SMB Shares Screens
14 minute read.
If you have not added SMB shares to the system, the SMB widget shows text stating general information about the Windows (SMB) Shares until a share is added.
Add at the top right of the widget opens the Add SMB screen where you configure SMB shares.
After adding an SMB share, it is listed in the table on the widget.
The Windows (SMB) Shares Sharing > SMB screen.
header shows the status of the SMB service as either STOPPED (red) or RUNNING (green). Before adding the first share, the STOPPED status displays in the default color. The header is a link that opens theThe
dropdown list shows four options available to SMB shares and the SMB service in general:- Turn Off/ON Service toggles to Turn Off Service when the SMB service is enabled, and to Turn On Service when the SMB service is disabled.
- Config Service opens the SMB configuration screen.
- SMB Sessions opens the SMB Status screen with showing Sessions.
- Audit Logs opens the Audit screen with a predefined filter applied to show the SMB logs.
The widget shows a table listing SMB shares created in TrueNAS. Each SMB share row on the Windows (SMB) Shares widget shows the path to the shared dataset, a description if one is entered when the share is added, an Enabled toggle that allows you to enable or disable the share, and indicates if audit logging is turned on/off.
The
dropdown list for each share shows four options:- Edit SMB screen. Edit opens the
- Edit Share ACL opens the Edit Share ACL screen.
- Edit Filesystem ACL opens the Edit ACL screen.
- Delete dialog. Delete opens the
The
delete icon opens the Delete dialog.Select Confirm to activate the Delete button.
The Shares > SMB screen shows an expanded presentation of the table on the Windows (SMB) Shares widget.
Shares in the breadcrumb at the top of the screen returns you to the main Shares dashboard.
SMB Sessions opens the SMB Status screen.
Columns shows a set of options to customize the list view. Options include Unselect All, Path, Description, Enabled and Reset to Defaults.
Add opens the Add SMB configuration screen.
The SMB table lists all SMB shares added to the system. The table header shows the status of the SMB service as stopped or running. The table columns show the share name, the path to the dataset for the share, and a description, if added during share creation. The Enabled toggle allows you to enable/disable the share. When enabled, the share path is available when the SMB service is active. If disabled, the share is disabled but not deleted from the system. Audit Logging indicates whether auditing for the share is enabled or disabled.
The
dropdown list at the right of each table row shows four options for a share:- Edit opens the Edit SMB screen.
- Edit Share ACL opens the Edit Share ACL screen.
- Edit Filesystem ACL opens the Edit ACL screen.
- Delete displays the Delete dialog.
The two SMB share configuration screens, Add SMB and Edit SMB, have the same SMB share setting options.
The Create Dataset option becomes active after selecting a parent dataset in the Path file browse field. It opens the Create Dataset dialog.
Save creates the share (or saves an existing one) and adds it to the Windows (SMB) Shares widget and the SMB table on the SMB screen.
The Basic Options settings show by default on the Add and Edit SMB screens. Basic settings show for all share options in the Purpose dropdown list, only the External Share option shows the Remote Path setting.
Setting | Description |
---|---|
Path | Specifies the mount path for the share. It includes a blank field and a file browser field directly below it. The blank field allows text entry of a share mount path or allows Truenas to populate it with the path to the dataset selected in the file browser field. The file browser allows selecting the mount path to the share dataset on the local file system that TrueNAS exports over the SMB protocol. The | icon to the left of
Create Dataset | Creates a dataset for a share while configuring the share. Inactive until the parent dataset is selected. It opens the Create Dataset dialog, where you enter a name for a new dataset. The dataset name becomes the SMB share name. Create adds the dataset and populates Name field on the Add SMB screen. |
Name | Sets the name for the share. This text entry field accepts manual entry or copy/paste of a name for the share that does not exceed 80 characters. A name must not exceed 80 characters because of how the SMB protocol uses the name. A name cannot have invalid characters as specified in Microsoft documentation MS-FSCC section 2.1.6. Name is automatically populated with the name of the dataset when you use Create Dataset. If not supplied, the share name becomes the last component of the path. This forms part of the full share path name when SMB clients perform and SMB tree connect. If changing the name, follow the naming conventions for files and directories or share names. |
Purpose | Sets the share type to one selected on the dropdown list. Options are: WARNINGS: This setting does not work if the path is accessed locally or if another SMB share without the Time Locked Share purpose uses the same path. This setting might not meet regulatory requirements for write-once storage. |
Remote Path | Sets the path to a remote server and share. Each server entry must include a full domain name or IP address and the share name. Separate the server and share name with the \ characters. Example: 192.168.0.200\SHARE. This text entry field accepts copy/paste of a path to the external server and share. Shows when Purpose is set to External Share. |
Description | A text-entry field for a brief description or notes about how this share is used. The description entered shows in the Description column on the Windows (SMB) Shares widget on the Shares dashboard and the SMB table on the SMB screen. |
Enabled | A toggle that shows the status of the share and allows enabling or disabling the share. This does not enable or disable the SMB service. Enabled is the default setting. |
Advanced Options settings are grouped into three categories:
Access and Audit Logging settings show for all share options in the Purpose dropdown list. The Other Options settings change based on the share option selected in the Purpose dropdown list.
Access settings customize access to the share and files, and specify allowed or denied access for host names or IP addresses. All share options listed in the Purpose dropdown show these settings.
For datasets with NFSv4 ACL type, SMB clients automatically use access-based enumeration. This means directory listings over SMB only include files and directories that the client has read permissions for. This behavior is enabled by default and matches FreeBSD behavior.
Setting | Description |
---|---|
Export Read-Only | Prohibits writes to the share when enabled. |
Browsable to Network Clients | Determines whether this share name is included when browsing shares when enabled. This is enabled by default. Private dataset shares (the replacement for home shares) are only visible to the owner, regardless of this setting. |
Access Based Share Enumeration | Restricts share visibility to users with read or write access to the share. This setting applies to datasets with a POSIX ACL type. For datasets with NFSv4 ACL type, access-based enumeration is automatically enabled and does not allow disabling. See the smb.conf manual page. |
The Audit Logging settings enable the auditing function for the SMB share and allow configuring a watch list and ignore list groups that administrators want to monitor. All share options listed in the Purpose dropdown show these settings.
Setting | Description |
---|---|
Enable Logging | Enables audit logging for the SMB share, and shows two additional options: Watch List and Ignore List. This controls whether audit messages are generated for the share. Note: Auditing might not be enabled if SMB1 support is enabled for the server. |
Watch List | Sets up a list of groups for which you want to generate audit logging messages. Clicking in the field shows the dropdown list of group options. Leave blank to include all SMB users with access to the share. If also setting a limit list, the watch list takes precedence when a conflict occurs. |
Ignore List | When selected, this sets up a list of groups to ignore when auditing. If conflict arises where the same groups are in the Watch List and Ignore List (based on user group membership), the watch listing takes precedence, and ops is audited. |
The Other Options settings vary based on the option selected on the Purpose dropdown list.
When Purpose is set to Default Share, Multi-Purpose Share or External Share, the settings below show in Other Options.
Setting | Description |
---|---|
Use Apple-style Character Encoding | Implements the default hashing algorithm for NTFS illegal characters that Samba uses. Enabling this option translates NTFS illegal characters to the Unicode private range. Shows for all share types except When Purpose is set to the Time Machine Share or External Share. |
When Purpose is set to Time Machine Share the following settings show in Other Options.
Setting | Description |
---|---|
Time Machine Quota | Sets the quota for Time Machine shares in bytes. |
VUID | Sets the user session identifier to a valid universally unique identifier that conforms to the UUID version 4 format (UUID4). A UUID4 string is defined by RFC 4122. UUID4 strings are randomly generated 128-bit values, typically represented as a 36-character hexadecimal string in the format 8-4-4-4-12 (e.g., 123e4567-e89b-12d3-a456-426614174000). Samba uses the UUID to identify the share uniquely for Mac OS Time Machine backups, ensuring the share is recognized as a valid backup destination. You can generate a UUID4 string using a variety of commands or through websites like https://www.uuidgenerator.net/. |
Auto Snapshot | When selected, enables automatic snapshot creation for Time Machine shares. |
Auto Dataset Creation | When selected, TrueNAS creates a dataset automatically if one does not exist. |
When Purpose is set to Time Locked Share, these settings show in Other Options.
Setting | Description |
---|---|
Use Apple-style Character Encoding | Implements the default hashing algorithm for NTFS illegal characters that Samba uses. Enabling this option translates NTFS illegal characters to the Unicode private range. |
Grace Period | Sets the delay before access times out or the share locks. Only shows when Purpose is set to the Time Locked Share option. |
When Purpose is set to Private Dataset Share the following settings show in Other Options.
Setting | Description |
---|---|
Use Apple-style Character Encoding | Implements the default hashing algorithm for NTFS illegal characters that Samba uses. Enabling this option translates NTFS illegal characters to the Unicode private range. When Purpose is set to the Time Machine Share or External Share options, this setting does not show. |
Dataset Naming Schema | Sets TrueNAS to require the naming schema used when Auto Dataset Creation is enabled. If a schema is not set, the server uses the username if it is not joined to Active Directory. If the server is joined to Active Directory, it uses domain/username. Only shows when Purpose is set to the Private Dataset Share option. |
Auto Quota | Sets the specified ZFS quota in gibibytes (GiB) on new datasets. If the value is zero, TrueNAS disables automatic quotas for the share. Only shows when Purpose is set to the Private Dataset Share option. |
The Create Dataset dialog adds a new dataset under the parent dataset selected in the file browser Path field on the Add SMB or Edit SMB share screens.
The Share ACL for sharename screen edits permissions at the share level for the selected share. Settings configure new ACL entries for the selected SMB share and apply them at the entire SMB share level, but do not apply to the dataset. It is separate from file system permissions. To configure dataset permissions, use the Edit Filesystem ACL option.
The Share ACL for sharename screen opens after clicking on the share Edit Share ACL icon on the Windows (SMB) Shares widget or the Sharing SMB details screen.
on theACL Entries shows a block of settings that specify who and the permissions they are granted.
Add shows a block of these settings to enter who, the permissions level, and type.
Save stores the share ACL and immediately applies it to the share.
Setting | Description |
---|---|
SID | Shows the security identifier (SID) trustee value or to whom this ACL entry (ACE) applies. SID is a unique value of variable length that identifies the trustee. Shown as a Windows Security Identifier. Save and re-open Edit Share ACL to update. |
Who | Sets permissions to apply to the ACL entry for the domain for the selected account (who). Options are: |
Permission | Sets the level of access to a selected predefined permission combination from the dropdown list. Options are: |
Type | Sets how TrueNAS applies permissions to the share to the selected option on the dropdown list. Options are: |
The Edit Filesystem ACL option sets permissions at the dataset level. It opens the Edit ACL screen for the dataset the share uses. See Edit ACL Screen for more information on the settings found on this screen.
Use the ACL editor screen to set file system permissions for the shared dataset. See Permissions for more information on configuring permissions.
The SMB Status screen shows a table of SMB session IDs from the audit logs for SMB share sessions. It opens after clicking SMB on the list icon on the System > Services screen, or after clicking SMB Sessions on the
dropdown list on the Windows (SMB) Shares widget.The SMB Status screen shows information related to SMB sessions, for example:
- Sessions ID - The current SMB sessions (default view).
- Hostname - The host name associated with the session ID.
- Remote machine - The remote machine information.
- Username - The username associated with the session.
- UID - The user ID associated with the session.
- GID - The group ID for the user associated with the session.
- Session Dialect - The version of the SMB protocol.
- Encryption - The share encryption.
- Signing - The security mechanism used, such as an authentication algorithm like AES-128-GCM, etc.
Refresh updates the information shown on the screen.
Column shows a dropdown list of options to customize the information included in the table on the screen.
Sharing or SBM on the top breadcrumb returns to the selected screen name.