SMB Shares

Export ZFS filesystems as SMB shares for Windows, macOS, and Linux clients. MayaNAS supports SMB with optional Active Directory integration and share-level ACLs.

Access

Navigate to SMB Shares in the Web UI sidebar.

Create an SMB Share

1. Click New
2. Select a ZFS filesystem
3. Configure share options:

Field	Description	Default
Volume	ZFS filesystem to share	—
Share Name	Name visible to SMB clients	Volume name
Options	SMB share options	—

4. Click Create

Manage Shares

Bind (Export)

Select an inactive share and click Bind to start serving it via SMB.

Unbind (Unexport)

Select an active share and click Unbind to stop serving.

Security (ACLs)

For online shares, click Security to configure share-level ACLs:

1. Select the share (must be online)
2. Click Security
3. Configure ACL entries (users/groups and permissions)
4. Click Apply

Delete

Select a share and click Delete to remove the mapping.

Connect from Clients

Windows

# Map network drive
net use Z: \\<VIP>\sharename

# With credentials
net use Z: \\<VIP>\sharename /user:DOMAIN\username

Or use File Explorer: \\<VIP>\sharename

Linux

# Mount with CIFS
sudo mount -t cifs //<VIP>/sharename /mnt/share \
  -o username=user,password=pass

# With Kerberos (AD-joined client)
sudo mount -t cifs //<VIP>/sharename /mnt/share \
  -o sec=krb5

macOS

Finder: Go > Connect to Server then enter smb://<VIP>/sharename

Active Directory + Native Windows ACLs

When MayaNAS is joined to Active Directory (see Active Directory & Kerberos), SMB shares get the full Windows enterprise feature set:

• Native NTFS ACLs via vfs_zfsacl — full NTFS round-trip fidelity. NFSv4 ACLs are the authoritative ACL store, so Windows clients see real Windows ACLs, not lossy POSIX-to-NTFS translations
• Windows Previous Versions via vfs_shadow_copy2 — ZFS snapshots appear in the Properties → Previous Versions tab in Windows Explorer. Users restore prior file versions themselves, no admin tickets
• Samba security = ADS — Samba is configured in AD-joined mode with winbind for SID-to-UID mapping
• Domain user authentication — AD users authenticate transparently with their domain credentials
• Kerberos SSO — domain-joined Windows clients use existing Kerberos tickets (no password prompt)
• Group-based access control — AD security groups enforce share permissions
• Cross-protocol identity — same user, same permissions, accessible via SMB or NFS (Kerberos krb5/krb5i/krb5p). SSSD handles NSS/PAM, winbind handles SMB SID mapping — no ID-mapping spreadsheets to maintain

Standalone Windows mode (without AD)

For environments without Active Directory, MayaNAS supports a standalone Windows ACL profile:

• vfs_zfsacl + vfs_shadow_copy2 still work
• Local users (created via User Management) carry NTFS ACLs
• Same Windows-fidelity ACL story without a domain controller

Local Users for SMB

If not using Active Directory, create local SMB users via User Management:

1. Navigate to User Management
2. Click Add User
3. Enable the Samba authentication checkbox
4. Set a password

The user can then authenticate to SMB shares with these credentials. See User Management for details.

CLI

# Create an SMB share
mayacli create mapping volume=tank/shared controller=smb

# Export (bind) a share
mayacli bind mapping volume=tank/shared

# Unexport (unbind)
mayacli unbind mapping volume=tank/shared

# Show all SMB mappings
mayacli show mapping controller=smb

# Delete a share mapping
mayacli delete mapping volume=tank/shared controller=smb

# Create a local SMB user
mayacli create creds smbuser type=user samba=yes password=secret123

# Create an SMB user (prompt for password)
mayacli create creds smbuser type=user samba=yes password

See CLI Guide for the full command reference.