SMB Share Creation
6 minute read.Last Modified 2023-11-30 10:15 EST
SMB (also known as CIFS) is the native file sharing system in Windows. SMB shares can connect to any major operating system. This includes Windows, MacOS, and Linux.
TrueNAS can use SMB to share files among one or many users or devices. SMB supports a wide range of permissions and security settings. SMB can support advanced permissions (ACLs) on Windows and other systems. SMB also supports Windows Alternate Streams and Extended Metadata. SMB is suitable for the management and administration of large or small pools of data.
TrueNAS uses Samba to provide SMB services. There are many versions of the SMB protocol. During SMB session negotiation, an SMB client attempts to negotiate the highest SMB protocol. Industry-wide, the usage of the SMB1 protocol (sometimes referred to as NT1) is being deprecated for security reasons. However, most SMB clients support SMB 2 or 3 protocols, even when they are not the default protocols.
Legacy SMB clients rely on NetBIOS name resolution to discover SMB servers on a network. The NetBIOS name server (nmbd) is disabled by default in TrueNAS. You can enable it in Network > Global Configuration if this functionality is required.
MacOS clients use mDNS to discover the presence of SMB servers on the network. The mDNS server (avahi) is enabled by default on TrueNAS.
Windows clients use WS-Discovery to discover the presence of SMB servers. Check the version of the Windows client. In some versions of the Windows client, the default settings disable network discovery.
Discoverability through broadcast protocols is a convenience feature. It is not required to access an SMB server.
It is best practice to use a dataset instead of a full pool for SMB and/or NFS shares. Sharing an entire pool makes it more difficult to later restrict access if needed.
For the new SMB share, the recommendation is to create a new dataset and set the Share Type to SMB.
Create the ZFS dataset with these settings:
- aclmode = “restricted”
- case sensitivity = “insensitive”
A default Access Control List is also applied to the dataset. This default ACL is restrictive and only allows access to the dataset owner and group. You can change this ACL later according to your use case.
By default, all new local users are members of a built-in SMB group called builtin users. You can use this group to grant access to all local users on the server. You can use additional groups to fine-tune permissions to large numbers of users. User accounts built-in to TrueNAS cannot access SMB. User accounts that do not have the smb flag set cannot access SMB.
After creating a dataset and the needed accounts, determine the access requirements and adjust the dataset ACL to match. To edit the ACL, go to Storage > Pools, open the options for the new dataset, and click Edit Permissions. Many home users often add a new entry that grants this access: FULL_CONTROL to the builtin_users group with the flags set to INHERIT. See the Permissions article for more details.
To create a Windows SMB share, go to Sharing > Windows Shares (SMB) and click ADD.
The Path and Name of the SMB share define the smallest amount of information required to create a new SMB share. The Path is the directory tree on the local filesystem exported over the SMB protocol. Name is the name of the SMB share. This forms a part of the full share path name when SMB clients perform an SMB tree connect. Name must be less than or equal to 80 characters in length. Name must not contain any invalid characters. Microsoft documentation MS-FSCC section 2.1.6 lists these invalid characters. The last component of the value in Path becomes the share name if Name is blank or empty.
You can set a share Purpose to apply and lock pre-defined advanced options for the share. To keep full control over all the share Advanced Options, choose No presets.
You can specify an optional value in Description to help explain the purpose of the share.
Enabled shares this path when the SMB service is activated. Clearing Enabled disables the share without deleting the configuration.
See SMB Share Screen for more information on SMB Share settings.
Connecting to an SMB share does not work when the related system service is not activated. To make an SMB share available on the network, go to Services and click the SMB toggle to start the service. If you want the service to activate whenever TrueNAS boots, select Start Automatically.
See SMB Service Screen for more information on SMB services settings.