What am I missing about SMB sharing? (Updating permissions doesn't work)

F

flightrisk314

Cadet
Joined
Mar 27, 2023
Messages
3
Hopefully somebody can clue me into where I'm being an idiot before a throw TrueNAS in the bin forever.

I'm trying to replace some Synology NAS boxes and with my budget TrueNAS seems to be the best option by adding ZFS and more freedom of what I can do with it. And I don't have the budget for an 'Enterprise NAS' like NetApp, HP, Dell etc.

I've joined the NAS to an AD domain, created a Dataset with the SMB share preset. Created the SMB share with default permissions.
Great. Everything is working flawlessly, even Kerberos authentication!

But that just leaves the default user group with access. The Domain Admins group in this case. But I need to add more groups or users.
So I try adding a test user to the Dataset ACL in the WebGUI. Nope.
Okay, SMB share ACL? Nope.
Okay. Windows client? Nope.

For clarity. The test user ACE does update and appear in the Windows client if I apply on the dataset ACL, and vice versa when I apply the ACE from the Windows client, it appears in the dataset ACL.
But never the SMB ACL's which is really confusing me. No matter what I do...They seem irrelevant.

So despite all the ACL's I can see saying the test user can access the share...it can't. Only ever the users or group I set when creating the SMB share.
Please can somebody enlighten me as to what I'm missing?
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399

The SMB Share ACL only controls visibility of share contents, if Access-based Share Enumeration is enabled in the share.

SharingSMBShareACL.png


NameDescription
Access Based Share EnumerationSelect to restrict share visibility to users with read or write access to the share. See the smb.conf manual page.
 
Samuel Tai

Samuel Tai

Never underestimate your own stupidity
Moderator
Joined
Apr 24, 2020
Messages
5,399
F

flightrisk314

Cadet
Joined
Mar 27, 2023
Messages
3
Samuel Tai said:

The SMB Share ACL only controls visibility of share contents, if Access-based Share Enumeration is enabled in the share.

SharingSMBShareACL.png


NameDescription
Access Based Share EnumerationSelect to restrict share visibility to users with read or write access to the share. See the smb.conf manual page.
Click to expand...

Thanks, I was really confused about the the purpose of the Share ACL's were considering they don't seem to do much.

So. I think I've figured out the issue.

The original ZFS pool I'm using, I was also using when I have been doing some tinkering with TrueNAS to get more familiar with.
I ended up doing an OS reinstall as a 'clean Slate' for prod use. And I forgot about some tinkering I had done on a parent dataset And just reimported the pool. Leaving bad permissions on a parent dataset.

Everything is working outside of that dataset
 
You must log in or register to reply here.

Similar threads

NugentS
SMB Shares
Replies
1
Views
1K
NugentS
NugentS
H
SMB with ACLs: Files Not Visible By Owner... What am I missing?
Replies
10
Views
3K
Hibiki
H
C
Lost access to SMB share "Permission Denied"
2 3
Replies
46
Views
22K
Cascadoo
C
F
  • Locked
Question about winmsa
Replies
2
Views
1K
f4242
F
D
Windows SMB Sharing, inconsistent issue
Replies
0
Views
724
DaiLarge
D
Top