Completely baffled by setting up shares for users

  • I don't know if I'm just a complete idiot or if OMV is. It can't be this hard....


    All I want to do have is have multiple shared SMB folders....and be able to configure each folder's access rights (read-only, read-write) based on user accounts.

    I've been looking over a bunch of online/YT instructions for how this is supposed to be setup, but nothing seems to work.


    Existing Windows computer user (name:pass on the windows computer) (on the same Workgroup)


    OMV

    - Create user account with name:pass to match Windows user

    - Existing shared folder in OMV -> Privileges -> Set r/w permission for Windows user

    -

    SMB

    - Shares -> Add shared folder from above

    - Shares -> Shared folder - Public -> No


    Anything else?


    At this point, when attempting to access the folder, I am prompted for the password (user name is already pre-populated). I enter the password and am met with the message:

    \\OMV is not accessible. You might not have permissions to use this network. Blah, blah, blah.

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • There are two different types of privileges that must match. Under Shared Folders -> Privileges you configure them for the services like SMB. That is correct. But the filesystem / file / folder permissions must match as well. You can check them in Shared Folders -> ACL. There you find ACL in the upper half (You can ignore that) and UNIX file/folder permissions in the lower half (Here your user must have access as well).


    If you checked that and it still does not work, please post a screen of all your shared folder / privileges / acl and SMB / shares configuration.

  • Double-checked, and yes, the user settings under Shared Folders ->Privileges is set for r/w access and if I go into the Shared folder -> ACL (in the upper half), I see the user account also configured with r/w access. So they match.


    In the UNIX file/folder perms in the lower half though ("Extra Options" section), how do I configure/add this user? The only thing I can see to do there is to change the owner/group/others configuration.

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • When you are setting or modifying Shared folder privileges do you see this informative message?


    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • Why is ACL configured? This should actually not be unless you touched it. It is for very complex rights management and is very often causing problems when unexperienced users touch it.


    In the UNIX perms you can not add or remove users but only set an owner user / owner group and set permissions for them as well as ‚others‘. So just set your corresponding user as owner and grant all access. Group and others should have no access (Note that root can always access)

  • Why is ACL configured? This should actually not be unless you touched it. It is for very complex rights management and is very often causing problems when unexperienced users touch it.


    In the UNIX perms you can not add or remove users but only set an owner user / owner group and set permissions for them as well as ‚others‘. So just set your corresponding user as owner and grant all access. Group and others should have no access (Note that root can always access)

    LOL... I've used ACL for years and never had a problem. It's been said here the key thing is not to mix ACL and Permissions.. which I don't.


    I actually posted this on reddit a long time ago to help a user, and he said it helped him, and was bored and essentially reposted it a while ago.


    After a week of struggling with permissions I'm hoping for some pointers/suggestions?

    Air Conditioners are a lot like PC's... They work great until you open Windows.


  • I also never had any problem here but heard about some several times. Also good thing to keep things simple as possible. Anyway the main problem here seem to be he just doesn’t tell us all the settings he made.

  • I also never had any problem here but heard about some several times. Also good thing to keep things simple as possible. Anyway the main problem here seem to be he just doesn’t tell us all the settings he made.

    Admittedly, I've probably changed some things that don't need to be changed (or maybe shouldn't even be changed) while trying to sort this out.

    If I can possibly create even a single working 'example' though, I can replicate the settings and go from there.


    gderf No, never have seen that message while trying to get this to work.


    It seems like I earlier ran across a post that had something about installing a plugin that would essentially reset all of the perms/ACLs/etc back to default. Is that something I could use here? I'd be MORE than happy to reset all of that stuff back to default and have someone show me how to correctly set things up for 1 remote user and 1 shared folder (the use-case I specified in the first post).

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • gderf No, never have seen that message while trying to get this to work.

    You can not set or modify Shared folder privileges without that message being shown. But it is the content of the message that is important.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 5.x on ASRock Rack C2550D4I C0 Stepping - 16GB ECC - Silverstone DS380 + Silverstone DS380 DAS Box.

  • gderf Yes, you are correct. I was imagining that message happening somewhere else. Just to confirm, I did into a shared folder and into the Privileges section and I do see the EXACT same message you posted.



    so this is saying....the configurations set there in the privileges section are used by, in my case, SMB to setup the access rights for -users-...and don't cause any changes to the file system's permissions for the actual content existing within the shared folder, correct?

    Is this saying that if I assign r/w privileges to a shared folder that this simply gives the SMB service r/w access to the shared folder....and has nothing to do with whether or not a specific user has r/w or ro access to the share?

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • Maybe this might help -> Permissions.

    I hadn't run across this (somehow), but a quick scroll through it looks like this will be VERY helpful. MUCH appreciated!

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • Okay...making some SLOW progress here.

    Something odd that I've now run across though.


    On the remote client (with user:pass that exist in OMV), if I browse the network (explorer window), I see the OMV service (icon for my OMV) show up. If I click on it, I'm then prompted to "Enter your Network Credentials". My understanding now is that this shouldn't happen (if things are working and setup correctly with matching account credentials on both ends). If I go ahead and enter what is the correct pw though, I get the message that started this thread, "\\OMV is not accessible...blah, blah, blah".

    BUT......if I go to a run prompt and simply enter \\OMV, I'm then presented with an explorer window listing all of the network shares I have setup...and I can access them.

    So, what is happening here?

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • I click on it, I'm then prompted to "Enter your Network Credentials". My understanding now is that this shouldn't happen (if things are working and setup correctly with matching account credentials on both ends).

    It shouldn't but there are other considerations. (Below.)
    Make sure that permissions match: Shared Folder & SMB. Make sure none of the boxes for ACL's are checked.

    ___________________________________


    Are we talking about a Windows client? If so, check your network settings at the client -> Win10 client.

    The second thing to look at is your firewall. (SSH is a different protocol than SMB.) The firewall local network should be on medium settings. IP's within the local network should be "trusted".


    If it's a Linux Desktop client, it may be necessary to put the username and password in the credentials dialog and save (remember) them. (Different distro's work differently.)

  • Correct...none of the SMB shares have any ACL boxes ticked. (Installed reset plugin earlier and reset all the shares)


    The remote client is a Win10 client.


    Thanks for the link to that doc. Hadn't run across that one either.

    I have no problems when setting up a shortcut on the Win10 remote client. Works perfectly....but still doesn't change the previously described behavior where if I select the OMV network icon discovered in an explorer window, it then prompts me for a password...which doesn't even work if entered. This isn't a show-stopper though - just wondering why the Win10 client is behaving like this (wondering if maybe there's something not setup quite right).

    OMV 5.6.7-1 (Usul) Kernel 4.19.0-16-amd64 omvextrasorg 5.6.1
    Case: U-NAS NSC-200 , Power Supply: picoPSU-80, 80w , Mainboard: ASRock , CPU: INTEL G3260T , DDR3:Crucial 4GB, OS: SSD Crucial MX100 128 GB , DATA: 2x WD Red WD30EFRX - 3 TB RAID-1 , NIC: (2x INTEL i210) , USB: Vantec USB3

  • This isn't a show-stopper though - just wondering why the Win10 client is behaving like this (wondering if maybe there's something not setup quite right).

    I'm going to guess that you have an OEM copy of Win10. OEM's, in the name of helping users with security, can (and do) customize Windows with their idea of security best practices. Many things are possible in the Win registry.

    I doubt there's something wrong with OMV or access control if you follewed the doc. I have 2 different versions of OMV (4&5) on physical servers and various OMV VM's setup in a manner that's almost exactly configured like the permissions references provided. That's how I test the doc's. I have 3 each physical Win10 clients and no issues.

    You could try wide open permissions, on a share, as a test. That would be (Shared folder) Others - Read/Write/Execute and (Samba) Guests Allowed with read only - OFF.

    I have no problems when setting up a shortcut on the Win10 remote client. Works perfectly....but still doesn't change the previously described behavior where if I select the OMV network icon discovered in an explorer window, it then prompts me for a password...which doesn't even work if entered.

    Are you talking about mounting a network share, in windows, as a drive? Or are you talking about a server shortcut on the desktop? In either case, this is a clear indication that the OMV server is accepting the workstation's credentials or access would be denied.

    You could try a IP address to server name entry in C:\Windows\System32\drivers\etc\hosts This is mentioned in the access doc. (Note it may be required to going into safe mode to edit the file.)

    At a guess; it may be a network security policy in Win10 or a firewall issue.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!