SMB Shares Screens
13 minute read.Last Modified 2023-09-20 13:20 EDT
The first SMB share screen to display after you click Shares is the Sharing screen with the service widgets for the four supported share types.
As of SCALE 22.12 (Bluefin), MS-DOS SMB1 clients cannot connect to TrueNAS SCALE Bluefin. TrueNAS SCALE SMB does not support End-of-Life (EoL) Windows clients, including MS-DOS.
The Samba project, which TrueNAS SCALE uses to provide SMB sharing features, has deprecated the SMB1 protocol for security concerns. The Samba 4.16 release notes announced that they deprecated and disabled the whole SMB1 protocol as of 4.11. If needed, for security purposes or code maintenance, Samba continues to remove older protocol commands and unused dialects or those that are replaced in more modern SMB1 versions.
TrueNAS now uses Samba 4.17. TrueNAS still has SMB1 protocol support but:
- MS-DOS-based SMB clients cannot connect to TrueNAS SCALE Bluefin.
- MS-DOS-based SMB clients are no longer able to connect to any TrueNAS servers.
- SMB clients determined to be end-of-life (EOL) by their vendor are not supported.
Administrators should work to phase out any clients using the SMB1 protocol from their environments.
Client systems that can only use the SMB1 protocol for SMB shares are no longer capable of connecting to SMB shares created in TrueNAS SCALE 22.12 or later.
Refer to Samba release notes for more information.
If you have not added SMB shares to the system, clicking the Windows (SMB) Shares option on the Sharing screen displays the No SMB Shares have been configured yet screen with the Add SMB Share button in the center of the screen.
Use this button or the Add button at the top right of the screen to configure your first SMB share. After adding the first SMB share, the Sharing SMB screen displays.
If you return to the Share option (click Shares on the main navigation panel), the Windows (SMB) Shareswidget displays. It includes the current service status and a list of the SMB shares below it.
The Windows (SMB) Shareswidget updates after adding SMB shares. It also updates when you click Shares on the main navigation panel to return to the Sharing screen.
Each SMB share toggle provides quick access to enable or disable the share.
The Edit Share ACL screen.Edit Share ACL icon displays the
The Edit Filesystem ACL screen.Edit Filesystem ACL icon opens the
Each share also has a delete option.
The SMB share row is a link to the Edit SMB screen.
The Windows (SMB) Sharestoolbar displays the status of the SMB service as either STOPPED (red) or RUNNING (blue). Before adding the first share, the STOPPED status displays in the default color.
Both Windows (SMB) Shares and View Details at the bottom of the widget display the Sharing > SMB details screen.
The Add button displays the Add SMB share configuration screen.
The System Settings > SMB configuration screen.displays options to turn the SMB service on or off. Turn Off Service displays if the service is running, otherwise, Turn On Service displays. The Config Service option displays the
Thetrash can icon displays the Delete dialog.
Select Confirm to activate the Delete button.
Windows SMB Sharedisplays The Sharing >SMB details screen. From this screen, you can add or edit an SMB share on the list.
Add displays the Add SMB configuration screen.
The Columns button displays a set of options to customize the list view. Options include Unselect All, Path, Description, Enabled and Reset to Defaults.
The Enabled checkbox provides the share status. If selected, it indicates the share path is available when the SMB service is active. If cleared, it disables but does not delete the share.
The two SMB share configuration screens, Add SMB and Edit SMB, display the same setting options.
Click Save to create the share (or save an existing one) and add it to the Shares > Windows (SMB) Shares and Sharing SMB details lists.
The Basic Options settings in this section display on the Advanced Options settings screen.
|Path||Enter the path or use theicon to the left of /mnt to locate the dataset and populate the path. Path is the directory tree on the local file system that TrueNAS exports over the SMB protocol.|
|/mnt||Click theicon to expand the path at each dataset until you get to the SMB share dataset you want to use. This populates the Path.|
|Name||Enter a name for this share that is less than or equal to 80 characters. Because of how the SMB protocol uses the name, the name must not exceed 80 characters. The name cannot have invalid characters as specified in Microsoft documentation MS-FSCC section 2.1.6. If not supplied, the share name becomes the last component of the path. This forms part of the full share path name when SMB clients perform and SMB tree connect. If you change the name, follow the naming conventions for files and directories or share names.|
|Purpose||Select a preset option from the dropdown list. The option applies predetermined settings (presets) and disables changing some share setting options.|
|Description||Enter a brief description or notes on how you use this share.|
|Enabled||Selected by default to enable sharing the path when the SMB service is activated. Clear to disable this SMB share without deleting it.|
This table details the options found on the Purpose dropdown list.
|No presets||Select to retain control over all Advanced Options settings.|
|Default parameters for cluster share||Select when setting up an SMB cluster share.|
|Default share parameters||The default option when you open the Add SMB screen and to use for any basic SMB share.|
|Basic time machine share||Select to set up a basic time machine share.|
|Multi-User time machine||Select to set up a multi-user time machine share.|
|Multi-Protocol (NFSv3/SMB) shares||Select for multi-protocol (NFSv3/SMB) shares.|
|Private SMB Datasets and Shares||Select to use private SMB datasets and shares.|
|SMB WORM. Files become read-only via SMB after 5 minutes||The SMB WORM preset only impacts writes over the SMB protocol. Before deploying this option in a production environment, the user should determine whether the feature meets their requirements.|
Click Advanced Options to display settings made available or locked based on the option selected in Purpose.
The Access settings let you customize access to the share and files. They also let you specify allow or deny access for host names or IP addresses.
|Enable ACL||Select to enable ACL support for the SMB share. A warning displays if you clear this option and the SMB dataset has an ACL, and you are required to strip the ACL from the dataset prior to creating the SMB share.|
|Export Read-Only||Select to prohibit writes to the share.|
|Browsable to Network Clients||Select to determine whether this share name is included when browsing shares. Home shares are only visible to the owner regardless of this setting. Enabled by default.|
|Allow Guest Access||Select to enable. Privileges are the same as the guest account. Guest access is disabled by default in Windows 10 version 1709 and Windows Server version 1903. Additional client-side configuration is required to provide guest access to these clients.|
MacOS clients: Attempting to connect as a user that does not exist in FreeNAS does not automatically connect as the guest account. You must specifically select the Connect As: Guest option in macOS to log in as the guest account. See the Apple documentation for more details.
|Access Based Share Enumeration||Select to restrict share visibility to users with read or write access to the share. See the smb.conf manual page.|
|Hosts Allow||Enter a list of allowed host names or IP addresses. Separate entries by pressing Enter. You can find a more detailed description with examples here.|
|Hosts Deny||Enter a list of denied host names or IP addresses. Separate entries by pressing Enter.|
The Other Options settings are for improving Apple software compatibility, ZFS snapshot features, and other advanced features.
|Use as Home Share||Select to allow the share to host user home directories. Each user has a personal home directory they use when connecting to the share that is not accessible by other users. Home Shares allow for personal, dynamic shares. You can only use one share as the home share. See Adding an SMB Home Share for more information.|
|Time Machine||Enables Apple Time Machine backups on this share. This option requires SMB2/3 protocol extension support. You can enable this in the general SMB server configuration.|
|Legacy AFP Compatibility||Select to enable the share to behave like the deprecated Apple Filing Protocol (AFP). Leave cleared for the share to behave like a normal SMB share. This option controls how the SMB share reads and writes data. Only enable this when this share originated as an AFP sharing configuration. You do not need legacy compatibility for pure SMB shares or macOS SMB clients. This option requires SMB2/3 protocol extension support. You can enable this in the general SMB server configuration.|
|Enable Shadow Copies||Select to export ZFS snapshots as Shadow Copies for Microsoft Volume Shadow Copy Service (VSS) clients.|
|Export Recycle Bin||Select to enable. Deleted files from the same dataset move to a Recycle Bin in that dataset and do not take any additional space.|
|Use Apple-style Character Encoding||Select to convert NTFS illegal characters in the same manner as macOS SMB clients. By default, Samba uses a hashing algorithm for NTFS illegal characters.|
|Enable Alternate Data Streams||Select to allow multiple NTFS data streams. Disabling this option causes macOS to write streams to files on the file system.|
|Enable SMB2/3 Durable Handles||Select to allow using open file handles that can withstand short disconnections. Support for POSIX byte-range locks in Samba is also disabled. We don’t recommend this option when configuring multi-protocol or local access to files.|
|Enable FSRVP||Select to enable support for the File Server Remote VSS Protocol (FSVRP). This protocol allows remote procedure call (RPC) clients to manage snapshots for a specific SMB share. The share path must be a dataset mount point. Snapshots have the prefix |
|Path Suffix||Appends a suffix to the share connection path. Use this to provide individualized shares on a per-user, per-computer, or per-IP address basis. Suffixes can contain a macro. See the smb.conf manual page for a list of supported macros. The connect path must be preset before a client connects.|
The Purpose setting you select in the Basic Options affects which Advanced Options settings (presets) you can select. Some presets are available or locked based on your choice. The expandable below provides a comparison table that lists these presets and shows whether the option is available or locked.
The following table shows the preset options for the different Purpose options and if those are locked.
A check_box indicates the option is enabled while check_box_outline_blank means the option is disabled. [ ] indicates empty text fields, and [%U] indicates the option the preset created.
|Setting||Default Share Parameters||Multi-User Time Machine||Multi-Protocol (NFSv3/SMB) Shares||Private SMB Datasets and Shares||SMB Files become Read Only after 5 minutes|
|Enable ACL||check_box (locked)||check_box||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank|
|Export Read Only||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Browsable to Network Clients||check_box (locked)||check_box||check_box||check_box||check_box|
|Allow Guest Access||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Access Based Share Enumeration||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Hosts Allow||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Hosts Deny||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Use as Home Share||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Time Machine||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Enable Shadow Copies||check_box (locked)||check_box||check_box||check_box||check_box|
|Export Recycle Bin||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Use Apple-style Character Encoding||check_box_outline_blank (locked)||check_box_outline_blank||check_box||check_box||check_box|
|Enable Alternate Data Streams||check_box (locked)||check_box||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank|
|Enable SMB2/3 Durable Handles||check_box (locked)||check_box||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank|
|Enable FSRVP||check_box_outline_blank (locked)||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank||check_box_outline_blank|
|Path Suffix||[ ] (locked)||[%U] (locked)||[%U]||[%U] (locked)||[ ] (locked)|
The SMB Share ACL screen displays when you click Edit Share ACL from the Sharing SMB details screen. These settings configure new ACL entries for the selected SMB share and apply them at the entire SMB share level. It is separate from file system permissions.options list on the
ACL Entries are listed as a block of settings. Click Add to add a new entry.
|SID||Shows the SID trustee value (who) this ACL entry (ACE) applies to. SID is a unique value of variable length that identifies the trustee. Shown as a Windows Security Identifier. Click Save and re-open Edit Share ACL to update.|
|Who||Select the domain for account(s) (who) this ACL entry applies to. Options are User, Group, and everyone@.|
|User||Enter or select from the dropdown a user (who) this ACL entry applies to, shown as a user name. Available when Who is set to User.|
|Group||Enter or select from the dropdown a group (who) this ACL entry applies to, shown as a group name. Available when Who is set to Group.|
|Permission||Select predefined permission combinations from the dropdown list. Select FULL to grant read access, execute permission, write access, delete objects, change permissions, and take ownership (RXWDPO) permissions. Select CHANGE to grant read access, execute permission, write access, and delete object (RXWD) permissions. Select READ to grant read access and execute permission on the object (RX). For more details, see smbacls(1).|
|Type||Select the option from the dropdown list that specifies how TrueNAS applies permissions to the share. Select ALLOWED to deny all permissions by default, except manually defined permissions. Select DENIED to allow all permissions by default, except manually defined permissions.|
Save stores the share ACL and immediately applies it to the share.
Edit Filesystem ACL opens Datasets > Edit ACL screen for the shared dataset.
- Adding SMB Shares
- Managing SMB Shares
- Adding a Basic Time Machine SMB Share
- Using SMB Shadow Copy
- Setting Up SMB Home Shares
- SMB Service Screen
- SMB Share MacOS Client Limitations When Using Decomposed Unicode Characters