Only change was upgrade to 4.1.9 over the weekend on ReadyNAS 1100.Now, one user is unable to access a particular share. Confirmed in AD (using Domain Security Mode) that account is not locked and could login to user's account on domain, so have proper password.In viewing user/group list on NAS, it shows the user in question listed, so in theory it is synchronizing with AD properly.Of 15 members in same group as this user, the one is question is only one having problem. I've tried logging in to shares as the problem user from my computer and it does not work (Mount Share As different user), but mounting share as my user still works just fine.What would cause a single user's permissions not to work on the ReadyNAS share when it worked for 2 years straight, the password is confirmed correct, AD account is not locked, is still a member of same group that has Read/Write rights to the share, and all other users working just fine.Is this a 4.1.9 issue, or does someone have another suggestion?

Pulled logs.---Sample log entry prior to 4.1.9 upgrade yesterday---[2012/08/03 17:52:58, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [sharp] -> [sharp] -> [AIMC\sharp] succeeded---Sample log entry after 4.1.9 upgrade---[2012/08/06 08:25:39.009177, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [sharp] -> [sharp] FAILED with error NT_STATUS_NO_SUCH_USER

There are some security and ownership issues known to 4.1.9, and its suggested to downgrade to 4.1.8 or upgrade to 4.1.10 beta and turn off automatic updates. Although your error message seem to indicate that the NAS doesn't recognize the user. Does AD create local users or does the user authenticate with the AD server?

Since the upgrade process took a couple of hours, I can't do the downgrade during business hours. I saw a mention of people having to downgrade, was hoping my issue was unrelated.I'm not quite sure I follow your question. Active Directory is a server and therefore would be a server based user authentication. They are Domain Users (default group, in fact) and credentials are authenticated to the domain. Does that answer your question? Sorry if I am missing your point here.

My question might have been somewhat unclear. I'm not familiar with how the user authentication works between the NAS and AD. Thats why I asked the question, but while thinking a tad further; Does the NAS create users in AD or does it use already created users in AD?Since the NAS don't recognize the user its not definite that it can be blamed on the firmware, but it wouldn't hurt as a last resort to try a downgrade. The upgrade process itself shouldnt take as long as that (just guessing here, again not familiar with the 1100).There are some reports that some shares are inaccessible after upgrading to 4.1.9 on some users but not everyone, so its still a viable guess.

That makes more sense and to be honest with you, I am not 100% sure if the ReadyNAS periodically syncs with the AD server to obtain users and groups, or if it polls the AD server every login/connect attempt by a user.If it is the latter, then I would think that since the user exists on the User/Group report listing on the ReadyNAS, it would simply have responded with a valid user when connecting and not indicate the user did not exist.I wonder how the 4.1.9 issues were not detected prior to public release? The NAS seemed to be operating a bit quicker this morning than with 4.1.8, but if we trade off a little speed boost for failed connectivity, I guess we will roll back down to 4.1.8 tonight until 4.1.10 is out of beta and has been tested in the wild for a little while.

Some users unable to access share, AD mode (4.1.9)

26 Replies

Replies have been turned off for this discussion

mrwilliams1

Aspirant

Aug 06, 2012

Pulled logs.

---Sample log entry prior to 4.1.9 upgrade yesterday---

[2012/08/03 17:52:58, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [sharp] -> [sharp] -> [AIMC\sharp] succeeded

---Sample log entry after 4.1.9 upgrade---

[2012/08/06 08:25:39.009177,  2] auth/auth.c:314(check_ntlm_password)
  check_ntlm_password:  Authentication for user [sharp] -> [sharp] FAILED with error NT_STATUS_NO_SUCH_USER

Slasky
Aspirant
Aug 06, 2012
There are some security and ownership issues known to 4.1.9, and its suggested to downgrade to 4.1.8 or upgrade to 4.1.10 beta and turn off automatic updates.

Although your error message seem to indicate that the NAS doesn't recognize the user. Does AD create local users or does the user authenticate with the AD server?
mrwilliams1
Aspirant
Aug 06, 2012
Since the upgrade process took a couple of hours, I can't do the downgrade during business hours. I saw a mention of people having to downgrade, was hoping my issue was unrelated.

I'm not quite sure I follow your question. Active Directory is a server and therefore would be a server based user authentication. They are Domain Users (default group, in fact) and credentials are authenticated to the domain. Does that answer your question? Sorry if I am missing your point here.
Slasky
Aspirant
Aug 06, 2012
My question might have been somewhat unclear. I'm not familiar with how the user authentication works between the NAS and AD. Thats why I asked the question, but while thinking a tad further; Does the NAS create users in AD or does it use already created users in AD?

Since the NAS don't recognize the user its not definite that it can be blamed on the firmware, but it wouldn't hurt as a last resort to try a downgrade. The upgrade process itself shouldnt take as long as that (just guessing here, again not familiar with the 1100).

There are some reports that some shares are inaccessible after upgrading to 4.1.9 on some users but not everyone, so its still a viable guess.
mrwilliams1
Aspirant
Aug 06, 2012
That makes more sense and to be honest with you, I am not 100% sure if the ReadyNAS periodically syncs with the AD server to obtain users and groups, or if it polls the AD server every login/connect attempt by a user.

If it is the latter, then I would think that since the user exists on the User/Group report listing on the ReadyNAS, it would simply have responded with a valid user when connecting and not indicate the user did not exist.

I wonder how the 4.1.9 issues were not detected prior to public release? The NAS seemed to be operating a bit quicker this morning than with 4.1.8, but if we trade off a little speed boost for failed connectivity, I guess we will roll back down to 4.1.8 tonight until 4.1.10 is out of beta and has been tested in the wild for a little while.
Slasky
Aspirant
Aug 06, 2012
Please report back if the roll-back helps in any way. If you have the listings of the users and groups locally on the NAS (again not sure how this is listed or connected) you could try to delete the user on the NAS if its possible, and remake the user if its possible. Try this if the roll-back doesn't help.

I guess the 4.1.10 isnt far off judging from the time its been in beta.
mrwilliams1
Aspirant
Aug 06, 2012
Well, I just found a folder I can no longer access. Rolling back @ 5.
mrwilliams1
Aspirant
Aug 06, 2012
Rolled back to 4.1.8. Access/permission issues persist.
mrwilliams1
Aspirant
Aug 06, 2012
i am concerned about setting the option "Set ownership and permission for existing files and folders in this share to the above settings. This option is useful in cases where you are changing security levels and need to workaround file access problems." I do not want to have to go through and manually change permissions on hundreds of folders, subfolders, and files if this will overwrite everything.

Please advise if this option is required or if there is another possible solution.
StephenB
Guru - Experienced User
Aug 06, 2012
I've used this several times, and never seen any data loss. It just resets the file owner and permissions.