You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: content/SCALE/SCALETutorials/Shares/SMB/AddSMBHomeShare.md
+35-6
Original file line number
Diff line number
Diff line change
@@ -7,14 +7,27 @@ tags:
7
7
- smb
8
8
---
9
9
10
+
{{< hint type=important title="Legacy Feature" >}}
11
+
SMB Home Shares are a legacy feature for organizations looking to maintain existing SMB configurations.
12
+
They are not recommended for new deployments.
13
+
14
+
Future TrueNAS SCALE releases can introduce instability or require configuration changes affecting this legacy feature.
15
+
{{< /hint >}}
16
+
10
17
## Setting Up SMB Home Shares
11
-
TrueNAS offers the **Use as Home Share** option, found in the **Add SMB** and **Edit SMB** screen **Advanced Options** settings in the **Other Options** section, for organizations or SMEs that want to use a single SMB share to provide a personal directory to every user account.
18
+
The **Use as Home Share** option, found in the **Add SMB** and **Edit SMB** screen **Advanced Options** settings in the **Other Options** section, is an available option for organizations or SMEs that want to use a single SMB share to provide a personal directory to every user account.
12
19
13
20
With home shares, each user is given a personal home directory when connecting to the share.
14
21
These home directories are not accessible by other users.
15
22
You can use only one share as the home share, but you can create as many non-home shares as you need or want.
16
23
17
-
Creating an SMB home share requires configuring the system storage and joining Active Directory.
24
+
<!-- Place holders for future tutorials/links below. Update with links to appropriate procedures as part of PD-1252 -->
25
+
Other options for configuring individual user directories include:
26
+
* Configure a single share on the TrueNAS and provision individual user directories on the client OS.
27
+
* Create a single SMB share and configure the ACL so that users can create individual directories on the share that inherit write access for the user and grant read access the administrator.
28
+
* Create an SMB share using the **Private SMB datasets and shares** preset that can create per-user datasets under the umbrella of a single share when users access the share.
29
+
30
+
Creating an SMB home share requires configuring the system storage and provisioning local users or joining Active Directory.
18
31
19
32
### Adding Local Share Users
20
33
Go to **Credentials > Local Users** and click **Add**.
@@ -26,7 +39,23 @@ By default, the user **Home Directory** title comes from the user account name a
26
39
27
40
If existing users require access to the home share, go to **Credentials > Local Users** and edit an existing account.
28
41
29
-
Adjust the user home directory to the appropriate dataset and give it a name to create their own directory.
42
+
Adjust the user home directory to the appropriate dataset and give it a name to create its own directory.
43
+
44
+
{{< hint type="important" title="Home Directory Known Impacts" >}}
45
+
{{< include file="/static/includes/24.04HomeDirectory.md" >}}
46
+
47
+
{{< expand "Why the change?" "v" >}}
48
+
TrueNAS uses the `pam_mkhomdir` PAM module in the pam_open_session configuration file to automatically create user home directories if they do not exist.
49
+
`pam_mkhomedir` returns `PAM_PERM_DENIED` if it fails to create a home directory for a user, which eventually turns into a pam_open_session() failure.
50
+
This does not impact other PAM API calls, for example, `pam_authenticate()`.
51
+
52
+
TrueNAS SCALE does not include the customized version of `pam_mkhomedir` used in TrueNAS CORE that specifically avoided trying to create the `/nonexistent` directory. This led to some circumstances where users could create the `/nonexistent` directory on SCALE versions before 24.04.
53
+
54
+
Starting in SCALE 24.04 (Dragonfish), the root filesystem of TrueNAS is read-only, which prevents `pam_mkhomdir` from creating the `/nonexistent` directory in cases where it previously did.
55
+
This results in a permissions error if `pam_open_session()` is called by an application for a user account that has **Home Directory** set to **/nonexistent**.
56
+
{{< /expand >}}
57
+
{{< /hint >}}
58
+
30
59
31
60
### Adding Share Users with Directory Services
32
61
@@ -62,17 +91,17 @@ Set the **Purpose** to **No presets**, then click **Advanced Options**.
62
91
Scroll down to **Other Options** and set **Use as Home Share**.
63
92
Click **Save**.
64
93
65
-
Enable the **SMB** service when prompted to make the share is available on your network.
94
+
Enable the **SMB** service when prompted to make the share available on your network.
66
95
67
96
After saving the dataset, set the permissions.
68
97
69
98
### Setting Dataset Permissions
70
-
After creating the share and dataset, you can edit permissions using either the **Edit** option on the **Permissions** widget for the dataset, or use the **Edit Filesystem ACL** option for the share on the **Windows (SMB) Share** widget to open the ACL edit screen for the share dataset.
99
+
After creating the share and dataset, you can edit permissions using either the **Edit** option on the **Permissions** widget for the dataset or use the **Edit Filesystem ACL** option for the share on the **Windows (SMB) Share** widget to open the ACL edit screen for the share dataset.
71
100
See [SMB Shares]({{< relref "ManageSMBShares.md" >}}) for more information on editing the share dataset permissions.
72
101
73
102
Click on the new dataset. Scroll down to the **Permissions** widget and click **Edit**.
74
103
75
-
Click the **Owner** dropdown and select the owner, the repeat for **Group**.
104
+
Click the **Owner** dropdown and select the owner, then repeat for **Group**.
76
105
Change the owning group to your Active Directory domain admins. Select **Apply Owner** and **Apply Group**.
77
106
78
107
![GroupDomainAdminsSCALE](/images/SCALE/Datasets/GroupDomainAdmins.png"Set the owning group to Domain Admins")
Copy file name to clipboardexpand all lines: content/SCALE/SCALETutorials/SystemSettings/Services/FTPServiceSCALE.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,7 @@ Go to **Storage** to add a new [dataset]({{< relref "DatasetsSCALE.md" >}}) to u
30
30
Next, add a new user. Go to **Credentials > Local Users** and click **Add** to create a local user on the TrueNAS.
31
31
32
32
Assign a user name and password, and link the newly created FTP dataset as the user home directory.
33
-
You can do this for every user or create a global account for FTP (for example, *OurOrgFTPaccnt*).
33
+
You can do this for every user or create a global account for FTP (for example, *OurOrgFTPaccnt*). Note, however, that you cannot create multiple accounts utilizing the same dataset as your home directory.
34
34
35
35
Edit the file permissions for the new dataset. Go to **Datasets**, then click on the name of the new dataset. Scroll down to **Permissions** and click **Edit**.
Copy file name to clipboardexpand all lines: content/TrueCommand/AdminGuide/Admin/SAML/SAMLGA.md
+12-10
Original file line number
Diff line number
Diff line change
@@ -55,13 +55,13 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
55
55
56
56
{{< trueimage src="/images/SAML/GAAddServiceProviderDetailsCropped.png" alt="GA Add Service Provider Details Cropped" id="GA Add Service Provider Details Cropped" >}}
57
57
58
-
a. Enter the TrueCommand login URL http://*IP:PORT*/saml/acs in the **ACS Url** field.
59
-
*IP:PORT* is your TrueCommand system IP and port address.
58
+
a. Enter the TrueCommand login URL `https://*IP:PORT*/saml/acs` in the **ACS Url** field.
59
+
*IP:PORT* is your TrueCommand system IP with HTTPS port.
60
60
61
61
b. Type any name you want into the **Entity ID** field (ex. truecommand-saml).
62
62
63
-
c. Type the https://*IP:PORT*/saml/helloURL into the **Start URL** field.
64
-
*IP:PORT* is your TrueCommand system IP and port address.
63
+
c. Type the `https://*IP:PORT*/saml/hello` into the **Start URL** field.
64
+
*IP:PORT* is your TrueCommand system IP with HTTPS port.
65
65
66
66
d. Set **Name ID** format to **PERSISTENT**.
67
67
@@ -79,16 +79,18 @@ After you configure SAML in Google Admin, you configure and start the TrueComman
79
79
{{< truetable >}}
80
80
| Parameter | Value |
81
81
|-----------|-------|
82
-
| E-Mail-Addresses | email |
83
-
| Display-Name | given_name |
84
-
| User-Principal-Name | unique_name |
85
-
| Telephone-Number | telephoneNumber |
82
+
| Primary email | email |
83
+
| First name | given_name |
84
+
| Employee ID | unique_name |
85
+
| Phone number | telephone_number |
86
86
| Title | title |
87
87
{{< /truetable >}}
88
+
89
+
Adjust the parameters according to your own organization, where `unique_name` corresponds to the TrueCommand `username` and is the only required attribute. `Primary email` might be desired instead of and if an `Employee ID` is not available.
88
90
89
91
h. Click **FINISH**.
90
92
91
-
5. Verify the information is correct.
93
+
5. Verify the information is correct.
92
94
Select **TEST SAML LOGIN** in the **tcsaml** area on the left side of the screen to open the **TrueCommand SAML Test** screen.
0 commit comments