I have been seaching for a guide on setting up the “Use as Home Share” function in Truenas (12U6) with active directory users.
I have an working AD with two domain controllers, dns, dhcp etc…
I can get it to work with truenas local users, but I was hoping it could work for existing AD users too, so that AD users would get thier own home folder through truenas when they log in on windows 10 pc´s…
The purpose is to get rid of my W2K19 file server.
I have created the dataset for the home share, and set the permission to User:root and Group:[AD]\Domain Admins, and ACL preset to HOME. I have set the share option to “Purpose: No presets” and “Use as Home share”.
I’ll have to come back to this, but it’s pretty simple. As long as the domain users have permissions on that share, you specify the home folder in the user account. Make sure that permissions do not recursively get applied or everyone will be able to see everyone else’s files.
I’ll have to log into my server in a bit and look at the specific permissions given to my user share.
From memory I have Me as highest level, domain admins as a second level, and domain users as a third. When the user logs in they create a folder (automatic) and this folder is now assigned creator/owner permissions which should keep other users from seeing the contents.
Also in AD you need to set a policy so that Administrators have permission in user shares, if you don’t then you can never help a user fix their shares when things go bad. That’s a setting a made too many years ago to remember where it is located.
I have tried it all - I simply dont get it to work…
I can make all the other shares i want and they work fine.
But AD User home folders dont work, as they do on windows server.
I have a windows domain group policy eg. \fs02%username% which automatically makes a H-drive when a windows user logs in - and it works fine on windows server 2019.
I want the same to happen on truenas core - Please help
OK, I looked at what I recently did when I moved people from one share to another.
There are Owner and Group not shown in the ACL, I am owner, I have a faculty security group that also has full permissions (might be a mistake with some of my faculty), faculty grades projects from this storage. Attached is the ACL for the users, note the Not Inherited in the bottom, that is very important. Also note the full control of the folder, I need to look into this more and tighten that down, but we have a low security demand and no personal information is kept on these shares unless the student puts it there, none is required.
Next I have the user profile from my AD, the usernames are normally set as %username% and as you know they are parsed when the account is created. As soon as they log on for the first time, a folder is created and permission get assigned to “Creator/Owner” and inherited down through that single folder. This prevents people from seeing inside other folder. Again the full control of the “root” level of the share can probably be tighter and something I need to play with when time allows.
Yes I use roaming profiles, there are a bunch of reasons for that based on the software we use and the junk that software needs as students move from one computer to another.
After that, I’m afraid there isn’t much more I can offer. I think this system was originally built on Freenas 10 and upgraded to 11.3-Ux, I had a AD bug that needed some work when I tried to go up to 12, something I need to revisit and fix. That said, I have 12 working in other locations, but not with AD integration (yet).
I got it working, with group policy in AD, and the HOME folders for each user is also working, and the individual users are not able to see/login to other HOME folders.
I dont use the Home Folder in user proberties, I use gp with %USER% argument - and its fine.
However, sometimes when I come to work and I login on a windows 10/11 client pc, I do not get my network drives…
I can still browse the truenas shares and map them manual.
And then if I run gpupdate /force, I sometimes get them back but other times it still do not work.
I have never seen this behavior on a windows file server installation.
It seems to my that truenas sometimes looses the AD connectivity…??? Any ideas
I have never tried mapping drives through GP, I always map them in the user account. But I’d guess that you having a group policy issue, not a Truenas issue. GP does funny things if it thinks the client might have a slow connection, and then often skips over parts of the policies. I’ve noticed that a few times in the past.
You can script the home drive mapping during user creation if you have a lot of user turn over like I do with students, and since that has almost always worked, I just keep doing it this way. Once in a while a user may need to log out and back in to get their folder, but it is fairly rare. I’d have to look up the direct header info for the home folder mapping for a regular script, normally I import a CSV into SolarWinds free user import tool and it aligns things for me.