I am trying to configure SMB sharing on my TrueNAS system, but I am having trouble with permissions. When I try to access the “IT” folder, I get an error message saying “You don’t have permission.” I want to set up access control so that only specific users can access the “IT” folder, and others are prompted with a login window to enter credentials.
I have followed the steps to disable guest access and configured the SMB share correctly. However, despite this, when a non-authorized user tries to access the share, they get the “You don’t have permission” message instead of being prompted for credentials. I need help to properly configure the SMB share so that unauthorized users are asked to enter their username and password, while authorized users can access it.
Here’s what I’ve done so far:
- Disabled guest access for the SMB share.
- Added users to the “Authorized Users” list.
- Checked the permissions and ACL settings for the “IT” folder.
Can anyone guide me on how to make sure that when an unauthorized user tries to access the folder, they get prompted for login credentials?
Exactly what is a user logging in with? A windows system, Linux, BSD?
What you are asking I believe is only configurable on the system your users are physically using, not TrueNAS, after all it is denying access.
The user logs on to Windows. What I want is to ensure that when a person who does not have authorization wants to access a folder, only someone with authorized credentials can do so.
To give an example, I want an IT person to authenticate when he/she goes to an employee’s computer so that he/she can access the IT folder.
Can anyone help me with this? I’ve been trying to solve the same problem for 2 days.
The windows kernel client only allows a single set of authenticated credentials per server connection. It does not allow you to authenticate to \\server\share with one set of creds and \\server\it with a different set of creds.
If you want something hackish then you can alternatively type in \\ip of server\share rather than the netbios name, but maybe consider a better workflow for how to manage things. Having IT people walk around typing privileged credentials in to user computers is not exactly best-practice these days.
