QNAP NAS Community Forum

[Jassco]

Hi,

We noticed something really strange this monday on our TS-459U.

We use this NAS for the file sharing in our company since march of this year. We did connect it to our active directory without any problems. Everything was fine until a power outage over the last weekend, then the server had to be rebooted.

After that, I've noticed that all the groups and users in the Access Right Management > Share Folders were wrong. By "wrong", I mean that there was domain user or groups that were exchanged with other user or group from the AD.

I've then updated the server and redefined all the rights but I fear an other reboot now. Did you ever had such kind of issues before?

Thanks in advance for your advise!

[Jassco]

This appears when I reconnect the NAS to the Domain with other credentials too.

Is there anything that could be done in order to backup/restore the samba config?

Thanks in advance for your help.

Regards,
Marco

[onlyalex]

Hi mate

I have not heard of this issue in particular. However it does not sound good.
Often alot of time can be spent on configuring the different user/groups permissions on the shares of an AD joined Qnap device.

I have suggested an ACL backup setting of some kind. Vote an +1 and we might get heard
viewtopic.php?f=24&t=49894

Im not aware of any restore process of the missing ACL of today. But someone else might shine some light on this?
Cheers.

[Jassco]

Being able to backup/restore the ACL would be definitively a nice feature!

I spent hours last week to re-define the whole ACL...

[Eiswolf]

I am doing it right now... ;-/

[Jassco]

Mmmh,

I'll try to test the "getfacl -R > file.txt" command and re-set the ACL with setfacl.

Just be careful to not save those acl in the /tmp folder, as it is mounted as volatile file system and his maximal size is 32Mo. I've filled it yesterday and was it ran in many issues.

[onlyalex]

Don't forget to post your experience with the "getfacl -R" command. It's interesting but i dont have a test system setup to test it on, only live Prod systems so have to wait.
So any input are welcomed

Hearing more users that possibly losses the acl is frightning. That should NOT happen. And if there is a possibility having an manual backup could save days of work. I hope Qnap really implement this.

Cheers.

[Eiswolf]

Ok, it seems I do not get much further with the GUI. Setting file rights is awfully slow, but my Windows 2008 R2 is not able to set the rights properly, the always turn oout totally confused.

So, how do I get access to the files and functions you mention?

[jaysonr]

After a couple weeks with QNAP tech support, it seems this is a KNOWN ISSUE, even though I have not seen any information posted on this issue.

The NAS device does back up the ID mappings and allow you to restore (hopefully).

Please bug tech support about this, as this is a CRITICAL issue that they need to move up in their bug-fix queue!

[Jassco]

This is DEFINITIVELY a critical issue.

[eburley]

I just ran into this same issue after spending two days setting up all of our permissions.
I re-synced to the AD server, and all of the permission are now WRONG.
If I had know about this issue a week ago, I would have bought something else.

[Andrewchen]

after changing the domain security to "no domain security", and then back to "Active Directory authentication", the permissions set on the shared folders are cluttered.

[jaysonr]

Although not listed in the changelog, this issue seems to have been fixed in the newest release of the firmware. The tech support representative gave me instructions on how to restore saved IDs that are backed up weekly (supposedly). I ran the update just to find out that they are NOT, in fact, backed up weekly and my system had no ID backups.

Now I get to manually set permissions for My Docs redirection for 90 users.

Needless to say, with one of the upper-end products (TS-859U-RP+) failing in such a major way (we have 2 of them) and no fix being issued for two months, I will definitely be buying my next NAS devices from a different manufacturer.

[ajft]

Although not listed in the changelog, this issue seems to have been fixed in the newest release of the firmware. The tech support representative gave me instructions on how to restore saved IDs that are backed up weekly (supposedly). I ran the update just to find out that they are NOT, in fact, backed up weekly and my system had no ID backups.

Now I get to manually set permissions for My Docs redirection for 90 users.

Needless to say, with one of the upper-end products (TS-859U-RP+) failing in such a major way (we have 2 of them) and no fix being issued for two months, I will definitely be buying my next NAS devices from a different manufacturer.

Can you elaborate on "the newest release of the firmware". We've just been hit by this failure twice in the last four weeks -- 22-Dec-2011 and 14-Jan-2012, two TS-859U+ QNAPs now have their ID mappings completely screwed up and restoration from a previous idmap.dump file did nothing to help, if anything it has just resulted in even more confusion with GIDs mapping to AD groups that we know are incorrect, and most of the UID/GID values just appear as raw numbers in the web UI.

One of them is running 3.5.1 Build 1002T, the other 3.5.2 Build 1126T

[McFly]

Hi, I have the same issue, with a TS-859U-RP with fw 3.5.2.
Every time the QNAP looses the sync with the AD (for example due to a Domain Controller shutdown) the files/folder permissions get corrupted.

Here is my smb.conf global section:

Code: Select all

[global]
workgroup = TEKMAR
security = ADS
server string =
   encrypt passwords = Yes
username level = 0
   map to guest = Bad User
null passwords = yes
   max log size = 10
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=262144 SO_RCVBUF=131072
os level = 20
preferred master = no
   dns proxy = No
   smb passwd file=/etc/config/smbpasswd   
   username map = /etc/config/smbusers
   guest account = guest
   directory mask = 0777
   create mask = 0777
oplocks = yes
   locking = yes
   disable spoolss = yes
   load printers = no
dos charset = ASCII
display charset = UTF8
force directory security mode = 0000
veto files = /.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/.@__thumb/.@__desc/:2e*/
   delete veto files = yes
map archive = no
map system = no
map hidden = no
map read only = no
deadtime = 10
use sendfile = yes
case sensitive = auto
unix extensions = no
passdb backend = smbpasswd
store dos attributes = yes
min receivefile size = 4096
client ntlmv2 auth = yes
dos filetime resolution = no
domain master = auto
local master = no
wins support = no
lanman auth = no
ntlm auth = yes
inherit acls = yes
wide links = yes
realm = tekmar.local
password server = DC01-SERVER.tekmar.local
pam password change = yes
idmap uid = 30001-300000
idmap gid = 30001-300000
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 3600


The folder permissions change randomly and also the personal folders owners are completely messed. Moreover some permissions have a number (the UID I guess) instead of the username.

I really appreciate your help. Thank you.