Is the above tutorial up to date? Parts of it seem to contract itself. For example, it says:
Creating an SMB home share requires configuring the system storage and joining Active Directory.
However, I’ve seen tutorials for older versions of CORE that definitely don’t need an Active Directory available.
That said, a couple questions before I try doing this:
Do I need Active Directory, or can I just proceed with a normal dataset and SMB share? I’m almost certain I don’t need an AD, but I want to make sure I’m aware of any caveats of not using one.
What user and group should own the dataset where the Home Folders live? I contemplated setting up a specific Share Admin-empowered user and giving them ownership, but I’m not sure that’s the way to go.
It is talking about two different methods
1 - Adding Local Share Users
2 - Adding Local Share Users (Active Directory or LDAP)
You are also pointing to documents showing “TrueNAS SCALE Nightly Development Documentation”
What version of TrueNAS are you running as there may be changes between them. CORE or SCALE? Are you using AD?
Thanks for those clarifications. That helps a lot.
I’m running Dragonfish, no AD.
I didn’t catch the Nightly on that one. Something about either the browser I’m using or Google is off–I always wind up on the Nightly page when I follow deep links from Google. Usually I catch it and switch back.
I read though the document a few times and I can’t quite figure out if AD / LDAP is required to use this feature correctly. Do you have a user set up on TrueNAS for SMB sharing and have you successfully shared a folder to a Windows machine / user yet?
I think that is the first step and then you will have to try the procedure to see if it works for individual Windows user home directories. It may be relying on AD / LDAP to take care of authentication and permissions for the individual directories
I am hoping someone that uses TrueNAS for Windows Home directories will comment, sorry
Thanks for this. I thought the docs were a bit ambiguous, but I just set up TrueNAS last week, so I wasn’t sure it wasn’t just me.
I’ve got a separate dataset set up in Multiprotocol mode, with an SMB user added to the the appropriate ACL, and it’s all working fine. Enough to throw about 1 TB onto the NAS … from another, slower NAS. That took a while.
I do know that SMB home shares do not require AD in CORE, but that’s BSD…
Nice catch there. It looks like the most recent edits on the 24.04 version of that tutorial didn’t get ported forward to the nightly docs (I’ll work on fixing that today), but yes SMB Home Shares should be considered a legacy feature that are not recommended for new deployments.
To answer the initial question, no AD is not a requirement in SCALE. I’m not sure why the original author of that tutorial presented it as such, but I’ll look at softening that recommendation as well.
We’ll be adding direct documentation on alternate methods of configuring something like Home Shares in the near future, but in the meantime, some things to consider:
Do you actually need individual users to have direct access to the NAS? From a security perspective it may be better to have a single share configured on the NAS and then handle provisioning individual user directories on the client OS. OSes generally have performance expectations for homedirs that network storage can’t easily fulfil.
If you really want to create individual shared directories on the NAS, you can create a single SMB share and configure the ACL so that users inherit permissions on individual directories they create on the share to give them write access and restrict read access from everyone but the administrator. Or,
Create an SMB share using the Private SMB datasets and shares preset that can create per-user datasets under the umbrella of a single share. So if you go to \\server\backups and your username is “bob” it will put the share’s path as “/mnt/tank/backups/bob”, but if you’re “larry” you will get “/mnt/tank/backups/larry”
Hello I just was trying to figure out what was wrong because suddenly my homes shares aren’t working anymore. Currently I got truenas scale running as a vm with nextcloud vm, windows vm, samba active directory vm (deb12), jellyfin vm. Nfs and smb works perfect but sinds a week I am no longer able to loging with home folder with my active directory name. I work but now it wont. permission are correct. Windows gives a error about device failing. owlfiles on ios also gives an error. apple files says permission error but it is correct. if not uses a home share (turn it of) I can see the content but not cant open other folders because of permission so thath good. I indeed home share goes away then the acl bit wil be somewhere else but for data integrity I realy like truenas acl menu ease of use. When wil there be a recommended page about the change or what to do because for some reason it is broken for me.
I only know of the note posted in the Documentation at the link above. The notice of Home Shares being deprecciated was missing from the next version / nightly build docs but I don’t know when they started putting up the notice. You can go back through the release notes for each version and see if it was mentioned on a previous release.
I have no idea on setting up the same functional SMB shares. It might be Private SMB datasets and shares in the current Scale documents. Same link for above.
Sorry to follow up so late. The last several weeks have been not so good.
I think I should backtrack a bit here.
I wasn’t looking to create storage for for remote users to mount their entire home directories from the NAS on logging in from their remote systems. Rather, I was trying to figure out the best way to set up a dataset (maybe with child datasets) for home folders for users who need dedicated storage on the NAS.
For example, I’ve got SSH users that I want to use public key authentication with. In particular, an admin user who isn’t the default “admin” user. As far as I know from my experience with SSH public key authentication on every other Linux I’ve ever used, those users need a home folder on the server I’m trying to SSH into (in this case, my NAS) so I can ssh-copy-id their public key to the server at $USER/.ssh/keys/.
I do see that I can paste a public key in when I’m creating a new user on the NAS. However, with no home directory in existence for that user, I have no idea where that key goes, and the documentation assumes I know a bit more than I actually do. Most of the documentation with regard to SSH keys assumes I want to SSH from TrueNAS to … somewhere else … for setting up a backup/replication job.