Hallo all,
now I'm struggling with a very strange problem. I connected my QNAP TS121 with my PDC (ClearOS 5.2). It is running, and I see all LDAP users and groups. I can also assign the users or groups to the shares. When I then want to get access to a share it works perfect, If used user, but it doesn't work if I use LDAP groups for autentication. Is there a trick ?
I'm using TS121 with firmware 4.10, the network connection works properly and the LDAP is also announced working properly (otherwise I would not see the LDAP groups and users).
Kind greez
LDAP group rights are not working
-
- First post
- Posts: 1
- Joined: Fri Mar 27, 2015 5:01 pm
Re: LDAP group rights are not working
The same problem here with FW 4.1.2. on TS-ES1680U
No matter if I use an external LDAP-server or the inbuild one, sharing folders with domain-groups does not work.
If some qnap developer is reading this here, can you please check this? This is a real showstopper for us here.
TIA!
Chris
No matter if I use an external LDAP-server or the inbuild one, sharing folders with domain-groups does not work.
If some qnap developer is reading this here, can you please check this? This is a real showstopper for us here.
TIA!
Chris
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: LDAP group rights are not working
Community forum here - get in contact with QNAP Customer Service -> http://helpdesk.qnap.com/ please.
-
- First post
- Posts: 1
- Joined: Wed Aug 12, 2015 5:44 am
Re: LDAP group rights are not working
I know it is an old post but I ran in the same problem recently (QTS 4.2)
LDAP group seems to don't have effect on share folder permissions (I use advanced share folder permission with ldap user and ldap gorup).
I found the solution by retrieving the user from Share Folder permission.
It seems that Qnap system first check user permission and if the user is not found in the list, the user Group permission is then checked.
If user is define with "Deny", the system stop there and don't check Ldap Group Permission.
LDAP group seems to don't have effect on share folder permissions (I use advanced share folder permission with ldap user and ldap gorup).
I found the solution by retrieving the user from Share Folder permission.
It seems that Qnap system first check user permission and if the user is not found in the list, the user Group permission is then checked.
If user is define with "Deny", the system stop there and don't check Ldap Group Permission.
-
- First post
- Posts: 1
- Joined: Tue May 17, 2016 2:12 am
Re: LDAP group rights are not working
Hello,
I'm still looking for a good solution to this problem. I am also on QTS 4.2 and checking each user individually for permissions is NOT a good solution.
Steps to reproduce:
Go to "Shared Folders" -> find share you want to add permissions to -> "Edit Share Folder Permissions" -> Select Permission type "Users and groups permission" -> "Add" -> "Domain Groups" -> Find group and select "RW" checkbox.
In theory, you should then be able to go to that user in the system and look at their shared folder permissions and everything should be all set. The problem is, even though that user now has the label next to him/her "Read/Write" (under column "Preview"), the checkbox for "RW" is unchecked still, and the users do not have access until I manually click that check box next to every user...which makes setting up a group pointless to begin with.
Please help with a good solution - thank you.
I'm still looking for a good solution to this problem. I am also on QTS 4.2 and checking each user individually for permissions is NOT a good solution.
Steps to reproduce:
Go to "Shared Folders" -> find share you want to add permissions to -> "Edit Share Folder Permissions" -> Select Permission type "Users and groups permission" -> "Add" -> "Domain Groups" -> Find group and select "RW" checkbox.
In theory, you should then be able to go to that user in the system and look at their shared folder permissions and everything should be all set. The problem is, even though that user now has the label next to him/her "Read/Write" (under column "Preview"), the checkbox for "RW" is unchecked still, and the users do not have access until I manually click that check box next to every user...which makes setting up a group pointless to begin with.
Please help with a good solution - thank you.
- schumaku
- Guru
- Posts: 43579
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: LDAP group rights are not working
Agree with your theory. This reads to me like the groups are not looked-up - or the users group membership can't be looked-up from the directory. However, I can't get rid of the impression that your NAS set-up is incomplete and broken as per your report in another thread.kconti wrote:In theory, you should then be able to go to that user in the system and look at their shared folder permissions and everything should be all set. The problem is, even though that user now has the label next to him/her "Read/Write" (under column "Preview"), the checkbox for "RW" is unchecked still, and the users do not have access until I manually click that check box next to every user...which makes setting up a group pointless to begin with.
Definitively nothing wrong with that: Deny is deny ... and this is handled first. And "deny" does massively differ from "no access"mta33 wrote:If user is define with "Deny", the system stop there and don't check Ldap Group Permission.
Removing (I guess) ... yes, either remove the user from the list, or don't tick anything ... both does lead to a "no access" by username.mta33 wrote:I found the solution by retrieving the user from Share Folder permission.
-
- New here
- Posts: 4
- Joined: Fri Jul 08, 2016 4:29 am
Re: LDAP group rights are not working
Hi,
I stumbled upon this post while trying to figure out the same issue on my QNAP box.
I found that the issue actually was that the group I was using was an AD Distribution Group. The solution was to use a Security Group. Once I switched to a using Security Group, users could access the folder.
I hope that this maybe helps someone else out.
I am currently running firmware version 4.2.0 Build 20160311
I stumbled upon this post while trying to figure out the same issue on my QNAP box.
I found that the issue actually was that the group I was using was an AD Distribution Group. The solution was to use a Security Group. Once I switched to a using Security Group, users could access the folder.
I hope that this maybe helps someone else out.
I am currently running firmware version 4.2.0 Build 20160311