TrueNASTrueNAS Nightly Development Documentation
This content follows experimental nightly development software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.

SMB Shares Screens

Windows (SMB) Shares Widget

If you have not added SMB shares to the system, the SMB widget shows No records have been added yet.

Windows (SMB) Share Widget without Shares
Figure 1: Windows (SMB) Share Widget without Shares

Add at the top right of the widget opens the Add SMB screen where you configure SMB shares. After adding an SMB share it displays on the widget.

Windows (SMB) Share Widget with Shares
Figure 2: Windows (SMB) Share Widget with Shares

Click on Windows (SMB) Shares launch to open the Sharing > SMB screen.

Each SMB share includes a toggle that provides quick access to enable or disable the share, and four icons for different individual share functions:

The Windows (SMB) Shares launch toolbar displays the status of the SMB service as either STOPPED (red) or RUNNING (blue). Before adding the first share, the STOPPED status displays in the default color.

Click on the widget header to open the Sharing > SMB details screen.

Add opens the Add SMB share configuration screen.

The more_vert icon displays four options available to SMB shares in general:

  • Turn Off Service what shows when the SMB service is enabled and that toggles to Turn On Service when the SMB service is disabled.
  • Config Service that opens the SMB configuration screen.
  • SMB Sessions that opens the SMB Status screen with four tabs: Sessions, Locks, Shares, and Notifications.
  • Audit Logs that opens the Audit screen with a predefined filter for and showing the SMB share logs.

Delete SMB Share Dialog

The delete trash can icon displays the Delete dialog.

Delete SMB Share
Figure 3: Delete SMB Shares

Select Confirm to activate the Delete button.

Sharing SMB Details Screen

The Sharing >SMB details screen, lists all SMB shares added to the system.

Sharing SMB Screen
Figure 4: Sharing SMB Screen

SMB Sessions opens the SMB Status screen.

Columns displays a set of options to customize the list view. Options include Unselect All, Path, Description, Enabled and Reset to Defaults.

Add opens the Add SMB configuration screen.

Enabled indicates whether the share is enabled or disabled. If selected, the share path is available when the SMB service is active. If cleared, the share is disabled but not deleted from the system.

Audit Logging indicates whether auditing for the share is enabled or disabled.

The more_vert displays a dropdown list of options for each share:

To return to the Share screen, click Shares on the main navigation panel or Sharing on the breadcrumb at the top of the screen.

Add and Edit SMB Screens

The two SMB share configuration screens, Add SMB and Edit SMB, display the same setting options. The Create Dataset option does not show on the Edit SMB screen, but you can change to another existing dataset on the system.

Click Save to create the share (or save an existing one) and add it to the Windows (SMB) Shares widget and Sharing SMB details screen.

Basic Options Settings

The Basic Options settings in this section also display in the Advanced Options.

Add SMB Basic Options
Figure 5: Add SMB Basic Options

Browsing to select a path

Click the arrow to the left of the folder icon to expand that folder and show any child datasets and directories. A solid folder icon shows for datasets and an outlined folder for directories. A selected dataset or directory folder and name shows in blue.

SettingDescription
PathEnter the path or use the arrow_right icon to the left of /mnt to locate the dataset and populate the path. Path is the directory tree on the local file system that TrueNAS exports over the SMB protocol.
/mntClick the arrow_right icon to expand the path at each dataset until you get to the SMB share dataset you want to use. This populates the Path.
Create DatasetClick to open the Create Dataset dialog. Enter a name to create a new dataset for the share. Click Create to add the dataset and populate the Name field on the Add SMB screen.
NameEnter a name for this share that is less than or equal to 80 characters. Because of how the SMB protocol uses the name, the name must not exceed 80 characters. The name cannot have invalid characters as specified in Microsoft documentation MS-FSCC section 2.1.6. If not supplied, the share name becomes the last component of the path. This forms part of the full share path name when SMB clients perform and SMB tree connect. If you change the name, follow the naming conventions for files and directories or share names.
PurposeSelect a preset option from the dropdown list. The option applies predetermined settings (presets) and disables changing some share setting options.
DescriptionEnter a brief description or notes on how you use this share.
EnabledSelected by default to enable sharing the path when the SMB service is activated. Clear to disable this SMB share without deleting it.

Purpose Setting Options

This table details the options found on the Purpose dropdown list.

SettingDescription
No presetsSelect to retain control over all Advanced Options settings. This option gives users the flexibility to manually configure SMB parameters.
Default share parametersThe default option when you open the Add SMB screen and to use for any basic SMB share. These settings provide a baseline configuration that ensures compatibility and functionality, and allow users to set up shares with commonly implemented options and behaviors.
Basic time machine shareSelect to set up a basic time machine share. This provides a centralized location for users to store and manage system backups.
Multi-User time machineSelect to set up a multi-user time machine share. This option allows multiple users to use TrueNAS as a centralized backup solution while simultaneously ensuring that each backup users make are kept separate and secure from one another.
Multi-Protocol (NFSv3/SMB) sharesSelect for multi-protocol (NFSv3/SMB) shares. Choosing this option allows NFS and SMB users to access TrueNAS at the same time.
Private SMB Datasets and SharesSelect to create a share that maps to a path determined by the username of the authenticated user. TrueNAS creates a unique, private dataset matching the user name.
SMB WORM. Files become read-only via SMB after 5 minutesThe SMB WORM preset only impacts writes over the SMB protocol. Before deploying this option in a production environment, determine whether the feature meets your requirements. Employing this option, ensures data written to the share cannot be modified or deleted, thus increasing overall data integrity and security.

Advanced Options Settings

Click Advanced Options to display settings made available or locked based on the option selected in Purpose.

Access Settings

The Access settings customize access to the share and files, and also specifying allow or deny access for host names or IP addresses.

SMB Advanced Options Access
Figure 7: SMB Advanced Options Access
SettingDescription
Enable ACLSelect to enable ACL support for the SMB share. A warning displays if you clear this option and the SMB dataset has an ACL, and you are required to strip the ACL from the dataset prior to creating the SMB share.
Export Read-OnlySelect to prohibit writes to the share.
Browsable to Network ClientsSelect to determine whether this share name is included when browsing shares. Home shares are only visible to the owner regardless of this setting. Enabled by default.
Allow Guest AccessSelect to enable. Privileges are the same as the guest account. Guest access is disabled by default in Windows 10 version 1709 and Windows Server version 1903. Additional client-side configuration is required to provide guest access to these clients.
MacOS clients: Attempting to connect as a user that does not exist in FreeNAS does not automatically connect as the guest account. You must specifically select the Connect As: Guest option in macOS to log in as the guest account. See the Apple documentation for more details.
Access Based Share EnumerationSelect to restrict share visibility to users with read or write access to the share. Open is the default for this setting. See the smb.conf manual page.
Hosts AllowEnter a list of allowed host names or IP addresses. Separate entries by pressing Enter. You can find a more detailed description with examples here.
Hosts DenyEnter a list of denied host names or IP addresses. Separate entries by pressing Enter.

Audit Logging

The Audit Logging settings enable the auditing function for the SMB share, and allow configuring a watch and ignore list for groups administrators want to monitor.

SMB Audit Logging
Figure 8: SMB Audit Logging
SettingDescription
EnabledSelect to enable audit logging for the SMB share.
Watch ListSelect groups from the dropdown list that you want to generate audit logging message for. Leaving this blank includes all SMB users with access to the share. If also setting a limit list, when a conflict exists the watch list takes precedence.
Limit ListSelect groups from the dropdown list that you want to ignore or exclude from audit logging. If a group is a member of both the watch and limit lists, the watch list takes precedence and the group generates audit messages.

Other Settings

The Other Options settings include improving Apple software compatibility, ZFS snapshot features, and other advanced features.

SMB Advanced Options Other
Figure 9: SMB Advanced Options Other
SettingDescription
Use as Home ShareSelect to allow the share to host user home directories. Each user has a personal home directory they use when connecting to the share that is not accessible by other users. Home Shares allow for personal, dynamic shares. You can only use one share as the home share. See Adding an SMB Home Share for more information.
Time MachineEnables Apple Time Machine backups on this share. This option requires SMB2/3 protocol extension support. You can enable this in the general SMB server configuration.
Legacy AFP CompatibilitySelect to enable the share to behave like the deprecated Apple Filing Protocol (AFP). Leave cleared for the share to behave like a normal SMB share. This option controls how the SMB share reads and writes data. Only enable this when this share originated as an AFP sharing configuration. You do not need legacy compatibility for pure SMB shares or macOS SMB clients. This option requires SMB2/3 protocol extension support. You can enable this in the general SMB server configuration.
Enable Shadow CopiesSelect to export ZFS snapshots as Shadow Copies for Microsoft Volume Shadow Copy Service (VSS) clients.
Export Recycle BinSelect to enable. Deleted files are renamed to a per-user subdirectory within the .recycle directory at either the root of the SMB share if the path is the same dataset as the SMB share (default is share and dataset have the same name), or at the root of the current dataset if datasets are nested. Nested datasets do not have automatic deletion based on file size. Do not rely on this function for backups or replacements of ZFS snapshots.
Use Apple-style Character EncodingSelect to convert NTFS illegal characters in the same manner as macOS SMB clients. By default, Samba uses a hashing algorithm for NTFS illegal characters.
Enable Alternate Data StreamsSelect to allow multiple NTFS data streams. Disabling this option causes macOS to write streams to files on the file system.
Enable SMB2/3 Durable HandlesSelect to allow using open file handles that can withstand short disconnections. Support for POSIX byte-range locks in Samba is also disabled. We do not recommend this option when configuring multi-protocol or local access to files.
Enable FSRVPSelect to enable support for the File Server Remote VSS Protocol (FSVRP). This protocol allows remote procedure call (RPC) clients to manage snapshots for a specific SMB share. The share path must be a dataset mount point. Snapshots have the prefix fss- followed by a snapshot creation timestamp. A snapshot must have this prefix for an RPC user to delete it.
Path SuffixAppends a suffix to the share connection path. Use to provide individualized shares on a per-user, per-computer, or per-IP address basis. Suffixes can contain a macro. See the smb.conf manual page for a list of supported macros. The connect path must be preset before a client connects.
Additional Parameters StringShows a string of parameters associated with the share preset selected, or if no preset, enter additional smb4.conf parameters not covered by the TrueNAS API.

Advanced Options Presets

The Purpose setting you select in the Basic Options affects which Advanced Options settings (presets) you can select. Some presets are available or locked based on your choice. The expandable below provides a comparison table listing these presets and shows whether the option is available or locked.

What do all the presets do?

The following table shows the preset options for the different Purpose options and if those are locked. A indicates the option is enabled while means the option is disabled. [ ] indicates empty text fields, and [%U] indicates the option the preset created.

SettingDefault Share ParametersMulti-User Time MachineMulti-Protocol (NFSv3/SMB) SharesPrivate SMB Datasets and SharesSMB Files become Read Only after 5 minutes
Enable ACL (locked) (locked)
Export Read Only (locked)
Browsable to Network Clients (locked)
Allow Guest Access
Access Based Share Enumeration (locked)
Hosts Allow (locked)
Hosts Deny (locked)
Use as Home Share (locked)
Time Machine (locked)
Enable Shadow Copies (locked)
Export Recycle Bin (locked)
Use Apple-style Character Encoding (locked)
Enable Alternate Data Streams (locked) (locked)
Enable SMB2/3 Durable Handles (locked) (locked)
Enable FSRVP (locked)
Path Suffix[ ] (locked)[%U] (locked)[%U][%U] (locked)[ ] (locked)
[Back to Advanced Options Settings](#advanced-options-settings)

Edit Share ACL Screen

The Share ACL for sharename screen opens when you click the Edit Share ACL icon on the Windows (SMB) Shares widget or the more_vert on the Sharing SMB details screen. These settings configure new ACL entries for the selected SMB share and apply them at the entire SMB share level. It is separate from file system permissions.

SMB Share ACL Screen
Figure 10: SMB Share ACL Screen

ACL Entries are listed as a block of settings. Click Add to add a new entry.

SettingDescription
SIDShows the SID trustee value (who) this ACL entry (ACE) applies to. SID is a unique value of variable length that identifies the trustee. Shown as a Windows Security Identifier. Click Save and re-open Edit Share ACL to update.
WhoSelect the domain for account (who) this ACL entry applies to. Options are:
  • User - Select to show the User field. Enter or select from the dropdown a user (who) this ACL entry applies to, shown as a user name.
  • Group - Select to show the Group field. Enter or select from the dropdown a group (who) this ACL entry applies to, shown as a group name.
  • everyone - Select to apply the ACL entry to everyone.
  • PermissionSelect predefined permission combinations from the dropdown list. Options are:
  • FULL - Select to grant read access, execute permission, write access, delete objects, change permissions, and take ownership (RXWDPO) permissions.
  • CHANGE - Select to grant read access, execute permission, write access, and delete object (RXWD) permissions.
  • READ - Select to grant read access and execute permission on the object (RX). For more details, see smbacls(1).
  • TypeSelect the option from the dropdown list that specifies how TrueNAS applies permissions to the share. Options are:
  • ALLOWED - Select to deny all permissions by default, except manually defined permissions.
  • DENIED - Select to allow all permissions by default, except manually defined permissions.
  • Save stores the share ACL and immediately applies it to the share.

    Edit Filesystem ACL Screen

    The Edit Filesystem ACL option opens the Edit ACL screen for the dataset the share uses. See Edit ACL Screen more information on the settings found on this screen.

    SMB ACL Editor
    Figure 11: SMB ACL Editor

    Use the ACL editor screen to set filesystem permissions for the shared dataset. See Permissions for more information on configuring permissions.

    SMB Status Screens

    You can access the SMB Status screen from the SMB option on the System > Services screen with the icon and from the more_vert on the Shares > Windows (SMB) Shares widget.

    SMB Status Sessions Tab
    Figure 12: SMB Status Sessions Tab

    The SMB Status screen has four tabs with information related to SMB shares:

    • Sessions shows current SMB sessions (default view).
    • Locks shows locked files.
    • Shares shows open files.
    • Notifications shows file notification subscriptions.

    Refresh updates the information displayed on the selected tab.

    Column displays a dropdown list of options for the selected tab to customize the information included on the screen.

    Click Sharing or SBM on the top breadcrumb to open the selected screen.

    The breadcrumb displays when you access the SMB Status screen from the System > Services SMB row.