User Home Folder Not Visible from Client PC

kagbasi-ngc · May 11, 2025, 7:04pm

Good-day Folks,

Running into an issue and could use some assistance. I think I am so close to getting an SMB Share working the way I intend, but running into some permissions issue(s).

My Desired Outcome:

SMB Share to be used for user Home Directories (on Windows & Linux clients)
Home Drive automounted on Windows clients at login (using the Profile functionality in Active Directory).
Folders should not be visible to other users, but Domain Admins should have FULL control.

The Problem:

When viewing the SMB Share from a Domain Controller (by a Domain Admin), I can see the subfolders under the root dataset in Windows Explorer. However, when I do the same from a Client Windows PC (by another user that is a member of the security group called out in the ACE), the expected folder is not visible. If I turn off Access Based Enumeration on the SMB Share, I can see the folder but can’t access it.

I have created a single pool - TestPool1 and inside that pool, created a root dataset - HomeDrives.

I’m running a TrueNAS v25.04.0 instance, which I deployed just yesterday. Unfortunately, for some reason, I am unable to attach screenshots to this posting, so I can provide additional details upon request.

UPDATE (as of 1733 PM Eastern Time):

I was granted permissions to be able to attach images to posts, so I’m attaching screenshots below:

Screenshot showing the root Dataset

Screenshot showing the Dataset being used for the SMB Share

Screenshot showing the Windows Share Permissions of User #1

Screenshot showing the Windows Share Permissions of User #2

Screenshot showing the SMB Share Edit page

Screenshot showing the SMB Share ACLs

Screenshot showing the SMB Share (as viewed from a Domain Controller)

Johnny_Fartpants · May 11, 2025, 7:22pm

I’ve increased your trust level so you should be able to share screenshots now.

kagbasi-ngc · May 11, 2025, 9:32pm

Ooh, thanks. I’ll edit my posting and attach the screenshots. Thanks @Johnny_Fartpants

Johnny_Fartpants · May 12, 2025, 6:26am

Can you show us the ‘HomeDrives’ full permission view please from the UI.

This may also help Understanding Home Directories - #18 by Johnny_Fartpants

kagbasi-ngc · May 12, 2025, 7:33pm

As requested, here’s the full permission view of the “HomeDrives” dataset.

Johnny_Fartpants · May 12, 2025, 8:04pm

So is the issue when you want a member of domain admins or workstation_admins to be able to access another users folder?

If so you will need to create a second share pointing at the same path (HomeDrives) as before but using the ‘Default share parameters’ and give it a slightly different name like ‘Home Drives Admins’ and try connecting to that as a domain admin or workstation_admin and you should be able to see all the directories and access the contents.

kagbasi-ngc · May 12, 2025, 8:29pm

No sir, I’m actually trying to achieve the reverse.

Currently, members of the “Domain Admins” group can see all the contents of the share BUT the actual users can’t, and because of that the mapping of the user’s home drive in Windows is not happening.

I’m looking to have each user in the “Workstation_Admins” group be able to have modify rights on their home folder AND Domain Admins have full rights over all home folders. Looks like with Access Based Enumeration enabled on the share, I’m able to achieve the isolation I’m looking for, so now just need to figure out why only Domain Admins seem to have access.

Johnny_Fartpants · May 12, 2025, 8:32pm

So with the ‘Private SMB Datasets and Shares’ preset you know that only allows each user to see their own space right?

kagbasi-ngc · May 12, 2025, 9:03pm

Hmm, I see your point…so that means Domain Admins will not be able to see. When I get back to the lab, I’ll blow the share away and recreate without a default preset. Then set the permissions from Windows Explorer and see what happens.

Johnny_Fartpants · May 13, 2025, 6:14am

No. As mentioned above domain admins can see if they access via a second share point.

Question is do you want automatically created private datasets/directories for your users when they first connect which only they can see (excluding domain admins) or do you want a shared space allowing users to see each others data?

kagbasi-ngc · May 13, 2025, 7:22am

I missed that, my apologies. Yes, I do want automatically created private datasets/directories for my users when they first connect.

I will try creating another SMB share and pointing it to the same path. I’ll report back when I have done this, thanks.