusive.

A Linux geek friend told me that I probably can't, based on his experience with Linux (knowing that freenas isn't based on linux)

As far as permissions are concerned, Linux and FreeBSD are virtually identical, but CIFS adds its own layer of permissions as far as logins go etc.

I don't want Win Media player or anything else to make changes to metadata, add caches, change icons or whatever.

For this part at least, you could just create a 'sub' share which is read-only, this is what I do for sharing my media files on my network for the same reason.

I just use guest access for folders I want multiple users to have unrestricted access to, and export media folders separately with read-only permission so they don't get modified or 'accidently deleted'.

I wrote a HowTo explaining how to setup permissions for 2 users to only have access to their own stuff, and also have a common folder which they could both exchange stuff and modify stuff in. I haven't had a chance to look at it, but since 8.02 someone reported that it wasn't working for them. Prior to that people said it worked great. That doesn't sound like what you want though. I'd probably just create separate datasets for each user and export them with guest privileges and then have a media folder and export it read-only. That way you won't need passwords, each user can read/modify each others files, and the media files stay untouched, at least for that exported share. If either user accesses them and bypasses the read-only share, then stuff will get modified.

Permissions are a little delicate with FreeNAS because they try to offer flexability, but when you start mixing and matching different types of sharing you run into problems. There are ACLs (access control lists), but that's a little more than I want to get into and I'm not sure how FreeNAS implements them.

 

[freshfeesh]

I think some of the things you want are mutually exclusive.

As far as permissions are concerned, Linux and FreeBSD are virtually identical, but CIFS adds its own layer of permissions as far as logins go etc.

Can you elaborate on that? I think this is the crux of my issue. Is it simply that the only way to get access without a password is "guest" access? Do all "Local" users to FreeNAS require a password? To date, the only network permissions stuff I've managed to cobble together is the unrestricted access between the windows machines, which included setting the NTFS permissions to unrestricted for "Everyone". I want to take that up a notch now with the data that I plan on putting on the FreeNAS box. Basically I want to know that users and their software and mishaps can't alter the other's data. However, for the sake of "Jane", I need that to be as easy and transparent as possible. Relying on the existing Windows user accounts, which don't have passwords, by themselves would be ideal.

I just use guest access for folders I want multiple users to have unrestricted access to, and export media folders separately with read-only permission so they don't get modified or 'accidently deleted'.

For my needs, having one share per user, with each user having full access to their own and read only to the others is really the ideal setup. The only remaining technicality for me is getting this password situation sorted out.

I wrote a HowTo explaining how to setup permissions for 2 users to only have access to their own stuff, and also have a common folder which they could both exchange stuff and modify stuff in... That doesn't sound like what you want though.

I did read your FAQ on that. You're right that it doesn't quite match what I'm trying to do (see my description above). I know the operational logic that I want to achieve, I just don't know how or if I can do it. The tools you used in your FAQ may be able to help me, but I'd rather this project not require learning even more skills or install stuff onto the windows machines. It has taken me this long (don't ask) just to hook all the parts together and get the image to the flash card. I'd rather work within the confines of what the GUI allows, even if that means requiring passwords (which I'm slowly getting resigned to). I've done some further experimenting since my initial post, and all signs are saying that I'm going to need passwords for each user. Basically whenever I tie a Freenas share to a freenas user that doesn't have a password, I can see the share on Windows but get a "Windows cannot access \\Freenas\[share name]" error, whether the user name matches the Win user name or otherwise. Should I just stop trying and accept passwords?
Thanks much