Denied Credential Access

1. offizieller Beitrag

    MY OMV 4.1.12 NAS, after about a year of deep sleep, has now denied me SMB access after I booted the system up for use with my LAN clients. I can access OMV web GUI, and mess with the settings, and boy did I ever. I have used OMV ver. 3.x and upgraded to 4.x without problems, about a year ago. Then, I had OMV 4.x running like clockwork, running and working perfectly without errors or access issues.


    Please note, my knowledge of Linux/Unix is limited. Same with Windows, even though I tinker allot with both.


    I can see the share folders on the NAS via Windows 10/1909 on 2 different systems. I just cannot access them to retrieve my stored data (family photos!!!). When I click on a share folder I get asked for credentials, but account credential fails. Yes I have looked through the help offered in the forums, probably watched all of TLD videos. I'm sure I missed something!


    To date, I have ensured SMB enabled on Windows. I have also tried the Windows credential manager suggestions, although I shouldn't need to log in with the same as Windows accounts, didn't before. Having said that, I have also re-created OMV USER accounts from the beginning and reviewed access rights trying many options, and rebooting with every change. Still no joy.


    So not only did I create a new OMV USER with a PW, I also gave the new USER (Samba group), access to new share folders. I also played with and toggled ACL and privilege settings. And other settings...….. Honestly I forgot half the steps I tried already. Pulled out most of my hair. My eyeballs hurt. I need some love. Can someone hold my hand through this? :?:;(


    Note:

    I should also mention, since the Nas box was sleeping for a year, I have since rebuilt a Windows client and re-installed Windows on another. This cut-off a cron job to a related HDD - I think. I also screwed around with SSL/TLS as the certificate appears outdated now. And I know I turned something off in Docker about 3 hours ago, before I through my hands up. I will update/rebuild and re-learn only after I access and backup the existing files on my Nas!:!:

    Never memorize something that you can look up.

    ~ Albert Einstein

    Zitat von crashtest

    Take a look at this and see if it solves the problem. -> Win10 and OMV access.

    Hey thanks Crashtest for quick suggestion. I have seen you at these forums quite a bit for a few years helping others. Kudos!


    I quickly read through the link. I am using NetBIOS over tcip on the Windows clients which seemed to help me see the share folders. Plus I enabled smb support in Windows features. I can see the Nas Share folders. Just can't access. So are you and this literature saying access could still be related to port handshakes and protocols? Could this be my router that's running a NAT firewall that wsdd does not like? I'm still cloudy over wsdd???

    Never memorize something that you can look up.

    ~ Albert Einstein

    Einmal editiert, zuletzt von Rather_B () aus folgendem Grund: Hold on.. I read that already a couple years ago about wsdd. I am reading the other PDF link now.

    Yup, that other read was old. Been there before. It's more about seeing your shares from a Windows client. Not my problem. Share Folder Access is. I can see my Nas folders from my Windows clients.

    Never memorize something that you can look up.

    ~ Albert Einstein

    • Offizieller Beitrag

    wsdd is an service advertisement that makes a host and shares appear in Windows Network view. If you're seeing the OMV host and shares, wsdd is working.


    Client firewalls can be a problem. Clients on the local LAN should be set to trust the local LAN with low or medium security.


    The problems associated with MS clients and OMV can be:

    1. Network and Sharing settings on the Windows client.

    2. MS tightening security to progressively higher levels and pushing out changes with updates.


    If you had access at one time, with the same clients, #1 might not be a problem but I would still run through and check your settings against the document.

    #2 seems to be where clients will connect one day then, after an update, they fail to connect. Win10 is going to be notorious for this. While they call it Win10, now the build # is how they're differentiating between various changes, with security changes among them. (BTW: I'm running OMV 4.1.23 with a Win10 client, build #18362.720 without issues)


    _____________________________________________________________________________


    I noticed that you mentioned the credentials manager. That's one way to do it.
    It seems that you may have tried this but; this is how I grant transparent access to my users and it also helps me to keep track of them. We'll use my wife's laptop as an example. (After going through the referenced document and applying the share setting "use user accounts and passwords to connect to other computers".)

    My wife has her unique username and password, that she uses to log into her laptop. I create the exact same username and password (cap's and all), in OMV, under Access Rights Management, User. OMV then places that user in the users group by default. (The users group is set to Read/Write in OMV, by default, when a new shared folder is created.) Done.
    Whenever she logs into her laptop with that username and password, she gets write access to shared folders and, if using the typical Samba settings, she can write network shares.

    ______________________________________________________________________________

    ** After the username and password has been added to OMV, if you can't get in, look at the following.


    Under Shared Folders, click on the share, and the ACL button.
    (Don't, repeat, don't start checking boxes in the upper right hand area. If you did that, uncheck them.)
    Stick with the following.


    Shared folder permission should look like this:



    Opening the above up to everyone would mean setting Others to Read/Write
    __________________________________________________________________


    Samba will follow the shared folder permissions above but should be browsable. (Not a problem for you, but maybe for others.)


    Opening up Samba would be setting Public to "Guests Allowed".
    _____________________________________________________________________


    If the above doesn't work, you might want to look at the following section in the Win10 - OMV document.

    "Domain Connected Windows 10 Clients / Servers" This section sets access policy and it might be required if you have an OEM verison of Win10 where "MS partners" alter the standard security profile on the PC's they sell.

    This has to do with Samba protocol levels where MS is continually upping the ante.

    Crashtest I want to say thank you for responding. It gave me something to chew on and double, triple check every step.


    I have since (16 hours at it), fixed file access issues. PROBLEM SOLVED. :thumbup:


    However, seeing the folders on a Windows PC wasn't the problem. I got around that as you have suggested. And maybe it had something to do with it, but I had permission issues that would not let me in those net shared NAS share folders.


    Regardless, what I discovered was I had permission settings all messed up because I had made so many changes over 2 days I kept over looking some settings. :rolleyes:


    So that this post wont go to waste...….Once I gained access and quickly backed up everything off-site, I also discovered that a NAS folder I had created, that was basically a Photo Vault, had empty sub folders and missing photos!!!!! =O This Nas folder was supposed to be backing up a duplicate share folder via cron jobs, rsync I think. Bit Rot? IDK It was 2 years ago when I set it up. The drives are in raid also.


    In any event, I managed to grab all the original folder content from the duplicate share folder. Phew! Scared me there for 2 days! ||:sleeping:

    Never memorize something that you can look up.

    ~ Albert Einstein

    • Offizieller Beitrag

    All's well that ends well.
    ____________________________________________________

    RAID,,, that's another subject altogether. I really don't understand why users go with mdadm or hardware RAID. For most home users, other than aggregating disks, there's almost no benefit in using RAID. There are better ways to aggregate disks and get some protection.

    I use ZFS in zmirrors for bit-rot protection (not availability or redundancy) on 2 different servers (one backing up the other), snapshots for file versioning and have 3 full sets of backup. I take no chances.

  • Rather_B

    Hat das Label gelöst hinzugefügt.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden