Windows Shares - Domains/Trusts/etc

Questions about using Windows AD service.
Post Reply
New here
Posts: 2
Joined: Sat Apr 27, 2019 7:51 am

Windows Shares - Domains/Trusts/etc

Post by tstuart » Sat Apr 27, 2019 8:32 am

We have 3 different Qnaps in our building, all with the same issue. For the purpose of this question i'm going to stick to the following details:
Qnap - TS-853 Pro
Version -
We have 2 domains.
domain A - has servers and some workstations joined
Domain B - all user accounts exist here

There is a one way trust between A and B, so users from B can authenticate on devices joined to A but not the other way.

Windows Servers on DomainA have no issue sharing. Users from domainB are able to get to the shares and have permissions as configured using Explorer.
Any NAS joined to DomainA seems to be unable to allow this though.

On the NAS we create a new shared folder
Provide name, volue, path.
Privileges are just left default at this time - admin having read/write
Encryption - left off
Access Settings
Guest access - deny (have tried all options though)
Hid network drive - not checked
Lock files - checked(tried unchecked)
SMB encryption - unchecked
Previous versions and recycle bin are left on
All other settings left unchecked (defaults)

Advanced permissions on the NAS shared folders has both Enable advanced folder permissions and Enable windows ACL support checked.

From a windows PC, logged in with DomainB user I can see the share on the NAS. But when I try to open that share I get Access is denied. This does make sense, I haven't added any users/groups yet.
It's asking for credentials, so I put in the NAS local admin details. I'm able to open the share. Go to properties/security/edit. Add DomainB\Domain users and grant this Full Control.

Rebooted the windows PC, basically to ensure any cached credentials are cleared.
Again connect to NAS via Windows Explorer.
Double click the share and I'm STILL getting Access Denied.
This is where it's no longer making sense, I've granted Domain users full control so they should just get in.
As a test I even added DomainA\Domain users full control too. I then used a DomainA username and password to log into a PC and still getting access denied.
This makes me think I have something not configured properly, as even within it's own domain the domain authentication isn't working.
I tried moniting connection logs - when my domainB credentials are used I get a logged error, showing correct username and computername stating Login Fail.
When I tried my DomainA credentials nothing logs at all.
I have this same proplem on all Qnaps, and I'm sure there is something I'm missing, I just don't know what.
Any help is greatly appreciated!

Post Reply

Return to “Windows Domain & Active Directory”