Get a Quote     (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support Toggle between Light and Dark mode

SMB Service Screen

  4 minute read.

Last Modified 2022-09-21 15:57 EDT

The SMB Services screen displays setting options to configure TrueNAS SMB settings to fit your use case. The Basic Options settings continue to display after selecting the Advanced Options screen.


Click Save or Cancel to close the configuration screen and return to the Services screen.

Basic Options Settings

NetBIOS NameAutomatically populated with the original system host name. This name is limited to 15 characters and cannot be the Workgroup name.
NetBIOS AliasEnter any alias name that is up to 15 characters long. Separate alias names with a space between them.
WorkgroupEnter a name that matches the Windows workgroup name. When unconfigured and Active Directory or LDAP is active, TrueNAS detects and sets the correct workgroup from these services.
Description(Optional) Enter any notes or descriptive details about the service configuration.
Enable SMB1 supportSelect to allow legacy SMB1 clients to connect to the server. Note: SMB1 is being deprecated. We advise you to upgrade clients to operating system versions that support modern SMB protocol versions.
NTLMv1 AuthOff by default. Select to allow smbd attempts to authenticate users with the insecure and vulnerable NTLMv1 encryption. This setting allows backward compatibility with older versions of Windows, but is not recommended. Do not use on untrusted networks.

Advanced Options Settings

The Basic Options settings also display on the Advanced Options settings screen with the Other Options settings.


UNIX CharsetSelect the character set to use internally from the dropdown list of options. UTF-8 is standard for most systems as it supports all characters in all languages.
Log LevelRecord SMB service messages up to the specified log level from the dropdown list. Options are None, Minimum, Normal, full and Debug. By default, error and warning level messages are logged. It is not recommended to use a log level above Minimum for production servers.
Use Syslog OnlySelect to log authentication failures in /var/log/messages instead of the default /var/log/samba4/log.smbd.
Local MasterSelected by default and determines if the system participates in a browser election. Clear this checkbox when the network contains an AD or LDAP server, or when Vista or Windows 7 machines are present.
Enable Apple SMB2/3 Protocol ExtensionsSelect to allow MacOS to use these protocol extensions to improve the performance and behavioral characteristics of SMB shares. This is required for Time Machine support.
Administrators GroupEnter or select members from the dropdown list. Members of this group are local administrators and automatically have privileges to take ownership of any file in an SMB share, reset permissions, and administer the SMB server through the Computer Management MMC snap-in.
Guest AccountSelect the account to use for guest access from the dropdown list. Default is nobody. The selected account must have permissions to the shared pool or dataset. To adjust permissions, edit the dataset Access Control List (ACL), add a new entry for the chosen guest account, and configure the permissions in that entry. If the selected Guest Account is deleted the field resets to nobody.
File MaskOverrides default 0666 file creation mask which creates files with read and write access for everybody.
Directory MaskOverrides default directory creation mask of 0777 which grants directory read, write and execute access for everybody.
Bind IP AddressesSelect static IP addresses that SMB listens on for connections from the dropdown list. Leaving all unselected defaults to listening on all active interfaces.
Auxiliary ParametersEnter additional smb.conf options. Refer to the [Samba Guide]9 for more information on these settings. You can use Auxiliary Parameters to override the default SMB server configuration, but such changes could adversely affect SMB server stability or behavior. To log more details when a client attempts to authenticate to the share, add log level = 1, auth_audit:5.

Related Content