This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I am attempting to set up a backup for an external user via SFTP. I am testing connectivity using FileZilla. When I connect to SFTP with the ReadyNAS admin account, I can view the folder contents, create files, etc. When I connect as one of the domain admins, I instead see a folder labeled users;UNIX.mode=0775,owner=33268 (etc.).
User authentication mode is enabled under System -> Services -> FTP and the "enable FTPS" checkbox is checked. I have created a share specifically for SFTP access (under Shares -> Shares) and Domain Admins have been given read/write permission under the FTP button (under Network Access) and have been added to the security tab (under File Access) also with Read/Write permissions.
What am I missing? Why can the admin account that's local to the box get the correct settings but domain admins can't? Authentication type is set to Active Directory, by the way.
ReadyNAS OS 6 does not currently allow you to enable SSH access on a domain user account, only the admin account. There's no way to restrict who can and cannot access the NAS via SSH/SFTP/SCP if domain accounts are enabled; it's an "all or nothing" setting with AD. As long as they have a domain account, they would have SFTP access to the NAS. Also, ReadyNAS OS 6 does not support SFTP chroots, which prevent users from accessing things that are not for them to see.
Either way, the permissions are based on file access permissions and not share access permission.
Thanks, JennC, but I'm not drawing the connection between that and authentication. Why would I be able to connect as an AD user (but can't write to the share) but I can read/write when connecting as an admin to the box?
ReadyNAS OS 6 does not currently allow you to enable SSH access on a domain user account, only the admin account. There's no way to restrict who can and cannot access the NAS via SSH/SFTP/SCP if domain accounts are enabled; it's an "all or nothing" setting with AD. As long as they have a domain account, they would have SFTP access to the NAS. Also, ReadyNAS OS 6 does not support SFTP chroots, which prevent users from accessing things that are not for them to see.
Either way, the permissions are based on file access permissions and not share access permission.
