QNAP NAS Community Forum

[stepozzi]

Hi, we have the same issue on a TS-439 Pro II+ with latest firmware (3.5.2 Build 1126T).
I noticed (if it can help fixing the issue) that before rebooting the NAS all user names and group names were substituted with numbers (such as 30008, etc.).
After reboot all user names and group names are real AD user/group names, but not the ones we had set.
This happens only in subfolders of root shared folders. The root folder's permissions are right (not changed from original settings).
This is a VERY CRITICAL issue for at least two reasons:
1) access to documents is denied to users that should have it (they can't work!);
2) access to documents is granted to users that should not have it (privacy and intellectual property problems!!).
I'm very disappointed that QNAP is NOT ABLE to fix this KNOWN issue after so much time and that no people from QNAP is responding to this thread...

[ajft]

We've still got one of our boxes off the air with this after two weeks. Completely lost credibility with the customers and pretty much all faith in being able to use QNAP boxes with an AD.

No response from QNAP support other than to try restoring a previous idmap file (which didn't work) and a suggestion to "redo everything"

We'll be taking the box off line this evening and removing all rights then manually rebuilding the shares and rights one by one, the only reason we can't do this until now is some important work being done with access from local accounts.

[joshuabc]

Hi, my shop has experienced this issue on all four TS-859U+ units following routine AD server maintenance. Our domain never went down, but the pdc/domain master role was moved around as we rebooted AD servers one-by-one. This seems to have caused the QNAPs to lost AD connectivity.

Tech support never admitted that this is a known issue, though they did say upgrading to firmware 3.6.0 "might help".

The other symptom we are experiencing now is extreme slowness when trying to add users to the permissions list. Selecting 'Users' from the GUI menu seems to list all domain users just fine. Refreshing the list takes at most 20 seconds. But trying to list domain users/groups when clicking the 'Add' button under 'Share Folders' takes forever. Like 10 minutes!!

Is there any chance the new firmware will actually address these issues, or did I waste $18K on these boxes? As of now, they are 100% useless to me.

[stepozzi]

Hi, my shop has experienced this issue on all four TS-859U+ units following routine AD server maintenance. Our domain never went down, but the pdc/domain master role was moved around as we rebooted AD servers one-by-one. This seems to have caused the QNAPs to lost AD connectivity.

Yes, we have the same situation: our domain never went down, but the pdc/domain master role is moved around because we periodically shutdown one of the dc for backup purposes.
In this situations, sometimes, AD connectivity is lost and sub-folders permissions are "randomized" (luckly, root shared folders permissions are retained).
After manually rejoin the NAS to AD, subfolder permissions have a number instead of the username.
At this point I restore all subfolder permissions by checking "Apply and replace all existing permissions of this folder, files, and subfolders" on the root shared folders (one-by-one) and then all goes well for another week or two, then the problem again.

QNAP support remotely connected to my NAS but they didn't find any solution and they say they will work on the bug.
But, after a month, no news so far....

[ajft]

Hi, my shop has experienced this issue on all four TS-859U+ units following routine AD server maintenance. Our domain never went down, but the pdc/domain master role was moved around as we rebooted AD servers one-by-one. This seems to have caused the QNAPs to lost AD connectivity.

Yes, we have the same situation: our domain never went down, but the pdc/domain master role is moved around because we periodically shutdown one of the dc for backup purposes.

In this situations, sometimes, AD connectivity is lost and sub-folders permissions are "randomized" (luckly, root shared folders permissions are retained).
After manually rejoin the NAS to AD, subfolder permissions have a number instead of the username.
At this point I restore all subfolder permissions by checking "Apply and replace all existing permissions of this folder, files, and subfolders" on the root shared folders (one-by-one) and then all goes well for another week or two, then the problem again.

QNAP support remotely connected to my NAS but they didn't find any solution and they say they will work on the bug.
But, after a month, no news so far....

Does anyone know if firmware 3.6.1 has any fixes for this?

The release notes mention (rather cryptically) " [Web File Manager] If the NAS was joined to an AD domain, domain user groups became the local user groups in access right configuration of shared folders." as a major bug fix, but I'm not sure whether this is a fix to the underlying problem of the local QNAP UID/GID mappings to AD SIDs become broken, or just a display fix in the file manager to make sure it displays AD groups as AD groups and not as their mapped GIDs.

[stepozzi]

@ajft:
I installed firmware 3.6.1 one month ago and so far I haven't had the problem again...