Hi everybody,
I have a TS-873 (Firmware version 4.3.6.0805 Build 20181228) and an Active Directory with 2 domain controllers (2012 and 2012R2).
I have transferred all my data to the QNAP and would like to switch over to using it instead of using the Windows fileserver.
Unfortunately I'm getting a lot of very weird permission issues.
My personal account is in the Domain-Admins group which has access to practically everything. I can access all shares of the QNAP which I expect to have access to.
Unfortunately "regular" users don't. Let's take the share "Transfer" as an easy example because practically everybody with an account should have full control over it. I've created a test user with the usual user permissions so I can reproduce the behaviour.
1. If I try to access shares with it that user is supposed to have access to I receive:
Windows cannot access \\fileserver1\Transfer
You do not have permission to access \\fileserver1\Transfer. Contact your network administrator to request access.
2. If I try to access a share with it to which it should indeed not have access to they receive a prompt for username and password instead of the above message.
Even after I explicitely granted access for that specific user to the Transfer share in the QNAP's webadmin (so not only inherited through group memberships) this behaviour doesn't change.
I've checked the effective permissions tab from a working (admin) domain user: The user should have full control.
My first intuition was that admin users in my setup bypass all obstacles by some magic settings. To verify that thesis I put the above user in the domain-admin group as well. I logged off and on again and verified that membership changes was replicated everywhere, including the QNAP. But for some reason I still get the permission issues described above.
BUT and now comes the very weird part: While that user is admin it can mount the share from a Linux system, but not from Windows. Also I've observed I with my admin account couldn't write into a certain (different) folder from ES file explorer on Android, but could very much do so from Windows (same share, same user).
Does anybody have an idea what this strange behaviour might be about?
I've found viewtopic.php?t=71915 , but it is from quite a while ago. In addition all users mentioned (including my test user) had existed before joining the QNAP into the domain.
Weird permission denied issue
-
Jens2
- Starting out
- Posts: 33
- Joined: Wed Jan 30, 2013 4:02 pm
Weird permission denied issue
You do not have the required permissions to view the files attached to this post.
-
Jens2
- Starting out
- Posts: 33
- Joined: Wed Jan 30, 2013 4:02 pm
Re: Weird permission denied issue
I've figured it out:
I have all the different shares and the appropriate permissions. In retrospect those as well as their filesystem folders are set correctly.
The reason for them not working: I also have a share for the top level folder in that storage space from which I populated the filesystem. And if that top share doesn't include a certain user or group you can set in subfolders whatever you like - it won't work.
I was used to working with this as admin. For me it basically is what the administrative shares from the Windows server environment used to be.
I have all the different shares and the appropriate permissions. In retrospect those as well as their filesystem folders are set correctly.
The reason for them not working: I also have a share for the top level folder in that storage space from which I populated the filesystem. And if that top share doesn't include a certain user or group you can set in subfolders whatever you like - it won't work.
I was used to working with this as admin. For me it basically is what the administrative shares from the Windows server environment used to be.