We have 3 different Qnaps in our building, all with the same issue. For the purpose of this question i'm going to stick to the following details:
Qnap - TS-853 Pro
Version - 4.3.6.0895
We have 2 domains.
domain A - has servers and some workstations joined
Domain B - all user accounts exist here
There is a one way trust between A and B, so users from B can authenticate on devices joined to A but not the other way.
Windows Servers on DomainA have no issue sharing. Users from domainB are able to get to the shares and have permissions as configured using Explorer.
Any NAS joined to DomainA seems to be unable to allow this though.
On the NAS we create a new shared folder
Provide name, volue, path.
Privileges are just left default at this time - admin having read/write
Encryption - left off
Access Settings
Guest access - deny (have tried all options though)
Hid network drive - not checked
Lock files - checked(tried unchecked)
SMB encryption - unchecked
Previous versions and recycle bin are left on
All other settings left unchecked (defaults)
Advanced permissions on the NAS shared folders has both Enable advanced folder permissions and Enable windows ACL support checked.
From a windows PC, logged in with DomainB user I can see the share on the NAS. But when I try to open that share I get Access is denied. This does make sense, I haven't added any users/groups yet.
It's asking for credentials, so I put in the NAS local admin details. I'm able to open the share. Go to properties/security/edit. Add DomainB\Domain users and grant this Full Control.
Rebooted the windows PC, basically to ensure any cached credentials are cleared.
Again connect to NAS via Windows Explorer.
Double click the share and I'm STILL getting Access Denied.
This is where it's no longer making sense, I've granted Domain users full control so they should just get in.
As a test I even added DomainA\Domain users full control too. I then used a DomainA username and password to log into a PC and still getting access denied.
This makes me think I have something not configured properly, as even within it's own domain the domain authentication isn't working.
I tried moniting connection logs - when my domainB credentials are used I get a logged error, showing correct username and computername stating Login Fail.
When I tried my DomainA credentials nothing logs at all.
I have this same proplem on all Qnaps, and I'm sure there is something I'm missing, I just don't know what.
Any help is greatly appreciated!
Windows Shares - Domains/Trusts/etc
Questions about using Windows AD service.
Return to “Windows Domain & Active Directory”
Jump to
- QNAP General
- ↳ Announcements
- ↳ Features Wanted
- ↳ Users' Corner
- ↳ Official Apps
- ↳ Prestashop
- ↳ Webalizer
- ↳ Virtualization Station
- ↳ Notes Station
- ↳ SocialLink Station
- ↳ McAfee Antivirus
- ↳ IT Management Station
- ↳ Container Station
- ↳ Qsirch & Qfiling
- ↳ Community Apps
- ↳ Apps Wanted
- ↳ Partner Apps
- ↳ BitTorrent Sync
- ↳ EZPhone
- ↳ Plex Media Server
- ↳ Ragic
- ↳ Tonido
- Getting Started
- ↳ Frequently Asked Questions
- ↳ Presales
- ↳ Turbo Station Installation & Setup
- General
- ↳ Hardware & Software Compatibility
- ↳ HDD Spin Down (HDD Standby)
- ↳ Seagate Drive Discussion
- ↳ Western Digital Drive Discussion
- ↳ File Sharing
- ↳ Mac OS
- ↳ Linux & Unix (NFS)
- ↳ Windows
- ↳ Backup & Restore
- ↳ Symform
- ↳ Microsoft Azure
- ↳ OpenStack Swift
- ↳ Amazon Glacier
- ↳ Amazon S3
- ↳ WebDAV-based Backup
- ↳ Google Cloud Storage
- ↳ Object Storage Server
- ↳ ElephantDrive
- ↳ Xopero
- ↳ System & Disk Volume Management
- ↳ Web Server & Applications (Apache + PHP + MySQL / SQLite)
- ↳ Download Station and QGet
- ↳ myQNAPcloud service
- ↳ Surveillance Solution
- ↳ Miscellaneous
- ↳ QIoT
- ↳ QuAI
- ↳ QVR Face
- Business
- ↳ Windows Domain & Active Directory
- ↳ iSCSI – Target & Virtual Disk
- ↳ Remote Replication/ Disaster Recovery
- ↳ Server Virtualization & Clustering
- ↳ NAS Management
- ↳ QES Operating System (QNAP Enterprise Storage OS)
- Multimedia
- ↳ Photo Station, Music Station, Video Station
- ↳ Media Streaming
- ↳ Mobile Devices