Hi, first of all I don’t know if this is in the right place but I couldn’t find a tech support catagory. Hope it’s ok to post here.
So I’m a complete begginer when it comes to Freenas and barley know what i’m doing.
I have run into a permissions problem where I can’t give acess to a movie dataset to someone else in my home.
I think the problem is something to do with the root dataset ACL but it won’t let me edit it.
I found a post here: Reset Pool ACL Freenas 11.3 | TrueNAS Community
I tried the command: chown root:wheel /mnt/storage
I don’t really know command line at all though so I don’t know how/if I need to change it. Either way the command as I pasted it does nothing.
I’ll post some screenshots of my pool setup once I have created the topic.
In order as shown:
1.account as set up on truenas
2.permissions as seen from my (robs) PC
3. The message when I try to connect to movies on Anne’s PC
4. SMB share setting for movies
p.s. I have tried logging in with the annie credentials on several other computers but it still won’t work.
This is very important and quite possibly might be the issue, When you setup Anne’s (or Annie’s) user on freenas, did you ensure that her windows username and her windows password match her freenas username and freenas password in the settings? Differences like Anne vs. Annie vs. ANNEPC might be to blame.
Is Anne logging in to her computer with an actual Microsoft account like [email protected] or using some sort of email login to access her computer… If not and you made her a local account on her computer, then uncheck the Microsoft account checkbox on her freenas username. If she is using an actual Microsoft account or email type log in for her computer then place that in the email section of the user setup and recheck the Microsoft account option…
These links may be helpful to understand…
Have you tried mapping a network share on her computer for that folder, does it ask you for credentials? If you can get it to ask you for credentials, can you put in what you have for the Freenas user and check the box to save the creds?
You stated that she is part of the family group. Your “family” group has “full control” of the movies share according to the acl permissions in your first post. So if you get everything sorted out then you still will have given her read/write…
Have you had any issues ever with accessing any of your shares on your computer or with your credentials?
The only difference was a capital letter so I have now changed that. The user on the windows machine and on truenas now both how “Annie” as the username.
I set it up for just as a local account. I have now unticked the microsoft account box in the user settings on truenas.
On her windows machine if i click truenas from the network section in file explorer it gets me to the next step without asking for credentials. So now I can see the 2 SMB shares (Media and Movies). I still can’t acess either of them. I try to map the share to a network drive so it asks for credentials again and it still won’t work. I have even cleared out the credentials in the control panel.
Ah thankyou I didn’t realise but I guess it makes sense. I changed the group owner back to wheel whilst still keeping Annie user with read permissions.
Nope, never had any problems with my credentials. That is partly why I think I have somehow set ACL on the root dataset/pool and need to change it somehow but even if I could I would not know what to set it to. I don’t even know if that is the problem but I will share a screenshot from the SMB page of truenass that shows an ACL sign next to the media pool.
The only other things that I can come up with at the moment is to try and set the password of the Freenas User Annie to her windows password again just to make sure that they are matching. Maybe have her enter her password into the Freenas user setup fields instead of you enter it. Just a thought.
Also try a reboot of the Freenas server itself or a restart of the SMB service on Freenas.
Two things. As mentioned above, you’re giving one user read permission but that user is already put into a group that has full control. Not that I’m a permissions guru but I don’t give specific users specific permissions. I only put group permissions in. I tend to leave the @group and @owner out of the equation and instead specify the different groups I want.
For example, I have an “admin” group, “trusted guest” group, and “restricted guest” group. Each share will receive those groups with varied permissions. I will then add each user to the group so I don’t have to mess with individual ACLs.
In your case an example might be group “family” as full control, “friends” as only read.
Then your users you want full control to go to would have family as primary group then read only could go with friends as primary group.
The other thing when making big changes to network shares… Windows can be real flakey sometimes giving all kinds of strange errors. You could try restarting the workstation service in windows to clear credentials and try logging in again.
I changed the ACL to only have control through the group but it’s still not having any of it
Yeah I had been doing that because I heard windows was flakey. I have even setup an entire new user on a laptop to test changes and still it’s a no go.
Out of curiosity when you change ACL settings on a pool, you are checking the “apply permissions recursively” box?
Though it “should” allow the user to get into the share, if there is no existing directory structure they’re able to access maybe Windows is derping out with the deny error.
If that doesn’t work, the only other thing I could suggest is stripping out ACLs on that dataset recursively and start fresh with setting them up as I suggested above. It could be a bug in the web UI maybe? I wish I knew more about how TrueNAS ACLs work.
I was going to suggest this, however, I didn’t want him to lose his working permissions for his own username in case the creation of new permissions or ACLs didn’t work.
Yeah I have always been clicking the apply permissions recursively box from when I first started trying to figure this out.
I tried stripping the ACL for the Movies dataset and setting up again but it’s still not having it. Thankfully I have never had a problem connecting with my credntials when I have been messing around with ACL.
What about creating a new test dataset and a separate smb share? Only have ACL for permissions. I would suggest not using windows to manage permissions on top of Free/TrueNAS. While it may or may not matter, nesting permissions inside a dataset using different systems seems like asking for problems.
I setup another dataset and SMB share pointing to it but still nothing.
I’m not fully sure what you mean by the rest of the suggestion.
I have only been changing permissions settings from within the Truenas web interface.
When I made a new dataset I did get a message pop up about setting the ACL. I will post a photo of it.
Can you setup another SMB share for your new “test” dataset as well and see if that helps.
Also… And I just discovered this… Have you tried to edit the Permissions on the SMB Share as well? Apparently the share has permissions just like the dataset does. Wait it appears to redirect to the Dataset permissions.
But still try adding a different SMB share, that might help.
