TrueNASTrueNAS Nightly Development Documentation
This content follows experimental nightly development software. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a stable software release.

SMB Service Screen

The System > Services screen includes three icons on the SMB service row:

  • Audit Logs opens the Audit screen.
  • SMB Sessions opens the SMB Status screen.
  • Configure opens the SMB Service screen showing the Basic Settings by default.

SMB Service Screen

The SMB service screen displays setting options to configure TrueNAS SMB service settings to fit your use case.

SMB Service Basic Settings
Figure 1: SMB Service Basic Settings

Click Save or Cancel to close the configuration screen and return to the Services screen.

Basic Settings

SettingDescription
NetBIOS NameAutomatically populates with the original system host name. Enter a name that does not exceed 15 characters that is not the same as the Workgroup name.
NetBIOS AliasEnter any alias name that does not exceed 15 characters in length. If entering multiple aliases, separate alias names with a space between them.
WorkgroupEnter a name that matches the Windows workgroup name. If you do not configure a workgroup, and Active Directory or LDAP is active, TrueNAS detects and sets the correct workgroup from these services.
Description(Optional) Enter any notes or descriptive details about the service configuration.
Enable SMB1 supportSelect to allow legacy SMB1 clients to connect to the server (see caution below). SMB audit logging does not work when using SMB1.
NTLMv1 AuthOff by default. Select to allow smbd attempts to authenticate users with the insecure and vulnerable NTLMv1 encryption. This setting allows backward compatibility with older versions of Windows, but we do not recommend it. Do not use on untrusted networks.

As of TrueNAS 22.12 (Bluefin) and later, TrueNAS does not support SMB client operating systems that are labeled by their vendor as End of Life or End of Support. This means MS-DOS (including Windows 98) clients, among others, cannot connect to TrueNAS SMB servers.

The upstream Samba project that TrueNAS uses for SMB features notes in the 4.11 release that the SMB1 protocol is deprecated and warns portions of the protocol might be further removed in future releases. Administrators should work to phase out any clients using the SMB1 protocol from their environments.

Advanced Settings

SMB Service Advanced Settings
Figure 2: SMB Service Advanced Settings
SettingDescription
UNIX CharsetSelect the character set to use internally from the dropdown list of options. UTF-8 is standard for most systems as it supports all characters in all languages.
Transport Encryption BehaviorSelect the option for the level of transport encryption to implement. Options and behaviors:
  • Default - follow upstream/TrueNAS default
  • Negotiate - only encrypt transport if explicitly requested by the SMB client
  • Desired - encrypt transport if supported by client during session negotiation
  • Required - always encrypt transport (rejecting access if client does not support encryption - incompatible with SMB1 server enable_smb1)
  • the TrueNAS and Samba default behavior allows SMB clients to negotiate different encryption levels for SMB shares. When set to Default, there is no technical limitation preventing an SMB client from negotiating an encrypted session if it is required. Default enables negotiating encryption but does not turn on data encryption globally per share. For more information on SMB1 and SMB2 session or per-share encryption, see Samba Server SMB Encrypt(s). For more information on using Windows client-side SMB signing, see Windows SMB Signing Policies.
    Log LevelRecord SMB service messages up to the specified log level from the dropdown list. Options are None, Minimum, Normal, full and Debug. By default, TrueNAS logs error and warning-level messages. We do not recommend using a log level above Minimum for production servers.
    Use Syslog OnlySelect to log authentication failures in /var/log/messages instead of the default /var/log/samba4/log.smbd.
    Local MasterSelected by default and determines if the system participates in a browser election. Leave cleared when the network contains an Active Directory or LDAP server or when Vista or Windows 7 machines are present.
    Enable Apple SMB2/3 Protocol ExtensionsSelect to allow MacOS to use these protocol extensions to improve the performance and behavioral characteristics of SMB shares. TrueNAS requires Apple SMB2/3 protocol extensions for Time Machine support.
    MultichannelSMB multichannel allows servers to use multiple network connections simultaneously by combining the bandwidth of several network interface cards (NICs) for better performance. SMB multichannel does not function if you combine NICs into a LAGG.
    SMB Service Advanced Settings (continued)
    Figure 3: SMB Service Advanced Settings (continued)
    SettingDescription
    Administrators GroupEnter or select members from the dropdown list. Members of this group are local administrators and automatically have privileges to take ownership of any file in an SMB share, reset permissions, and administer the SMB server through the Computer Management MMC snap-in.
    Guest AccountSelect the account for guest access from the dropdown list. The default is nobody. The selected account must have permission for the shared pool or dataset. To adjust permissions, edit the dataset Access Control List (ACL), add a new entry for the chosen guest account, and configure the permissions in that entry. If you delete the selected Guest Account, the field resets to nobody.
    File MaskOverrides default 0664 file creation mask, which creates files with read and write access for everybody.
    Directory MaskOverrides default directory creation mask of 0775, which grants everyone directory read, write, and execute access.
    Bind IP AddressesSelect static IP addresses that SMB listens on for connections from the dropdown list. Leaving all unselected defaults to listening on all active interfaces.