We have a ReadyNas 314 (Firmware - 6.4.1) used as a Shared Drive between 15-20 users on our domain. Lately, we've had two users report the same issue:
1. Domain password expires - user changes her domain password
2. User uses the /password_recovery/my_password.html page to change their shared drive user account password
3. Not sure if GPO is set up to apply however, both domain account and the shared drive passwords are advised to be the same (previous admin set this up)
4. Home folder is accessible and available however, all sub-folders within the home folder show an Account Unknown within the security permissions - User is unable to create/edit/delete any fille within any sub-folder within the home directory. The home directory itself has no issues.
5. I created a new folder within the main home folder and copied over all the files from the previous directories that were inaccessible
I'm not sure if it is the password that caused it, but we have had two users in the last week report this. It could be a Windows update, however I'm not sure what's causing this. Moreover, the folder cannot be deleted as the user no longer has ownership of the folder within his/her home folder. The only way is to delete it through ssh. Any advice would be appreciated. I've verified the folder permissions within the home directory of the user to be correct. Thank you
When NAS is joined to AD, the permission of the shares are set on the Windows server. The password recovery is not also done on the NAS but on the server where you created the users.
We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.
If your issue is now resolved, we encourage you to mark the appropriate reply as the “Accept as Solution” or post what resolved it and mark it as solution so others can be confident in benefiting from the solution.
The Netgear community looks forward to hearing from you and being a helpful resource in the future!
Just to get straight what I think you are saying, and either JennC or I have misinterpreted. The NAS is not joined to the domain. However, you recommend that the NAS password be changed when the domain password is, as that makes access easier (Windows passes proper credentials to the NAS). After their domain password expired and was changed, the users successfully changed their NAS password via the web page, but then lost access to all sub-folders within their home share. This is something that always used to work before.
If they, or you using admin credentials, select one of the sub-folders, right-click, select Properties, the Security tab, then Advanced, who is listed as the owner? What rights does the proper owner (by name) have? Same question regarding the home folder itself.
Unfortunately, the Reset Permissions button is not available for home folders. But you may be able to reset the owner via Windows. Go to the Advanced security window for the home folder and select Change next to Owner, then Advanced, and Search. If the user is listed, make them the owner again. You will have to do this using admin credentials. You should be asked if you want the change to be for all files/folders, and you do.
If this is unsucessful, the only other way I know to fix it is via SSH. Are you comforabe with that (following specific instructions)?
The NAS is not joined to the domain under the "Authentication" tab. However, it does seem to have info under the Active Directory selection (just not applied I'm assuming or perhaps it was applied at an earlier date).
Here's one scenario:
1. I create a new local user from the "Users" tab on the ReadyNAS
2. The user is also created on the domain using the same password as the ReadyNAS
3. When the user logins to a domain-joined PC and goes to the location via explorer, for example:- \\foo.someplace.com
4. The user is not required to login. It shows the user's home folder & the user is able to navigate into his/her home folder and other folders i.e. the domain joined account automatically authenticates the user into the shared drive
I haven't been able to find a GPO that sets the above. I'm not sure how it was first setup, but the procedure requires that users change their doman & shared drive password at the same time. The issue with the sub-folder within the home folder is that the owner is set as "Account Unknown". I haven't tried changing it with an admin account. However, I have reset the permissions using ssh (-r for recursive starting at the user's home folder for example - /home/someUser). This hasn't worked and the account still shows the wrong permissions.
The default behavior of Windows is to present the user's Window's logon credentials to the NAS when the user tries to access it. If this logon fails, then the user is given a chance to enter different credentials.
In your case, those user credentials are the domain credentials. The logon succeeds, because you have already created a local account on the NAS that matches those credentials.
Okay, that explains it. But, for some reason when users change their password through the /forgot_password link they are unable to accesss some folders within their home folder. This was not a seen behavior and something that has occured twice in the past few weeks.
The AD object ID for the user is also different from the object ID for the folder's account owner. Would I be able to login through an admin account and see the home folders for all users & subsequently change the permissions through Windows? Folder permissions are unchangable through the user a/c as the account is no longer owned by that user.
You can access the full data volume using SMB with NAS admin credentials (and map it to a drive letter if you wish). Then you can navigate to the user's home folder and reset file permissions.
When you say "the account still shows the wrong permissions", you mean that Windows shows the wrong owner (account unknown) and permissions for the folders but Linux via SSH shows the right ones, or that the owner is also wrong via SSH and chown fails? Either of those is quite odd behavior. If Linux does not recognize an account name for an owner, it should list a UID number for it.
It seems that the Linux and Samba permissions are out of sync. Have to tried to see if a power cycle will clear up the confusion?
I wuld definately try changing the ownership via Windows next.
If that doesn't wrk, cat /etc/samba/smbpasswd in SSH will list the users and UID's that Samba knows and pbdedit -L -v will show a lot more from the Samba database. I don't know exactly what you should be looking for, but compare a user with this problem to one without and see if anything clicks. I wouldn't recommend trying to change anything even if you see something that looks wrong for fear the problems could get worse. But you could at least report here what you find and maybe one of the mods can figure it out from there.
