I’ve set up SMB Home folder for Active Directory, using this guide. To test things out, I used domain administrator’s credentials.
On an AD joined PC (Windows Server), I can RWX the home folder without any issues.
However, if I use the administrator’s credential to browse files on a computer that is not domain joined, I receive inaccessible error.
Is this an expected behavior and a security feature in AD server or TrueNAS?
I was able to solve this by using Down-Level Logon Name format as the username instead of User Principal Name format.
In my case, I deleted the saved credentials under Control Panel > User Accounts > Credentials Manager > Windows Credentials then tried accessing the NAS using Universal Naming Convention path i.e. \\192.168.10.100
When prompted to enter the credentials, I used AD\joe as the username instead of joe@ad.domain.com
Credits: tabmowtez comments on SMB Home Folder Accessibility Issue on Non-Domain Joined PCs
I would like to highlight two important points:
Always create the dataset first, then edit the shared folder SMB settings (i.e., enabling Home Share option). Only after making these changes should you configure the ACLs. Configuring the ACLs before modifying the shared folder settings will not work. The official guide correctly outlines these steps in the right order.
For local users on TrueNAS, remember to “Create Home Directory” as shown below:
Notice that I’ve selected NAS01 (my TrueNAS hostname) as the directory under which the local user’s home folders will reside. This folder is automatically created. The CORP directory is for Active Directory users, whose home directories are created automatically. There is no need to adjust this setting for AD users.
