I am running a QNAP TS-459 Pro+ with Firmware Version 4.2.6 (latest). As our business grew, we moved the QNAP into a small active directory running on Windows Server 2016. Before the QNAP was in Server 2012 R2 AD but just a few computers used it. Now, as I moved all user accounts into the domain, I encounter random access denials, which I might explain like this:
Lets say, there is User 1, User 2, User 3 and User 4. Then there is Group A, Group B and Group C. All of the users are in Group A, User 1 and 2 are also in Group B, User 3 and 4 are also in Group C.
I have just two shares (home-Folders and a share called "Files", advanced permissions enable, ACL disabled.) and every computer mounts the share "Files". Inside "Files" is Folder A, Folder B and Folder C. To manage it, I put R/W-Access to Folder A for Group A, R/W-Access to Folder B to Group B and so on. The permission for the Files share itself is allowed for the Domain-Users-Group and they all can open the share. Guest access is denied, also the local admin from the NAS has full R/W-access to everything.
User 1 should be able to access Folder A and Folder B. But access is denied for Folder A, while Folder B works.
User 2 has access to Folder A Folder B doesnt work.
User 3 can't access anything
User 4 can just access Folder C.
In fact, there are more users and it is totally random. What I found out so far: It is not related to from where or what computer you access as its same for private laptop by VPN or business-computer at work. It is absolutely random on random users and random groups.
What I did so far:
- Tried to search on google and forums for about an hour without success (kind of similar unsolved problems exist)
- Rebooted everything multiple times
- Removed all access rights and put them there again
- Firmware upgrade to the latest firmware
- Removed QNAP from domain, rejoined it, put all access again
- Set the windows credentials manually in the windows credential manager
- Deleted the groups on the domain controller, put up new gropus
- Rebooted everything (already said that, but I really rebooted everything dozens of times)
- Mailed support, no answer yet
So far I did not try to activate ACL on the share as I saw no advantage yet. Could this solve it?
I would aprechiate every help or troubleshooting hints very much.