NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Samba share access permissions not making sense
I just noticed that access permissions for SMB shares on my ReadyNAS102 don't seem to be working. When I set up my RN102 sereval years ago I was a bit lazy and just set up all my shares as read/w...
Digsy wrote:
The CCTV share is the only share that I want to require a username and password for, but when specify this username in Network Access and I supply credentials for it when I try to connect, it doesn't work unless I use the command line.Windows won't accept my username and password as valid, but the command line will.
Obviously this is a Windows issue.
If you entered the credential in the Windows Credential Manager, then you shouldn't be needing to enter the username at all. If you also entered the password there, you shouldn't be needing to enter that either.
Are you entering \\nas-ip-address\sharename in the file explorer address bar to access the share?
One thing to keep in mind - Windows only allows one set of credentials per machine at a time. And if you first access the NAS w/o a credential, Windows will still use one - it defaults to using the Windows Login. You can clear that using the net use * /delete /y command. So perhaps just try that command, and then see if the file explorer will take your credential.
Digsy wrote:
Any thoughts, anyone?
Without more details on your settings, we can't offer much advice.
There are File Permissions (which apply to all protocols - in your case both FTP and SMB), and there is Network Access, which needs to be set up separately for each protocol. Both need to be set up to allow access, but either can result in denied access.
My general advice here is to set up the File Permissions so that everyone can access the underlying files. Then control access with Network Access alone. That is generally simpler.
In your specific case with denied access. I suggest starting by resetting the file permissions for the share, and see if that allows you to access the files over SMB. Check the box next to "Grant rename and delete privileges" before you click on the reset control. The CCTV system might be using very restrictive file permissions when it creates the files - resetting the permissions will change that so they match the configuration on the share.
For your test share, try creating a test account, and put it in test group (not users). Then try enabling read-only network access to the test group, but no access to the users group. Also set read/write access for the test account, but not for the CCTV account. Then see if that allows access when you access the NAS with the test account credentials, but denies access when you use the CCTV account credentials.
You do need to be careful when testing share access with Windows, as it often isn't applying the user credentials that you think it is. So if you are using Windows, then I suggest testing access directly with the windows command line. You launch this by typing CMD in the windows search box.
Test access to a share by entering
net use * /delete /y net use t: \\nas-ip-address\sharename /user:username password
using actual values instead of the blue placeholders of course. Be careful on the typing - particularly with spaces and the slash directions.
The first command terminates any open SMB sessions in the PC, the second attempts to mount the NAS share as drive letter T. If you want to test with multiple NAS accounts, make sure you enter the both commands every time.
Thanks for the detailled reply. I sem to have fixed this now but I still don't understand how / why.
When gong into the File Access section for the share, I noticed that although the folder owner name was set to my master CCTV account, there was no tick against "Folder Owner" for either Read nor Read/Write access, although Rear/Write was ticked for "Folder Group". Bear in mind that this was working fine for HTTP (reading via the web viewer) and write (via FTP) but not for SMB.
I guess I had accidentally locked my master CCTV account out by granting neither read nor read/write access, but I don't understand why SMB should behave differently to FTP or HTTP where this setting is concerned.
Also, it seems (as you suggest) that I can only map this particular share from the command line and not from inside Explorer - again, no idea why.
As I have a solution I haven't done all your troubleshooting steps, but here are my settings for this share:
Network access:
For SMB:
Admin (group): Read / Write
Admin (user): Read / Write
CCTV master (user): Rear / Write
No others ticked
For FTP:
Admin (group): Read / Write
Cameras (group): Read / Write
Admin (user): Read / Write
CCTV master (user): Rear / Write
No others ticked
For HTTP:
Admin (group): Read / Write
Cameras (group): Read / Write
Admin (user): Read / Write
CCTV master (user): Rear / Write
No others ticked
File access:
Folder Owner: CCTV master
Folder Group: Cameras
"Grant rename and delete...": ticked
Everyone (group): Read/Write
Folder Owner (user): Read/Write
Folder Group (group): Read/Write
Admin (group): Read/Write
Admin (user): Read/Write
No others ticked
Digsy wrote:
Also, it seems (as you suggest) that I can only map this particular share from the command line and not from inside Explorer - again, no idea why.
Likely the PC isn't using the correct credentials. Try running the windows credential manager, and delete any existing credentials for the NAS. Then add a credential, using the NAS account you wish to use.
Note if you use both NAS hostname and the NAS IP, you will need two credentials - one for each.
Yes, there was an entry in credental manager, but it looked correct. I deleted it and created a new one but it still won't allow e to map the drive from Explorer.
So how should (in your opinion) my access permissions for SMB be set up for this to work?
All I want is for one user to be able to connect to this particular share with username and password protection using Explorer, ideally without having to permanently map it to a drive letter, or having to use the command line. I cannot see what I am doing wrong here. It feels like something isn't working the way it should.
Digsy wrote:
All I want is for one user to be able to connect to this particular share with username and password protection using Explorer, ideally without having to permanently map it to a drive letter, or having to use the command line. I cannot see what I am doing wrong here. It feels like something isn't working the way it should.
And that user account is the only one you want to use for NAS access from that PC?
Are you able to access other shares from file explorer with the new credential?
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
