SMB Shares Screens
18 minute read.
If you have not added SMB shares to the system, the SMB widget shows text stating general information about the Windows (SMB) Shares until a share is added.
Add at the top right of the widget opens the Add SMB screen where you configure SMB shares.
After adding an SMB share, it is listed in the table on the widget.
The Windows (SMB) Shares header shows the status of the SMB service as either STOPPED (red) or RUNNING (green). Before adding the first share, the STOPPED status displays in the default color. The header is a link that opens the Sharing > SMB screen.
The dropdown list shows four options available to SMB shares and the SMB service in general:
- Turn Off/ON Service toggles to Turn Off Service when the SMB service is enabled, and to Turn On Service when the SMB service is disabled.
- Config Service opens the SMB configuration screen.
- SMB Sessions opens the SMB Status screen with showing Sessions.
- Audit Logs opens the Audit screen with a predefined filter applied to show the SMB logs.
The widget shows a table listing SMB shares created in TrueNAS. Each SMB share row on the Windows (SMB) Shares widget shows the path to the shared dataset, a description if one is entered when the share is added, an Enabled toggle that allows you to enable or disable the share, and indicates if audit logging is turned on/off.
The dropdown list for each share shows four options:
- Edit opens the Edit SMB screen.
- Edit Share ACL opens the Edit Share ACL screen.
- Edit Filesystem ACL opens the Edit ACL screen.
- Delete opens the Delete dialog.
The delete icon opens the Delete dialog.
Select Confirm to activate the Delete button.
The Shares > SMB screen shows an expanded presentation of the table on the Windows (SMB) Shares widget.
Shares in the breadcrumb at the top of the screen returns you to the main Shares dashboard.
SMB Sessions opens the SMB Status screen.
Columns shows a set of options to customize the list view. Options include Unselect All, Path, Description, Enabled and Reset to Defaults.
Add opens the Add SMB configuration screen.
The SMB table lists all SMB shares added to the system. The table header shows the status of the SMB service as stopped or running. The table columns show the share name, the path to the dataset for the share, and a description, if added during share creation. The Enabled toggle allows you to enable/disable the share. When enabled, the share path is available when the SMB service is active. If disabled, the share is disabled but not deleted from the system. Audit Logging indicates whether auditing for the share is enabled or disabled.
The dropdown list at the right of each table row shows four options for a share:
- Edit opens the Edit SMB screen.
- Edit Share ACL opens the Edit Share ACL screen.
- Edit Filesystem ACL opens the Edit ACL screen.
- Delete displays the Delete dialog.
The two SMB share configuration screens, Add SMB and Edit SMB, have the same SMB share setting options.
The Create Dataset option becomes active after selecting a parent dataset in the Path file browse field. It opens the Create Dataset dialog.
Save creates the share (or saves an existing one) and adds it to the Windows (SMB) Shares widget and the SMB table on the SMB screen.
Enable Now shows on both the Add SMB and Edit SMB screens after selecting the Time Machine Share option in Purpose if the Enable SMB2/3 Protocol option is not already enabled on the Advanced Options of the SMB service screen.
The Basic Options settings show by default on the Add and Edit SMB screens. Basic settings show for all share options in the Purpose dropdown list, only the External Share option shows the Remote Path setting.
| Setting | Description |
|---|---|
| Path | Specifies the mount path for the share. It includes a blank field and a file browser field directly below it. The blank field allows text entry of a share mount path or allows Truenas to populate it with the path to the dataset selected in the file browser field. The file browser allows selecting the mount path to the share dataset on the local file system that TrueNAS exports over the SMB protocol. The icon to the left of expands the dataset directory tree. Root datasets do not show and cannot be selected for shares unless the share existed prior to upgrading to 25.10 or later releases. |
| Create Dataset | Creates a dataset for a share while configuring the share. Inactive until the parent dataset is selected. It opens the Create Dataset dialog, where you enter a name for a new dataset. The dataset name becomes the SMB share name. Create adds the dataset and populates Name field on the Add SMB screen. |
| Name | Sets the name for the share. This text entry field accepts manual entry or copy/paste of a name for the share that does not exceed 80 characters. A name must not exceed 80 characters because of how the SMB protocol uses the name. A name cannot have invalid characters as specified in Microsoft documentation MS-FSCC section 2.1.6. Name is automatically populated with the name of the dataset when you use Create Dataset. If not supplied, the share name becomes the last component of the path. This forms part of the full share path name when SMB clients perform and SMB tree connect. If changing the name, follow the naming conventions for files and directories or share names. |
| Purpose | Sets the share type to one selected on the dropdown list. Options are: WARNINGS: This setting does not work if the path is accessed locally or if another SMB share without the Time Locked Share purpose uses the same path. This setting might not meet regulatory requirements for write-once storage. |
| Remote Path | Sets the path to a remote server and share. Each server entry must include a full domain name or IP address and the share name. Separate the server and share name with the \ characters. Example: 192.168.0.200\SHARE. This text entry field accepts copy/paste of a path to the external server and share. Shows when Purpose is set to External Share. |
| Description | A text-entry field for a brief description or notes about how this share is used. The description entered shows in the Description column on the Windows (SMB) Shares widget on the Shares dashboard and the SMB table on the SMB screen. |
| Enabled | A toggle that shows the status of the share and allows enabling or disabling the share. This does not enable or disable the SMB service. Enabled is the default setting. |
Advanced Options settings are grouped into three categories:
Access and Audit Logging settings show for all share options in the Purpose dropdown list. The Other Options settings change based on the share option selected in the Purpose dropdown list.
Access settings customize access to the share and files, and specify allowed or denied access for host names or IP addresses. All share options listed in the Purpose dropdown show these settings.
For datasets with NFSv4 ACL type, SMB clients automatically use access-based enumeration. This means directory listings over SMB only include files and directories for which the client has read permissions. This behavior is enabled by default and matches FreeBSD behavior.
| Setting | Description |
|---|---|
| Export Read-Only | Prohibits writes to the share when enabled. |
| Browsable to Network Clients | Determines whether this share name is included when browsing shares when enabled. This is enabled by default. Private dataset shares (the replacement for home shares) are only visible to the owner, regardless of this setting. |
| Access Based Share Enumeration | Restricts share visibility to users with read or write access to the share. This setting applies to datasets with a POSIX ACL type. For datasets with NFSv4 ACL type, access-based enumeration is automatically enabled and does not allow disabling. See the smb.conf manual page. |
The Audit Logging settings enable the auditing function for the SMB share and allow configuring a watch list and ignore list groups that administrators want to monitor. All share options listed in the Purpose dropdown show these settings.
| Setting | Description |
|---|---|
| Enable Logging | Enables audit logging for the SMB share, and shows two additional options: Watch List and Ignore List. This controls whether audit messages are generated for the share. Note: Auditing might not be enabled if SMB1 support is enabled for the server. |
| Watch List | Sets up a list of groups for which you want to generate audit logging messages. Clicking in the field shows the dropdown list of group options. Leave blank to include all SMB users with access to the share. If also setting a limit list, the watch list takes precedence when a conflict occurs. |
| Ignore List | When selected, this sets up a list of groups to ignore when auditing. If conflict arises where the same groups are in the Watch List and Ignore List (based on user group membership), the watch listing takes precedence, and ops is audited. |
The Other Options settings vary based on the option selected on the Purpose dropdown list.
When Purpose is set to Default Share, Multi-Purpose Share or External Share, the settings below show in Other Options.
| Setting | Description |
|---|---|
| Use Apple-style Character Encoding | Implements the default hashing algorithm for NTFS illegal characters that Samba uses. Enabling this option translates NTFS illegal characters to the Unicode private range. Shows for all share types except when Purpose is set to the Time Machine Share or External Share. |
When Purpose is set to Time Machine Share, the following settings show in Other Options.
| Setting | Description |
|---|---|
| Time Machine Quota | Sets the quota for Time Machine shares in bytes. |
| VUID | Sets the user session identifier to a valid universally unique identifier that conforms to the UUID version 4 format (UUID4). A UUID4 string is defined by RFC 4122. UUID4 strings are randomly generated 128-bit values, typically represented as a 36-character hexadecimal string in the format 8-4-4-4-12 (e.g., 123e4567-e89b-12d3-a456-426614174000). Samba uses the UUID to identify the share uniquely for Mac OS Time Machine backups, ensuring the share is recognized as a valid backup destination. You can generate a UUID4 string using a variety of commands or through websites like https://www.uuidgenerator.net/. |
| Auto Snapshot | When selected, enables automatic snapshot creation for Time Machine shares. |
| Auto Dataset Creation | When selected, TrueNAS creates a dataset automatically if one does not exist. |
When Purpose is set to Time Locked Share, these settings show in Other Options.
| Setting | Description |
|---|---|
| Use Apple-style Character Encoding | Implements the default hashing algorithm for NTFS illegal characters that Samba uses. Enabling this option translates NTFS illegal characters to the Unicode private range. |
| Grace Period | Sets the delay before access times out or the share locks. Only shows when Purpose is set to the Time Locked Share option. |
When Purpose is set to Private Dataset Share, the following settings show in Other Options.
| Setting | Description |
|---|---|
| Use Apple-style Character Encoding | Implements the default hashing algorithm for NTFS illegal characters that Samba uses. Enabling this option translates NTFS illegal characters to the Unicode private range. When Purpose is set to the Time Machine Share or External Share options, this setting does not show. |
| Dataset Naming Schema | Sets TrueNAS to require the naming schema used when Auto Dataset Creation is enabled. If a schema is not set, the server uses the username if it is not joined to Active Directory. If the server is joined to Active Directory, it uses the domain/username. Only shows when Purpose is set to the Private Dataset Share option. |
| Auto Quota | Sets the specified ZFS quota in gibibytes (GiB) on new datasets. If the value is zero, TrueNAS disables automatic quotas for the share. Only shows when Purpose is set to the Private Dataset Share option. |
The Edit SMB screen sets Purpose to Legacy Share on after upgrading to 25.10 when shares created in a release before 25.10 have Purpose set to No Preset. The Advanced Options > Other Options settings selected in the existing share show the same options in the upgraded share.
The Add SMB screen does not include the Legacy Share option on the list of Purpose presets.
The For the best experience, we recommend choosing a modern SMB Share purpose instead of the legacy option. message shows on the Edit SMB screen to prompt users to update to an appropriate option on the dropdown list, and either accept or select the settings in the Advanced Options > Other Options listed in 25.10 or later. These are detailed in Other Options Settings above.
For example, a 25.04 SMB share with Purpose set to No Preset and Use as Home Share selected under Advanced Options > Other Options, shows the message mentioned above, sets Purpose to Legacy Share, and shows the Use as Home Share, Enable Shadow Copies, Use Apple-style Character Encoding, Enable Alternate Data Streams, and Enable SMB2/3 Durable Handles selected.
We recommend changing Purpose to Private Datasets Share. Refer to the instructions in the Setting Up SMB Private Dataset Shares tutorial for more information on setting up this replacement for Home Shares.
Auxiliary parameters are an unsupported configuration. Parameters entered here are not validated and can cause undefined system behavior, including data corruption or data loss.
This table lists (pre-25.10) Other Options settings. These only show on the Edit SMB screen after upgrading from an earlier release with an existing SMB share configured with them, unless indicated otherwise. Do not confuse these settings with those listed in the settings listed in the Settings by Purpose tabbed area in the section above.
| Setting | Description |
|---|---|
| Use as Home Share | Allows the share to host user home directories. Each user has a personal home directory that they use when connecting to the share that is not accessible by other users. Home Shares allow for personal, dynamic shares. You can only use one share as the home share. See Adding an SMB Home Share for more information. |
| Time Machine | Enables Apple Time Machine backups on this share. This option requires SMB2/3 protocol extension support. You can enable this in the general SMB server configuration. |
| Time Machine Quota | Visible when Time Machine is enabled. Sets a maximum limit on storage consumed by Time Machine backups. This applies to the entire share. |
| Legacy AFP Compatibility | Enables backend compatibility with metadata written by legacy netatalk implementations. This option configures Samba to properly read and present Apple Filing Protocol (AFP) metadata, such as resource forks to SMB clients. Only enable this option when migrating data that was previously shared via the AFP. Pure SMB shares and standard macOS SMB clients do not require this compatibility option. Shows only when a pre-25.10 share selected this option. |
| Enable Shadow Copies | Exports ZFS snapshots as Shadow Copies for Microsoft Volume Shadow Copy Service (VSS) clients. |
| Export Recycle Bin | Renames deleted files to a per-user subdirectory within the .recycle directory at either the root of the SMB share if the path is the same dataset as the SMB share (default is share and dataset have the same name), or at the root of the current dataset if datasets are nested. Nested datasets do not have automatic deletion based on file size. Do not rely on this function for backups or replacements of ZFS snapshots. |
| Use Apple-style Character Encoding | Samba uses a hashing algorithm for NTFS illegal characters by default. Enabling this option translates NTFS illegal characters to the Unicode private range. Select to convert NTFS illegal characters in the same manner as macOS SMB clients. By default, Samba uses a hashing algorithm for NTFS illegal characters. Apple extension options cannot be set if Purpose is set to the multi-protocol option. |
| Enable Alternate Data Streams | Allows multiple NTFS data streams. Disabling this option causes macOS to write streams to files on the file system. |
| Enable SMB2/3 Durable Handles | Allows using open file handles that can withstand short disconnections. Support for POSIX byte-range locks in Samba is also disabled. This option is not recommended when configuring multi-protocol or local access to files. |
| Enable FSRVP | Enables support for the File Server Remote VSS Protocol (FSVRP). This protocol allows remote procedure call (RPC) clients to manage snapshots for a specific SMB share. Requires setting the share path to a dataset mount point. Snapshots have the prefix fss- followed by a snapshot creation timestamp. A snapshot must have this prefix for an RPC user to delete it. |
| Path Suffix | Appends a suffix to the share connection path. Use to provide individualized shares on a per-user, per-computer, or per-IP address basis. Suffixes can contain a macro. See the smb.conf manual page for a list of supported macros. The connection path must be preset before a client connects. |
| Additional Parameters String | Shows a string of parameters associated with the share preset selected, or if no preset, enter additional smb4.conf parameters not covered by the TrueNAS API. |
The Create Dataset dialog adds a new dataset under the parent dataset selected in the file browser Path field on the Add SMB or Edit SMB share screens.
The Share ACL for sharename screen edits permissions at the share level for the selected share. Settings configure new ACL entries for the selected SMB share and apply them at the entire SMB share level, but do not apply to the dataset. It is separate from file system permissions. To configure dataset permissions, use the Edit Filesystem ACL option.
The Share ACL for sharename screen opens after clicking on the share Edit Share ACL icon on the Windows (SMB) Shares widget or the on the Sharing SMB details screen.
ACL Entries shows a block of settings that specify who and the permissions they are granted.
Add shows a block of these settings to enter who, the permissions level, and type.
Save stores the share ACL and immediately applies it to the share.
| Setting | Description |
|---|---|
| SID | Shows the security identifier (SID) trustee value or to whom this ACL entry (ACE) applies. SID is a unique value of variable length that identifies the trustee. Shown as a Windows Security Identifier. Save and re-open Edit Share ACL to update. |
| Who | Sets permissions to apply to the ACL entry for the domain for the selected account (who). Options are: |
| Permission | Sets the level of access to a selected predefined permission combination from the dropdown list. Options are: |
| Type | Sets how TrueNAS applies permissions to the share to the selected option on the dropdown list. Options are: |
The Edit Filesystem ACL option sets permissions at the dataset level. It opens the Edit ACL screen for the dataset the share uses. See Edit ACL Screen for more information on the settings found on this screen.
Use the ACL editor screen to set file system permissions for the shared dataset. See Permissions for more information on configuring permissions.
The SMB Status screen shows a table of SMB session IDs from the audit logs for SMB share sessions. It opens after clicking SMB on the list icon on the System > Services screen, or after clicking SMB Sessions on the dropdown list on the Windows (SMB) Shares widget.
The SMB Status screen shows information related to SMB sessions, for example:
- Sessions ID - The current SMB sessions (default view).
- Hostname - The host name associated with the session ID.
- Remote machine - The remote machine information.
- Username - The username associated with the session.
- UID - The user ID associated with the session.
- GID - The group ID for the user associated with the session.
- Session Dialect - The version of the SMB protocol.
- Encryption - The share encryption.
- Signing - The security mechanism used, such as an authentication algorithm like AES-128-GCM, etc.
Refresh updates the information shown on the screen.
Column shows a dropdown list of options to customize the information included in the table on the screen.
Sharing or SBM on the top breadcrumb returns to the selected screen name.