Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

SMB Shares Screens

  12 minute read.

Last Modified 2022-08-17 13:00 EDT

The first SMB share screen to display after you click Shares is the Sharing screen with the service widgets for the four supported share types.

Sharing SMB Screen

If you have not added SMB shares to the system, clicking the Windows SMB Share option on the Sharing screen displays the No SMB Shares screen with the Add SMB Share button in the center of the screen.

SMBShareScreenNoShare

Use this button or the Add button at the top right of the screen to configure your first SMB share. After adding the first SMB share, the Sharing SMB screen displays.

If you return to the Share option (click Shares on the main navigation panel) the Windows (SMB) Shares launch widget dsiplays, expanded with the current service status and a list of the SMB shares below it.

SMBServiceWidgetFirstShare

Windows (SMB) Shares Widget

The Windows (SMB) Shares launch widget updates after adding SMB shares and every time you click Shares on the main navigation panel to return to the Sharing screen.

SharingSMBServiceStatusScreen

Each SMB share toggle provides quick access to enable or disable the share. Each share also has a delete delete option. The SMB share row is a link to the Edit SMB screen.

Windows (SMB) Shares Service Toolbar

The Windows (SMB) Shares launch toolbar displays the status of the SMB service as either STOPPED (red) or RUNNING (blue). Before adding the first share, STOPPED status displays in the default color.

SMBServiceStatusAfterFirstShareAdded

Both Windows (SMB) Shares and View Detials at the bottom of the widget display the Sharing > SMB details screen.

The Add button displays the Add SMB share configuration screen.

The more_vert displays options turn the SMB service on or off. Turn Off Service displays if the service is running or Turn On Service if the service is stopped. The Config Service option displays the System Settings > SMB configuration screen.

SharingSMBOptions

Delete SMB Share Dialog

The delete trash can icon to displays the Delete dialog.

DeleteSMBShareDialog

Select Confirm to activate the Delete button.

Sharing SMB Details Screen

Windows SMB Share launch or View Details displays The Sharing >SMB details screen. From this screen you can add or edit an SMB share on the list.

SMBServiceOptionsSCALE

Add displays the Add SMB configuration screen.

Column button displays a dropdown list of options to customize the list view. Options include Unselect All, Path, Description, Enabled and Reset to Defaults.

The Enabled checkbox provides status of the share. If selected it indicates the share path is available when the SMB service is running, or if cleared disables but does not delete the share.

The more_vert displays a dropdown list of options for each share. The options include Edit that displays the Edit SMB screen, Edit Share ACL that displays the Edit Share ACL screen, Edit Filesystem ACL that opens the Edit Filesystem ACL screen, and Delete that displays the Delete dialog.

Add and Edit SMB Screens

The two SMB share configuration screens, Add SMB and Edit SMB, display the same setting options.

Click Save to create the share and add it to the Shares > Windows (SMB) Shares and Sharing SMB details lists, or to save changes made to an existing share.

Basic Options Settings

The Basic Options settings in this section display on the Advanced Options settings screen.

AddShareBasicOptions

SettingDescription
PathEnter the path or use the arrow_right icon to the left of folder/mnt to locate the dataset and populate the path. Path is the directory tree on the local file system that TrueNAS exports over the SMB protocol.
folder/mntClick the arrow_right icon to expand the path at each dataset until you to get to the SMB share dataset you want to use. This populates the Path.
NameEnter a name for this share that is less than or equal to 80 characters. Because of how the SMB protocol uses the name, the name must not exceed 80 characters. The name cannot have invalid characters as specified in Microsoft documentation MS-FSCC section 2.1.6. If not supplied, the share name becomes the last component of the path. This forms part of the full share path name when SMB clients perform and SMB tree connect.
PurposeSelect a preset option from the dropdown list. This applies predetermined settings (presets) and disables changing some share setting options. Select No presets to retain control over all Advanced Options settings. Select Default parameters for cluster share when setting up an SMB cluster share. Default share parameters is the default option when you open the Add SMB screen and to use for any basic SMB share. Other options are Multi-User time machine, Multi-Protocol (NFSv3/SMB) shares, Private SMB Datsets and Shares, or SMB WORM. Files become readonly via SMB after 5 minutes.
DescriptionEnter a brief description or notes on how you use this share.
EnabledSelected by default to enable sharing the path when the SMB service is activated. Clear to disable this SMB share without deleting it.

Advanced Options Settings

Click Advanced Options to display settings made available or locked based on the option selected in Purpose.

Access Settings

The Access settings allow you to customize access to the share, files, and to specify allow or deny access for host names or IP addresses.

AddSMBAdvancedAccessSettings

SettingDescription
Enable ACLSelect to enable ACL support for the SMB share. A warning displays if you clear this option and the SMB dataset has a ACL, and you are required to strip the ACL from the dataset prior to creating the SMB share.
Export Read OnlySelect to prohibit writes to the share.
Browsable to Network ClientsSelect to determine whether this share name is included when browsing shares. Home shares are only visible to the owner regardless of this setting. Enabled by default.
Allow Guest AccessSelect to enable. Privileges are the same as the guest account. Guest access is disabled by default in Windows 10 version 1709 and Windows Server version 1903. Additional client-side configuration is required to provide guest access to these clients.

MacOS clients: Attempting to connect as a user that does not exist in FreeNAS does not automatically connect as the guest account. You mus specifically select the Connect As: Guest option in macOS to log in as the guest account. See the Apple documentation for more details.
Access Based Share EnumerationSelect to restrict share visibility to users with read or write access to the share. See the smb.conf manual page.
Hosts AllowEnter a list of allowed host names or IP addresses. Separate entries by pressing Enter. You can find a more detailed description with examples here.
Hosts DenyEnter a list of denied host names or IP addresses. Separate entries by pressing Enter.

Other Settings

The Other Options settings are for improving Apple software compatibility, ZFS snapshot features, and other advanced features.

AddSMBAdvancedOtherSettings

SettingDescription
Use as Home ShareSelect to allow the share to host user home directories. Each user has a personal home directory they use when connecting to the share that is not accessible by other users. This allows for a personal, dynamic share. Only one share can be used as the home share. See Adding an SMB Home Share for more information.
Time MachineEnables Apple Time Machine backups on this share. This option requires SMB2/3 protocol extenstion support. You can enable this in the general SMB server configuration.
Legacy AFP CompatibilitySelect to enable the share to behave like the deprecated Apple Filing Protocol (AFP). Leave cleared for the share to behave like a normal SMB share. This option controls on how the SMB share reads and writes data. Only enable this when this share originated as an AFP sharing configuration. This is not required for pure SMB shares or MacOS SMB clients. This option requires SMB2/3 protocol extenstion support. You can enable this in the general SMB server configuration.
Enable Shadow CopiesSelect to export ZFS snapshots as Shadow Copies for Microsoft Volume Shadow Copy Service (VSS) clients.
Export Recycle BinSelect to enable. Deleted files from the same dataset move to the Recycle Bin and do not take any additional space. Deleting files over NFS removes the files permanently. Files in a different dataset or a child dataset are copied to the dataset with the recycle bin. To prevent excessive space usage, files larger than 20 MiB are deleted rather than moved. Adjust the Auxiliary Parameter by adding the crossrename:sizelimit= setting to allow larger files. For example, crossrename:sizelimit=<i>50</i> allows moves of files up to 50 MiB in size. This permanently deletes or moves files from the recycle bin. This is not a replacement for ZFS snapshots.
Use Apple-style Character EncodingSelect to converts NTFS illegal characters in the same manner as macOS SMB clients. By default, Samba uses a hashing algorithm for NTFS illegal characters.
Enable Alternate Data StreamsSelect to allow multiple NTFS data streams. Disabling this option causes macOS to write streams to files on the file system.
Enable SMB2/3 Durable HandlesSelect to allow using open file handles that can withstand short disconnections. Support for POSIX byte-range locks in Samba is also disabled. This option is not recommended when configuring multi-protocol or local access to files.
Enable FSRVPSelect to enable support for the File Server Remote VSS Protocol (FSVRP). This protocol allows remote procedure call (RPC) clients to manage snapshots for a specific SMB share. The share path must be a dataset mount point. Snapshots have the prefix fss- followed by a snapshot creation timestamp. A snapshot must have this prefix for an RPC user to delete it.

Path Suffix and Auxiliary Parameters Settings

Use Path Suffix to provide unique shares on a per user, computer or IP address basis. Use Auxiliary Parameters to enter additional settings.

AddSMBAdvancedPathSuffixAuxParam

SettingDescription
Path SuffixAppends a suffix to the share connection path. Use this to provide unique shares on a per-user, per-computer, or per-IP address basis. Suffixes can contain a macro. See the smb.conf manual page for a list of supported macros. The connect path must be preset before a client connects.
Auxiliary ParametersEnter additional smb.conf settings.

Advanced Options Presets

The Purpose setting you select in the Basic Options affects the Advanced Options settings (presets) you can select, making some settings available or locked. The expandable below provides a comparison table that lists these presets and shows whether the option is available or locked.

The following table shows the preset options for the different Purpose options and if those are locked.
A indicates the option is enabled while means the option is disabled. [ ] indicates empty text fields, and [%U] indicates the exact option the preset created.

SettingDefault Share ParametersMulti-User Time MachineMulti-Protocol (NFSv3/SMB) SharesPrivate SMB Datasets and SharesSMB Files become Read Only after 5 minutes
Enable ACL (locked) (locked)
Export Read Only (locked)
Browsable to Network Clients (locked)
Allow Guest Access
Access Based Share Enumeration (locked)
Hosts Allow (locked)
Hosts Deny (locked)
Use as Home Share (locked)
Time Machine (locked)
Enable Shadow Copies (locked)
Export Recycle Bin (locked)
Use Apple-style Character Encoding (locked)
Enable Alternate Data Streams (locked) (locked)
Enable SMB2/3 Durable Handles (locked) (locked)
Enable FSRVP (locked)
Path Suffix[ ] (locked)[%U] (locked)[%U][%U] (locked)[ ] (locked)
Auxiliary Parameters[ ][ ][ ][ ][ ]

Back to Advanced Options Settings

SMB Share ACL screen

The SMB Share ACL screen displays when you click Edit Share ACL from the more_vert options list on the Sharing SMB details screen. These settings configure new ACL entries for the selected SMB share and apply at the entire SMB share level, it is separate from file system permissions.

SMBShareACLScreen

Basic Settings

SettingDescription
Share NameDisplays the name for the share. This field is read only.

ACL Entries Settings

ACL Entries are listed as a block of settings. Click Add to add a new entry.

SettingDescription
SIDEnter a SID trustee value (who) this ACL entry (ACE) applies to. SID is a unique value of variable length that identifies the trustee. Shown as a Windows Security Identifier. If not specifed, you must enter a value in Domain.
DomainEnter the domain for the user specified in Name. Required when a SID value is not entered. Local users have the SMB server NetBIOS name: truenas\smbusers.
NameEnter a user name (who) this ACL entry applies to, shown as a user name. Requires adding the user Domain.
PermissionSelect a predefined permission combinations from the dropdown list. Select Read to grant read access and execute permission on the object (RX). Select Change to grant read access, execute permission, write access, and delete object (RXWD) permissions. Select Full to grant read access, execute permission, write access, delete object, change permissions, and take ownership (RXWDPO) permissions. For more details, see smbacls(1).
TypeSelect the option from the dropdown list that specifies how permissions are applied to the share. Select Allowed to deny all permissions by default except those that are manually defined. Select Denied to allow all permissions by default except those that are manually defined.

Save stores the share ACL and immediately applies it to the share.

Edit Filesystem ACL Screen

Edit Filesystem ACL opens Storage > Edit POSIX.1e ACL with an ACL Editor screen.

DeleteSMBShareDialog

The type of ACL editor screen depends on the SMB dataset ACL Type selection. If set to NFSv4 the editor displayed is an NFSv4 type editor. If set to POSIX the first screen displayed is the Select a preset window folllowed by the POSIX type editor. See Edit ACL Screens or Permissions for more information on configuring permissions.

Related Content

Related AFP Articles