× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Can't access SMB shares of AD joined RN316

Scirocco16V
Guide

Can't access SMB shares of AD joined RN316

I have a ReadyNAS 316 with 6.1.9 firmware.

When I try to add an AD user or group to the file access > security section of a share, I get an error "Folder operation failed. Cannot set file access. Please check specified user/group exists. facl_change fail uid=99 gid=98 Code: 1007130001".

The group I'm trying to add appears in accounts > groups. I was also able to add it in Network Access > SMB > Security.

I assume this is being caused by the above problem, but I also can't access any SMB shares using credentials for AD accounts that were added in SMB > Security. If I go to \\NAS, it will only accept the NAS's admin login and password. It won't accept any AD accounts. When I try going to \\NAS\Backup it won't accept the NAS admin or any AD logins, including the AD administrator, even though those accounts have SMB Network Access permission.

The NAS has a static IP. I manually added its IP to my Windows Server 2012 DNS. I also manually added its host name as a computer on the 2012 server's AD. The NAS is set to use NTP to synchronize the clock with the Windows Server. It also has the Windows 2012 IP for its DNS servers. I set NAS's account authentication to AD and successfully refreshed the ADS accounts. When I click Users or Groups, I see all my AD accounts.

Can anyone help?
Message 1 of 5
mdgm-ntgr
NETGEAR Employee Retired

Re: Can't access SMB shares of AD joined RN316

How did you setup AD permissions?

Have you tried this?: http://kb.netgear.com/app/answers/detail/a_id/7066

If not, give that a try.

If you still have problems can you try this:

1. Download your logs: http://readynas.com/kb/faq/misc/how_do_i_send_all_logs
2. Rename the downloaded logs to add test1_0 to the filename
3. Try to access the NAS via SMB
4. Download the logs again and this time rename to test1_1
5. Add user/group to the share and download the logs, rename to test2_1
6. Attempt to access the NAS via SMB using the user/group you just granted access to the share.
7. Download the logs and rename them to test2_2
8. Send all four sets of logs to the email address mentioned in the link above.
Message 2 of 5
Scirocco16V
Guide

Re: Can't access SMB shares of AD joined RN316

I hadn't tried the "Setting Active Directory folder permissions on ReadyNAS OS6" article, so I did. I got to the first couple steps of part 3. I had used the administrator account when joining the NAS to the domain. I logged into a domain controller as administrator and tried to open the \\nas share. It wanted a user & pw. It would not accept the administrator user&pw. It did take the NAS's built in admin & pw.I tried changing the permissions on my test folder and Windows said I don't have permission to view or edit the object's permission settings. It won't let me change the folder's owner, saying access is denied. The only thing I can do with SMB is view the list of shares & I can only do that with the NAS's built in admin account. I'm e-mailing the logs now.
Message 3 of 5
mdgm-ntgr
NETGEAR Employee Retired

Re: Can't access SMB shares of AD joined RN316

Sounds like your NAS is not properly joined to the domain.

If you are comfortable with SSH enter

# journalctl -fa

And monitor the output while you attempt to join the domain again.
Message 4 of 5
Scirocco16V
Guide

Re: Can't access SMB shares of AD joined RN316

You were right. Something was wrong with the NAS domain join. I might have clicked the "refresh ads accounts" button too quickly after the "apply" button. Or might have been that the NAS had 2 domain controller DNS servers & 2 opendns DNS servers.
In any case, I removed the non-DC DNS's, re-did the domain join, was very patient, and everything is working now.
Thank you.
Message 5 of 5
Top Contributors
Discussion stats
  • 4 replies
  • 4665 views
  • 0 kudos
  • 2 in conversation
Announcements