Read Me

Have you spent hours like myself trying to make bloody SMB shares functioning so that any user and or machine, regardless if domain joined or not, can access the share without bloody credentials? You’ve have come to the right place as Gault says in Rambo, minus the preceding line of “If you’re looking for trouble” as we don’t want any of that now don’t we?

This post covers the configuration of SMB file shares so that you can get your Windows boxes accessing such shares without security and without any changes to say to group policy. Yes, you read right, no security and no changes to accommodate such inclusion.

The implications of such a deployment are something you are aware of and yadda yadda yadda…zzz zzz. This whole thing is quick and dirty, something that you can get working in your environment temporarily to be torn down later or not.

TrueNAS Prerequisites

This post does not cover the installation of TrueNAS itself. If you need a hand for this have a Google, Bing or Duck. Before you continue, ensure you are at least somewhere a stage like below:

  1. TrueNAS deployed, configured and accessible via IP
  2. Storage pool created
  3. Storage dataset created

Creating a TrueNAS SMB Share

  1. Expand Sharing > select Windows Shares (SMB) > Click Add.

    Screenshot of creating a Windows SMB share in TrueNAS Core.

    Adding a new SMB Windows share.

  2. Select the dataset to share. In my case, the dataset I wish to create an SMB share for dataset test_dataset01. Provide a name for your share. Be sure to expand Advanced Options and ensure you check Allow Guest Access.

    Screenshot of TrueNAS Core dataset selection to enable Guest Access.

    Ensure you check Allow Guest Access when selecting the dataset.

  3. If not already, the SMB service needs to be enabled and started automatically. TrueNAS will do this for you when you create any share type. Go ahead and click enable service. TrueNAS will enable and run the SMB service automatically from now on.xw

    Screenshot of TrueNAS Core using the `ENABLE SERVICE` for the newly created SMB share.

    You won’t get this window if the service is already enabled.

  4. As we have yet to configure the ACL, we get the following prompt. Think of this as your NTFS permissions. Though we previously configured the share permissions (which determines access over the network) we now need to configure access for the local files and or directories themselves.

    Screenshot of TrueNAS Core prompting to configure ACLs.

    Configure the ACL now to enable local file and share access.

  5. Select the preset ACL of open and click continue.

    Screenshot of TrueNAS Core, selecting a preset ACL.

    Luckily it is as simple as setting option to OPEN.

  6. The preset will have everything filled in for us and we just ought to ensure that the default permissions are applied recursively.

    Screenshot of TrueNAS Core by applying ACLs.

    Ensure you set check both checkboxes.

  7. You are ready to access your newly created SMB share. Now depending on how you TrueNAS instance running, you will need to access it via its addressing. This could be its IP address or hostname. In my case, I type into Windows File Explorer (and no, not Windows Internet Explorer) the IP address of TrueNAS and wack enter. We see an SMB share on this server!

    Screenshot of working share made with TrueNAS Core.

    Though the share appears, can we access it?

  8. Most congratulations on your success in creating a truly insecure SMB share! You can do away to your heart’s content (and anyone else’s I add). Create, modify or delete anything be it files, directories or permissions. No prompts, no credentials, nothing, nothing and nothing to stop you!

    Screenshot of an open SMB share in TrueNAS Core.

    One truely open and insecure Windows SMB share!

Resources

  1. Me.
  2. TrueNAS documenation that I lost URLs long time ago :( …