NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
When I use Authentication - Access Type - Local User , then I can no longer have access to the share
Hello everybody,
after changing the authentication mode in my ReadyNas OS 6.10.3 from Active Directory to Local User I can no longer obtain the desired access for my share.
With Active Directory authentication there were never any problems. I created my shares and associated the various users (taken from active directory) in read-only or read-write without problems.
While now with Local User authentication, I can't find myself unable to gain access to a particular user the share I want.
I use my real case as an example. My ReadyNas is called "NAS01" and has set up the workgroup with the name "DPPNAS",
It is part of a Windows network consisting of all win10 1909 systems and some win2016 or win 2012r2 servers.
In NAS01 I created a "CPYBK" share and created a "TEST" user.
I then set the Network Access and File Access permissions for the TEST user for read-write.
When I try to connect to the share CPYBK from my PC win10 or from a win2016 server I get the following message "Network Error".
Windows cannot access \\ NAS01 \ CPYBK
Check the spelling of the name. Otherwise there might be a problem with your network. To try to identify and resolve network problems, click Diagnose.
At this point I use the IP address instead of the name and I get a new "Network Error" message
Windows cannot access \\ 192.168.10.96 \ CPYBK
You do not have permission to access \ 192.168.10.96 \ CPYBK. Contact yor network administrator to request access.
But it is not a name problem because NAS01 is inserted both in the DNS services and also in the HOSTS file of the server or of my pc used for these tests.
If in the CPYBK share, I give Everyone read-write permissions and check the "Allow Anonymous Access" for both Network Access and File Access, then I finally have access to the share.
But in this case I can create files but I can no longer delete them. In short, I'm going crazy. Can anyone help me?
I have other NAS of other brands and in those just create the share and associate a local user with read / write permissions and everything works without any complication. Please help me. Thanks
Bob
Bob245 wrote:
But you have to share CPYBK with "network access" and "file access" everyone and anonymous permissions otherwise you can't get anything.
If I create a folder in the share this is without any permission (I see this by Windows Explorer).I'm confused about what you are seeing right now. I guess you could look at the ACL for the share using ssh.
But generally I recommend Everyone access on the file access tab (and also checking the box granting deletion/renaming to non-owner of files). Then use network access alone to control access. That assumes that it's ok for everyone who's allowed to access the share to have access to all the files and folders in it.
You shouldn't be needing to allow anonyomous access in network access.
So maybe start with full access for everyone in file access, and then tighten up the network access - making sure that works. Then you can try reducing file access if that is necessary.
I don't use AD myself. But the general behavior with Windows is that it will by default present the Windows login/password to the NAS when the share is accessed. If the account isn't recognized by the NAS, then anonymous access is needed to access the NAS (though Windows security policies also kick in here). If the account is recognized by the NAS, but the password is wrong, then access is denied even if anonymous access is enabled for the share.
So w/o AD on the NAS, you can either
- Use the Windows Credential Manager to apply the appropriate NAS account credentials on each PC that can access the NAS
- Manually create user accounts on the NAS to match the user names for the accounts for which you want to allow access, and make sure the passwords on the NAS match the PC logins
Personally I'd go with NAS accounts that don't match the AD username/passwords. But that might depend on your threat model.
7 Replies
Replies have been turned off for this discussion
Bob245 wrote:
In NAS01 I created a "CPYBK" share and created a "TEST" user.
I then set the Network Access and File Access permissions for the TEST user for read-write.
...Windows cannot access \\ 192.168.10.96 \ CPYBK
You do not have permission to access \ 192.168.10.96 \ CPYBK. Contact yor network administrator to request access.Try running CMD and then entering
net use * /delete /y net use t: \\192.168.10.97\CPYBK /user:TEST TESTpassword
where TESTpassword is the password you configured for that user.
The first command terminates any SMB sessions on the PC; the second attempts to map the share to drive letter T. Be careful on the typing (both spaces and slash direction), as the resulting errors can be quite cryptic.
If that works (it should), then you need to open the Windows credential manager and enter the appropriate windows credential for the NAS. Note that if you want to use both the IP address and the hostname you will need credentials for both. Unfortunately this will need to be done on every PC that accesses the NAS.
On the hostname problem, first check the NAS SMB settings (system->settings->services->smb), and make sure "legacy SMB discovery" is checked. If the NAS isn't using DHCP, then it could be a DNS issue (related to no longer using AD). Several (not all) users have reported issues with hostname resolution with Windows - a practical but annoying work-around is to add it to the hosts file on the PCs that have the problem.
Hi Stephen,
1) net use * /delete /y is very usefull and
net use t: \\192.168.10.96\CPYBK /user:TEST TESTpassword it work but: in the command prompt if i use T: I get "Access Denied"
then the mapped drive "T:" is not present on windows explorer....
2) SMB settings (system->settings->services->smb), it has always been set to "legacy SMB discovery"
3) all pc/server that use NAS01 have in windows\system32\drivers\etc\hosts the entry
192.168.10.96 NAS01
The nas01 have a Fixed IP
I will give you more information and do other tests after Easter. Thanks!!
Bob
Bob245 wrote:
net use t: \\192.168.10.96\CPYBK /user:TEST TESTpassword
it work but: in the command prompt if i use T: I get "Access Denied"
then the mapped drive "T:" is not present on windows explorer....
Interesting. Maybe try resetting the file permissions on the share? (clicking on "reset" on the file access tab).
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
