There is no access to the NAS which is a member of AD from computers not in the domain

Question

Hello.My NAS is member AD domain 2008R2I removed the checkbox allow anonimus access, and my domain users from windows pc which in domain have access well.But i have several win and linux pc and MFU (which should save scans in smb folder) which not in domain. I used domain user's credentials (like domain\user), but dont got acces to share.On linux i tried several methods (fstab, in filemanager in smbclient) to check access, but without success.smbclient -W domain -U user //nas/testsession setup failed: NT_STATUS_LOGON_FAILUREHow can I access from a computer that is not in the domain?

StephenB · Answer

The acceptance of the logon from a computer not in the domain is up to the AD server, not the NAS.&nbsp; So you might look into the policies there.
&nbsp;

uuuserrrr · Answer

II can log on to other computers on the network by just entering the domain/username and password of the domain users or administrator. //nas/test - anonymous access is disabledsmbclient -U username (domain's username) //nas/test
Domain=[DOMAIN] OS=[Windows 6.1 (why?)] Server=[Samba 4.7.0]
tree connect failed: NT_STATUS_ACCESS_DENIED

smbclient -U domain/username //nas/test
session setup failed: NT_STATUS_LOGON_FAILURE

smbclient -U domain/domainadmin //nas/test
session setup failed: NT_STATUS_LOGON_FAILURE

smbclient -U nas/local_nas_admin //nas/test
OK
//nas/test1 - anonymous access is enabled
smbclient -U domain/username //nas/test1
session setup failed: NT_STATUS_LOGON_FAILURE

smbclient -U nas/anyname //nas/test1
OK

smbclient -U anyname //nas/test1
OKWork with local account of nas, but setup local accounts disabled when nas is domain's member.I think the case may be in the authorized authorization methods for NAS, but where and what to change I do not know.Experimenting with configs of samba I'm afraid

StephenB · Answer

When you have AD enabled on the NAS, it asks the AD for authentication.&nbsp; So I don't think this is related to the NAS authentication policies, it would have to be in the domain controller.&nbsp; Are the other computers you are testing with in the domain?&nbsp; (which is different from the user account being a domain account).
&nbsp;
You could also check to see if your smbclient is up to date.&nbsp; One setting you could check on the NAS is whether SMB encryption is required.&nbsp; If it is, you might try resetting that to desired or enabled.&nbsp; Go into the share settings for Test, select Network Access, and then click on the advanced control on the bottom left.&nbsp; That will show you the encryption setting.
&nbsp;
Another approach is to enable NFS on the NAS, and use that instead of SMB.&nbsp; You'd change the mount point to data/test (assuming your volume name is the default name data).

uuuserrrr · Answer

&nbsp;When you have AD enabled on the NAS, it asks the AD for authentication.&nbsp;He can not do this. To verify access, it must take the login and hash of the password from the client and send it to AD. I think this mechanism is simply disabled and does not work even if anonymous access is granted. See the message above.For computers in the domain, another mechanism is an authentication without sending a password hash, by ticket kerberos.On other pc all OK. I can browse domain pc's shares and system shares (like C$) from my linux simple with the help of a regular file manager (dolphin in KDE).I can not go to //nas/test from any windows PC too, which are not in the domain.I use smbclient as example.I don't know&nbsp; what change in AD setting. Now all defaults. Any ideas?My MFU Kyocera don't support NFS.&nbsp;Besides, he's dead and insecure. smb encryption disabled. share test maked with defaults settings.

Forum Discussion

There is no access to the NAS which is a member of AD from computers not in the domain

4 Replies

Related Content

Computers in Network Cannot Access Eachother

Re: Device undetected after computer wakeup

New Computer Wifi

Making a PC a member of more than one VLAN

Windows 10 won't access shares on one computer

NETGEAR Academy

ProSupport for Business