Credentials not accepted under Windows 10

    Hi everyone,

    I red the suggested procedure for regenerating windows credentials, so that win 10 can access to shared folder in omv 6. here the link:


    Thema
    Windows Pro 10 & 11 shares , samba recipe OMV 6
    Windows Pro 10 & 11 shares and samba process for OMV 6 that works for me. This is only the Windows side. Nothing about openmediavault

    I moved the pdf file here since many are adverse to downloads. Me too!

    I recently shut down my XigmaNAS and converted over to openmediavault. The conversion to openmediavault was rather seamless. However, your windows troubleshooting did not work for me. I wanted to share my recipe for getting logged into SMB from windows 10 and 11 professional. BTW, because my…
    oakhurst


    I applied it in two cases, one at home, one at the office. At home, step 1 was enough. I deleted windows credentials and that worked. But this was a easy one. I knew I was messing with windows credentials since I was testing different nas software. In this case I just tried step one (delete windows credentials) and it was a success.

    The second case is for me a difficult one. I followed all the steps suggested. At the end, the result was the same as before. No access to the shared folder, except when everyone value is set to: read, write, execute. Here the situation: the pc is located in the office. It's a win 10 with local account (neither access with business account nor with microsoft account. So I found it. but it works with updated win10). It connects to OMV6 when in OMV6 shared folder are set as follows: owner (me), user (group: colleagues, phd candidates), everyone: read, write, execute. Owner and group have permissions to read, write and execute. But if I set everyone to any different value (e.g.: write/execute), the pc cannot access the shared folder. The problem is the following: I don't want that everyone in the same lan (university) has access to the folder. Windows should ask for credentials, but it does not, which is strange. In the same room and in the same lan there are other 6 linux pc (linux mint debian edition, a cousin of omv practically) which behave normally: they ask for credentials and then they give access without problems. Even an imac behaves like that. Now, it is for me important that the win pc can connect to the shared folder in a read/write/execute mode after asking for credentials, so that just specific groups (Phd candidates and colleagues) can access the shared folder after giving credentials. I am out of ideas for now. Any help would be much appreciated. Thanks a lot. Sg

    Hi Krisbee, thanks a lot for your indications. I cannot check now as I am travelling. I will next week. I think, it is a public group, with "guests allowed" and everyone value set to: read/write/execute. Do you imply that guests should not be allowed so that everyone in the same lan should give their credentials before access? Which one should be the right configuration in order to have only two groups (colleagues and phd candidates) with access right? thanks again. I will let you know next week.

    You said this in #1 above:


    Zitat

    Now, it is for me important that the win pc can connect to the shared folder in a read/write/execute mode after asking for credentials, so that just specific groups (Phd candidates and colleagues) can access the shared folder after giving credentials.


    So, basically, the answer to your first question in #3 above must be yes.


    For background, the info in this post still holds in OMV6:


    Thema
    Samba Share Types in OMV
    Samba shares types

    OMV has the capability of configuring shares accordingly with their defined user access privileges. This means they won't act in the file system layer they will run in the samba authentication layer. From there the access can be controlled to be read only, write access and guest account log in. This is done with the PRIVILEGES button in the shared folder section not the ACL

    forum.openmediavault.org/wsc/index.php?attachment/1890/
    subzero79


    Your first post implies that after using the same(?) local account to log into the office WIn10 PC, there's a share multiple users could access but only if their credentials (username/password) are supplied. Do all these user accounts for Phd candidates and colleagues already exist on your OMv6 install?

    Hi again, thanks a lot for your further indications. I will go through the guide. It's an ongoing project. I have just begun. Sorry for my lack of competence. I just went through the basic configuration for beginners. Now I understand that I have to proceed to the next step and study samba shares types and unix permissions. However, I was not thinking of implement single user account for everyone. To keep it simple, I thought of two groups with different credentials. They exist already in my OMv6 install.

    By reading the following sentence of yours:


    Your first post implies that after using the same(?) local account to log into the office WIn10 PC, there's a share multiple users could access but only if their credentials (username/password) are supplied.


    I realize that I could have been misleading. Sorry for that. I try again.


    Linux mint debian asks for credentials (group for phD candidates; name: "dottorandi", psw: "pragmatism") when everyone is set to "read/write/execute", which is correct. The Win 10 pc with an undefined user account (without password; just click on "user" in order to access; but it doesn't matter: it is closed in the phd candidates room) has access the share folder "Texts" in this case. Otherwise, it has not. Obviously, with this configuration every pc in the department sees the icon of the network storage "OMV" and has access to share folder. I want to come eventually to a configuration in which any pc in the department (no matter if win10, imac or linux) can see the network icon "OMV", but only candidates and colleagues who know the right username and password credentials have access to the share folder. There is no need of specifying all the members of a group.

    After your questions, I now realize that one (of the many) errors was in allowing guest. So thanks again for your time and patience. I will read the guide hoping to find inspiration and solutions.

    How many users have you added to OMV? Is it just one with a name/password to be used by all staff members and a second with a name/password to be used by all students? Have you added any additional groups to OMV?


    If you've added no additional groups to OMV and just the the user accounts as I've described then to get win10 to work like Linux mint you can change to two options in the OMV SMB/CIFS share configuration.


    1. set public to "no"

    2. add this to the extra options: "write list = @users"


    The unix perms on the share can then have "no access" for others.


    This would mean both staff and students have access to the same data in the share and can create files and folders, but also read, modify and delete other peoples files and folders. Which may not exactly be what you want.

    Hi again! Let me first thank you for your patience and instructions. I will apply them next tuesday and let your know. I have the feeling that I am on the right path now, thanks to your help.

    Here some details concerning your previous questions:

    1) Just two groups, colleagues and phd students. No additional groups. The two groups have different passwords. Each member of a group uses the generic password for that group. The two group could even have shared the same password. In fact, we work on the same digital archive: add texts, do ocr and research, organize folders. Also, students work under direction of their tutor. So, in this case no prob about overlapping of groups. Actually, I realize now that I could have added just one group and simply give the credentials to the users. But I didn't want to exclude from the beginning a differentiation. We are around 30 colleagues and 15 phd students. Other, group specific activities and documents may come in future, e.g. administrative documents of the teaching staff. If not, I could simply rename a group and delete the other one.

    2) I don't remember now where to configure the two commands you mentioned (1. set public to "no"; 2. add this to the extra options: "write list = @users"), but I will search for them. I am sure they will do.

    Thank you very much

    You seem to be setting up a system for 45 (or more) users without the help of specialist IT support. While OMV is designed for home or small office use, with this number of users your scheme may end up with only rudimentary control over your data. For example, you could not audit which particular member of staff or student created or modified data on your system. Who is in overall control of IT in your institution? Are there no institution wide polices re: computer access, data protection, etc.?


    In OMV, passwords are associated with individual user accounts not the group(s) the user account belongs to. As such, your statement


    Zitat von essegi62

    1) Just two groups, colleagues and phd students. No additional groups. The two groups have different passwords. Each member of a group uses the generic password for that group.


    does not clearly distinguish between groups of people and how their computer accounts have been added to OMV. You did not directly answer the questions I asked at the beginning of my post at #6 above. I can't be sure my advice/instructions are correct.


    By the way, I hope the credentials you mentioned in #6 are fake. You never know who might read this forum. You need to anonymise any reference to your working system.

    Hi again,

    thank you for sharing your thoughts on data control. Much appreciated. We are 45, but just theoretically. It is an experimental phase, and I think that not more than 5-10 people will take part to it. Say a blend of students and colleagues. So a rudimentary control over data will do, at least at the beginning. Over time, we will eventually switch to a different model, according to the direction you suggest. Before, I need to make some experience with the easiest solution, see what it offers and then ask the institution for a real admin. he will be responsible for data control. I am only a researcher in Humanities and cannot play a role that doesn't belong to me, and for which I don't have the right competences. So, please, will you excuse my amateurish tone.


    Let me come back to the questions you asked right at the beginning of #6.


    How many users have you added to OMV? Sofar I remember, just me and two groups. I should be also part of the teacher's group. Please, notice that "Phdcandidates" could have the status of a simple user, not of a group. The same applies for "Colleagues". I will check next week.


    Is it just one with a name/password to be used by all staff members and a second with a name/password to be used by all students? Yes. two users (or groups), each of them with a distinct "name/password"


    Have you added any additional groups to OMV? No


    As you said, we don't clearly distinguish between groups of people and how their computer accounts have been added to OMV. This will happen eventually at a later phase of the project. As for now, the main goal is keep the fileserver working with a minimal protection, so that a generic user of one of the two groups can access the data after giving generic credentials.


    Now, let me ask a question: if students and colleagues are a collective user, and not a group, how should be configured the SMB share options? Are the two settings (1. set public to "no"; 2. add this to the extra options: "write list = @users") still valid?

    Thanks a lot


    p.s.: all the users and passwords I mentioned before are obviously fake.

    Hi again. Problem solved! But let me recapitulate before thanking you properly. As I suspected, there are no groups. Only two users (teachers and students) with the group-attributes of users and sambashare. The two settings (1. set public to "no"; 2. add this to the extra options: "write list = @users") did the trick, although I could not locate at first glance where to add the line to the extra options. But this depends on the GUI of OMV, which in this case adopts very small character (is it not a bit strange?), so that you notice the right place only if you know where to find it. A little of research in the forum helped. Also, you mentioned "The unix perms on the share can then have "no access" for others." I did not change the value the because it worked without. Now windows behaves like linux mint and asks for credentials, and after that gives access to the share folder. Do I have also to change (in storage-share folder-perms of other user) the value from everyone to no one? Probably yes, because it sounds safer.

    I think your indications should be written in the beginner's guide. The video of Technodad, which I followed as a guide for the installation, and the official manual of omv6 suppose as easy installation procedure for beginner a single user in a domestic lan. Nothing is said about public lan with multiple user. Your indications clarify and specify what is said in the thread "samba share type in omv", so I hope they will find place in a guide. I can now deal with the next thema: how to mount an omv share folder in debian-mint so that windows apps running under wine can locate it. But that's another story.

    Thanks a lot for your patience and time. I hope that other user can take benefit from your indications. :thumbup:

  • essegi62

    Hat das Label gelöst hinzugefügt.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden