AD backed private SMB share different names created on Windows vs Mac

TrueNAS General
1

Hi all,

Iv been stuck with this problem for a bit now, and tried quite a bit to resolve it but have had little luck. I have created a data set named ‘users’ with the NFS4_HOME ACL settings to act as a way to create private sets for my users.

The permissions are working correctly, but when a user logs on Windows as user@this.domain.com it creates a folder for them named ‘user_this.domain.com’, while on mac logging on via user@this.domain.com it creates a folder named ‘user’ instead.

I can get this to work by setting ‘use default domain’ in the Active Directory settings, but then it removes the THIS\user in the interface and could cause clashing. I know there is smbusername.map that could be use to potentially solve it, but I havent found a way to edit the smb4.conf or create that file and it sticking.

Not really sure what else I can try, if any extra information is required let me know

‘testparm -s’ output:

[global]
        allow trusted domains = No
        bind interfaces only = Yes
        disable spoolss = Yes
        dns proxy = No
        domain master = No
        interfaces = 127.0.0.1 10.10.10.10
        load printers = No
        local master = No
        logging = file
        machine password timeout = 0
        max log size = 5120
        netbios name = TRUENAS01
        passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
        preferred master = No
        printcap name = /dev/null
        realm = THIS.DOMAIN.COM
        registry shares = Yes
        restrict anonymous = 2
        security = ADS
        server role = member server
        server string = TrueNAS
        sync machine password to keytab = /etc/samba/kerberos/krb5.keytab0:account_name:sync_kvno:machine_password /etc/samba/kerberos/krb5.keytab1:sync_spns:sync_kvno:machine_password /etc/samba/kerberos/krb5.keytab2:spn_prefixes=nfs:sync_kvno:machine_password
        template homedir = /var/empty
        template shell = /bin/sh
        winbind cache time = 7200
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind max domain connections = 10
        winbind nss info = rfc2307
        workgroup = THIS
        zfs_core:zfs_block_cloning = False
        zfs_core:zfs_integrity_streams = False
        idmap config * : range = 90000001 - 100000000
        idmap config test : unix_nss_info = True
        idmap config test : unix_primary_group = True
        idmap config test : schema_mode = RFC2307
        idmap config test : range = 5000 - 10000
        idmap config test : backend = ad
        rpc_server:mdssvc = disabled
        rpc_daemon:mdssd = disabled
        fruit:zero_file_id = False
        fruit:nfs_aces = False
        idmap config * : backend = tdb
        create mask = 0664
        directory mask = 0775

[users]
        comment = SMB share for user data (home directory)
        ea support = No
        path = /mnt/hdd_pool/local_data/user/%U
        posix locking = No
        read only = No
        smbd max xattr size = 2097152
        vfs objects = fruit streams_xattr shadow_copy_zfs ixnas recycle zfs_core io_uring
        zfs_core:zfs_auto_create = true
        recycle:subdir_mode = 0700
        recycle:directory_mode = 0777
        recycle:touch = True
        recycle:versions = True
        recycle:keeptree = True
        recycle:repository = .recycle/%D/%U
        fruit:resource = stream
        fruit:metadata = stream

Dataset permissions:

Owner: truenas_admin
Group: THIS\truenas_users
owner@ - truenas_admin - Allow | Full Control
group@ - THIS\truenas_users - Allow | Modify
everyone@ - Allow | Traversal
Group - THIS\truenas_users - Allow | Modify

SMB Share settings:

Private SMB Datasets and Shares - Default
* Added enable Recycle bin

Share ACL

Who: Group Group: THIS\truenas_users
Permission: FULL Type: Allowed

2

Still have not had any lucky with my research

Adding more information about my setup:

Running TrueNas Community 25.04.2.6 on a Dell r530 with dual Xeon E5-266 v4, 64gb ram

Running Windows Server 2019 Datacenter VM with 2 cores with 8gb ram

3

Updating this as I got some more information. I realized that TrueNas uses the old NETBIOS name to determine the login credentials, rather than the FQDN.

This results in when logging in on mac, two login events in the audit log, one with client domain “this.domain.com” and a successful one of “THIS”.

Im also able to login on mac without specifying a domain, which confuses me as should I have to add the domain? I have no local users besides the truenas_admin user

4

The different folder naming between Windows and Mac on AD-backed SMB shares is usually a case sensitivity issue. macOS treats filenames as case-insensitive but preserving case, while the underlying ZFS filesystem on TrueNAS is case-sensitive by default. When you create the dataset, there is a Case Sensitivity option - for mixed Windows/Mac environments, set it to Insensitive. For existing datasets you cannot change this without recreating the dataset unfortunately. Also check that the SMB share has the vfs_fruit module enabled (it should be by default) as this handles macOS-specific metadata properly.

5

Thanks for the response on this. Unfortunately I dont think the issue is case sensitivity, as they are all lower case. I looked for the vfs_fruit module, but was unable to find anything

For example, here is the 4 different mini-datasets getting create when joining on mac vs windows:
Red and green are the same user names (from active directory)

image
image578×242 10.1 KB