[[fester:shares_basic]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
fester:shares_basic [2017/06/19 10:52] – [Share Creation and Configuration] adminfester:shares_basic [2017/06/19 11:18] (current) – [Windows Client Configuration] admin
Line 20: Line 20:
  
 ===== Share Creation and Configuration ===== ===== Share Creation and Configuration =====
 +
 +==== User Creation ====
  
 Go to the “Accounts” page (1) and click the “Add Group” button (2). Go to the “Accounts” page (1) and click the “Add Group” button (2).
Line 76: Line 78:
  
 {{:fester:8ab0ad58bb5aa9f8ea2304d920d2422d.png}} {{:fester:8ab0ad58bb5aa9f8ea2304d920d2422d.png}}
 +
 +==== Dataset Creation ====
  
 Now we need to create the dataset. Now we need to create the dataset.
Line 89: Line 93:
 From these buttons click on the one that creates a dataset (2). From these buttons click on the one that creates a dataset (2).
  
-PLACEHOLDER+{{:fester:f92e6f8a87ed14753f4c160a0b109a76.png}}
  
 A new smaller window will pop up for creating the dataset. A new smaller window will pop up for creating the dataset.
Line 105: Line 109:
 Now click the “Add Dataset” button (6). Now click the “Add Dataset” button (6).
  
-PLACEHOLDER+{{:fester:3c5488f54c32483e3941af22227f0ac0.png}}
  
 The dataset will now be created and you should see something like this. The dataset will now be created and you should see something like this.
  
-PLACEHOLDER+{{:fester:16635150d64c83f279b3200ab48c383f.png}}
  
 Remain on this screen and select the newly created dataset (1) if it is not selected already (in Fester’s case this was TestShare). Remain on this screen and select the newly created dataset (1) if it is not selected already (in Fester’s case this was TestShare).
Line 115: Line 119:
 Now click on the change permissions button (2). Now click on the change permissions button (2).
  
-PLACEHOLDER+{{:fester:f198d3f67752659318b0e283df9ef262.png}} 
 + 
 +A new window will pop up for changing the permissions of the new dataset. 
 + 
 +Leave the “Apply Owner (user):” tick box (1) at its default setting (with a tick). 
 + 
 +In the “Owner (user):” drop down selection box (2) select the new user you created a moment ago (in Fester’s case this was TestUser). 
 + 
 +Leave the “Apply Owner (group):” tick box (3) at its default setting (with a tick). 
 + 
 +In the “Owner (group):” drop down selection box (4) select the new group you created a moment ago (in Fester’s case this was TestGroup). 
 + 
 +Leave the “Apply Mode:” tick box (5) at its default setting (with a tick). 
 + 
 +If you have chosen “Windows” as the Permission Type then the “Mode:” tick boxes (6) will be greyed out so you can not alter them. FreeNAS will prevent you from making alterations here and is correct to do so. This is because if you did you could break the share. 
 + 
 +Set the “Permission Type:” radio button (7) to match the clients on your network (Fester has mostly Windows machines so I set this to **Windows**). 
 + 
 +Put a tick in the “Set permission recursively:” tick box (8). 
 + 
 +Now click the “Change” button (9). 
 + 
 +{{:fester:5ad5f0ce29f6b24d18ed2811328f89a7.png}} 
 + 
 +==== Share Creation ==== 
 + 
 +Now we need to create a CIFS share. On a network that utilises predominately Windows clients this is a good choice. 
 + 
 +Go to the “Sharing” page. 
 + 
 +{{:fester:3aaa0b6fe2d6bfde321c6c5a79c2d284.png}} 
 + 
 +Now click the “Windows (CIFS)” button (1) and then click the “Add Windows (CIFS) Share” button (2). 
 + 
 +{{:fester:9993271b972a8e10c4b9b70bef7a8ba5.png}} 
 + 
 +A new smaller window will pop up. 
 + 
 +In the “Path:” section click the “Browse” button. 
 + 
 +{{:fester:a7da52b7df403b489d0edcee0b222e55.png}} 
 + 
 +The window should now expand a little and allow you to navigate to the newly created dataset (1). 
 + 
 +When you have it selected click the “Close” button (2). 
 + 
 +{{:fester:b0f78f8076efa5d2a9970f4e0b4dd125.png}} 
 + 
 +The “Path:” text box (1) should now display the chosen dataset. 
 + 
 +Do not tick the “Use as home share:” tick box (2) at the moment. 
 + 
 +Give the share a name in the “Name:” text box (3). 
 + 
 +Put a tick in the “Apply Default Permissions:” tick box (4) if a tick is not present. 
 + 
 +Do not tick the “Allow Guest Access:” tick box (5). 
 + 
 +Now click the “OK” button (6). 
 + 
 +{{:fester:2d42d97391a0c05c9ee7586158d5421c.png}} 
 + 
 +If all goes well you will see the newly created CIFS share entry (1). 
 + 
 +You will now be asked if you wish to enable the CIFS share service. 
 + 
 +Click the “No” button (2). 
 + 
 +{{:fester:00642aaa11a2955b12aff69c4eecdc93.png}} 
 + 
 +==== CIFS/SMB Configuration ==== 
 + 
 +Now go to the “Services” page. 
 + 
 +{{:fester:91f9c957b109e4f4bd41d2f8a69e1a6c.png}} 
 + 
 +Click on the little spanner next to the “CIFS” service (1). 
 + 
 +A new window will pop up. 
 + 
 +The NetBIOS name will already be present in the “NetBIOS Name:” text box (2). 
 + 
 +In the “Workgroup” text box (3) type in the name of the workgroup you want to use on the client machines (Fester used **T ESTWORKGROUP** because it is an experimental starter share). If you don’t know your Workgroup then skip to the relevant section on how to do this. 
 + 
 +Type in a good name for the CIFS share in the “Description:” text box (4). 
 + 
 +Do not alter the default values of the “DOS charset:”, the “Unix charset:” and the “Log level:” (5). 
 + 
 +Leave the “Use syslog only:” (6) at its default (no tick). 
 + 
 +Make sure the “Local Master:” tick box (7) is ticked. 
 + 
 +Leave “Domain logons:” (8) unticked. 
 + 
 +Leave “Time Server for Domain:” (9) ticked. 
 + 
 +Leave “Guest account:” (10) at **nobody**. 
 + 
 +{{:fester:2a2d2d7d286a4cacbab325269bd5dba1.png}} 
 + 
 +Do not put anything in the “File mask:” and “Directory mask:” text boxes (11) unless you really understand UNIX permissions (Fester can’t help you here). 
 + 
 +Do not tick the “Allow Empty Password:” tick box (12) as this weakens the security of the share. 
 + 
 +Leave the “Unix Extensions:” and “Zeroconf share discovery:” tick boxes (13) as they are. 
 + 
 +Untick the “Hostnames lookups:” tick box (14) otherwise you will keep getting a name mismatch error. 
 + 
 +Set the “Server maximum protocol:” (15) to SMB2. 
 + 
 +Leave the “Allow execute always:” tick box (16) in its default setting (with a tick). 
 + 
 +{{:fester:489723f6679124dfba84823be1ab326f.png}} 
 + 
 +Fester has no idea what the “Obey pam restrictions:” setting (17) actually does. I just leave it ticked, but I have no idea how it should be set. 
 + 
 +Don’t tick any of the IP address text boxes (18) in the “Bind IP Addresses:” section. 
 + 
 +The “Idmap Range Low:” and “Idmap Range High:” settings (19) Fester does not touch as I don’t know what they do. 
 + 
 +Now click on the “OK” button (20). 
 + 
 +{{:fester:a109970aacd81e20d3a93866f3a9b3e9.png}} 
 + 
 +__Do not turn on the CIFS share service yet__. We first need to check if the Workgroup on the Windows client is set correctly. 
 +==== Windows Client Configuration ==== 
 + 
 +Click on the “Start” button and go into the “Control Panel” in Windows and select “System and Security” (this was on a Windows 7 machine). 
 + 
 +{{:fester:285f02e0814b9fc4ae4714f33f0b8c97.png}} 
 + 
 +Now click on “System”. 
 + 
 +{{:fester:ed861c178031eea4b90cdaac607cb5fd.png}} 
 + 
 +In the “System” page we can see the Workgroup is set to **TWERKGROUP** (1). This must be changed to match the Workgroup name you created in the CIFS settings a moment ago (in Fester’s case this was TESTWORKGROUP). 
 + 
 +Click on “Change settings” blue text (2) to access the screen where we can change the Workgroup name. 
 + 
 +You will probably be asked for the administrator’s password at this point. 
 + 
 +{{:fester:07d89cce9015759fdc43adf1350bcbc8.png}} 
 + 
 +A smaller window will now pop up. 
 + 
 +Click on the “Change” button. 
 + 
 +{{:fester:ffe170aa4d994b093a3a19feb04f52a0.png}} 
 + 
 +Another window will now pop up. 
 + 
 +Change the text in the Workgroup text box (1) to the one you created in the CIFS settings page (in Fester’s case this was **TESTWORKGROUP**) and click the “OK” button (2). 
 + 
 +{{:fester:15d826e4f7390cf28c497a89ad06ffde.png}} 
 + 
 +Yet another window will pop up showing the Workgroup has now been changed. 
 + 
 +Click the “OK” button. 
 + 
 +{{:fester:351ba8f0155e35a283ef240ea8495d77.png}} 
 + 
 +A message window will now appear telling you the changes will be implemented when the computer is restarted. 
 + 
 +Click the “OK” button. 
 + 
 +{{:fester:29e80c4aaacfffcb06eb183c3689f9ac.png}} 
 + 
 +As can be seen from the next screen shot the Workgroup has been changed to “TESTWORKGROUP” (1). 
 + 
 +Click the “Close” button (2). 
 + 
 +{{:fester:7977462292e4639533049286a0bcc4e7.png}} 
 + 
 +The system will now ask to be restarted. This must be done before going any further. 
 + 
 +Close any open windows, save and close any open programs, etc. 
 + 
 +Now click on the “Restart Now” button. 
 + 
 +{{:fester:a2a1f060b969997f6143576c85ae83bd.png}} 
 + 
 +That’s the Windows Workgroup configured. 
 + 
 +The client computer will now reboot, when it does log back into the FreeNAS GUI. 
 + 
 +==== Enable CIFS/SMB Service ==== 
 + 
 +Now go to the "Services" page. 
 + 
 +{{:fester:91f9c957b109e4f4bd41d2f8a69e1a6c.png}} 
 + 
 +Turn on the CIFS share service. 
 + 
 +{{:fester:9c896640f45eb78c4ba4c574a172a198.png}} 
 + 
 +Give the server some time to get the share up and running, then it is time to map the network folder to a drive letter. 
 + 
 +==== Mapping the share to a drive letter ==== 
 + 
 +On the Windows client click on the “Start” button and go into “Computer” (this was on a Windows 7 machine). 
 + 
 +This should bring up a window that shows all the hard drives and any other devices connected to the Windows computer. 
 + 
 +Click on the “Map Network Drive” button. 
 + 
 +{{:fester:ad8674121658f676c199d1522feae02f.png}} 
 + 
 +From the “Drive:” drop down selection box (1) chose the drive letter you wish to assign to the shared folder (Fester accepted the default **Z** letter). 
 + 
 +Now click the “Browse…” button (2). 
 + 
 +This will cause a window to pop up. 
 + 
 +Navigate to the location of the shared folder by clicking on the server (in this case TestNAS1) (3) and then clicking on the shared folder itself (in this case Fester’s TestShare) (4). 
 + 
 +Now click the “OK” button (5). 
 + 
 +The shared folder’s path name should appear in the “Folder:” text box (6). 
 + 
 +Tick the “Reconnect at logon” Tick box (7). 
 + 
 +Now click the “Finish” button (8). 
 + 
 +{{:fester:6a37b15c4f92514567c5cce73bf14fad.png}} 
 + 
 +{{:fester:4498ea47a21b30f4956d1f1715388dd7.png}} 
 + 
 +At this point another window will pop up and ask you for the username and password for the share. 
 + 
 +The name of the server is shown next to the text at the top of the window (1). 
 + 
 +Type in your username in the first text box (2) (in Fester’s case this was **TestUser**). 
 + 
 +Now type in your password in the second text box (3) (in Fester’s case this was **test**). 
 + 
 +If you don’t want to type in your username and password exact time you log into your client machine then tick the “Remember my credentials” tick box (4). 
 + 
 +Now click the “OK” button (5). 
 + 
 +{{:fester:ae6daec7c9a542646db78245c8133142.png}} 
 + 
 +If all has gone well you should find yourself in the shared folder. Here you can create other folders and save files. Test this to make sure there are no permissions problems. 
 + 
 +The shared folder will now appear as another drive on your system and should look something like this. 
 + 
 +{{:fester:aa3ccd5f757d3220edf0042cb21196f3.png}} 
 + 
 +That’s the starter share done. 
 + 
 +If you want to play with the permissions for this share then feel free. It is the only real way to learn about these things. 
 + 
 +Remember the permissions for a share on Windows clients are in two parts. 
 + 
 +Part one is the “Share” permissions and part two is “NTFS” permissions. 
 + 
 +==== Share Permissions ==== 
 + 
 +“Share” permissions relate to the permissions of the actual shared folder on the server. 
 + 
 +Be very careful changing these. The FreeNAS GUI will stop you making most catastrophic changes to the permissions that would otherwise break the share. 
 + 
 +However, if you go behind the GUI to the command prompt you could really mess things up. Do not use the **chmod** command here or you will probably break the share. Use the **getfacl** and **setfacl** commands. 
 + 
 +Another way you can alter the “Share” permissions is by using an application that runs on the client specifically for this purpose. I have not used any of these programs so I cannot comment on how useful or easy they are to use. However, you still need to be careful when using them because you are still going behind the FreeNAS GUI here. 
 + 
 +==== NTFS Permissions ==== 
 + 
 +“NTFS” permissions relate to the permissions you set for the shared folder on the client side through the Windows OS. 
 + 
 +It is considered good practice (this is debateable) to leave the “Share” permissions as they are and lock down the share using NTFS permissions. This has the advantage of controlling the share regardless of how it is accessed (i.e. locally or via a network). 
 + 
 +It is much easier for the beginner and those that are unfamiliar with Linux or FreeBSD to configure permissions in this way as the permissions are controlled by a series of tick boxes (not cryptic commands). As long as you understand what each of the settings mean you should be fine. 
 + 
 +However, be careful as it is possible using the “Everyone” group to lock yourself out of the share (Fester did this and could not regain control of the share).
  
  
  • fester/shares_basic.txt
  • Last modified: 2017/06/19 11:18
  • by admin