B Train
-
Posts
30 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by B Train
-
-
On 6/25/2021 at 9:14 AM, Frank1940 said:
The attachment in this post is a joint effort between @Batter Pudding and myself. @Batter Pudding supplied much of the technical part of the Attached Document and I provide most of the background information.
What we are attempting to do is to show that it is easy to actually use Unraid with all of the security features that Microsoft has incorporated into Windows 10. What many of us have been doing (myself included) is to reverse those enhancements to security and use our Unraid network in what is basically a 2010 security environment.
@limetechhas announced in the release thread for version 6.9.2 that they are about to increase security on Unraid in future releases.
Unfortunately, this list is going to impact a lot of current Unraid users as many have setup their Unraid servers and networking to use these very features. Each user will have two choices. Either embrace security or spend time to undo each new security addition that either LimeTech or MS adds in their updates. If you decide to continue to bypass security, just realize that the number of folks prepared to assist you with any problems doing this will probably decline as more folks adopt increased security as a necessity.
In some cases, this is going to present some difficult decisions. For example, I have an old Netgear NTV-550 set top media player (last firmware/software update was in early 2011) that only supports SMBv1 or NFS. Do I open up a security hole to use a well-functioning piece of equipment or do I replace it? (The choice, obviously, is one that only I can make...)
Two Important things!
- Do not post up any problems that you have with networking between Windows 10 and Unraid in this thread! Start a new thread in the General Support forum.
- Please don’t tell us that there is another way to do something and that we should change our recommendation to employ that method. If you feel you have a better way, you are encouraged to write it up in detail and post it in this thread pointing out the advantages of your way. (One well regarded Windows 10 networking book has over 400 pages in it. Our document is 16 pages long…)
EDIT: November 30, 2021.
Recently, something has come to my attention about Unraid and SMB. There have been incidences where access to Unraid shares is restricted or blocked completely from users who should have access to it. What has been found in these cases is that a feature, has been enable on the Unraid side, called Access Control Lists (ACL for short). This will show up as an ‘+’ at the end of the Linux permissions. See the screen capture below:
Note that the ‘+’ is also on the file as well as the share/directory. ACL changes the way that Linux is going to control access to these resources. After some research, I found out that Windows has used ACL for a long time. The SAMBA group has added ACL into its version of SMB. Unraid does not use ACL in its security scheme.
At the present time, I can think of only one way that a ACL could be found on any Unraid server. It was done by a Windows user who was trying to change how SMB worked by applying Windows security features to an Unraid share by changing the default Security settings. (Basically, right-clicking on the Share in Windows Explorer, selecting ‘Properties’, then the ‘Security’ tab and working from there.)
The point I am making is that you can’t fix a share access problem by trying to change a Unraid share security using Windows security tools on that share. If you try, you will probably make things worst! (Unless you are a Windows SMB Networking Guru…) It is important to realize that if you are denied permission to an Unraid share resource, the problem can only be fixed on the Unraid side using the Tools in the Unraid GUI (or via the command line for specific problems).
If you are having an access problem to a Unraid share and can’t solve it with the tools in the GUI, start a thread in the General Support sub-forum and let the community help you fix it.
After reading this post, which Frank1940 (OP) so kindly provided, I have the following comments:
*Ensure to download and read the PDF provided by OP
*Consider that I am a regular computer user only, no professional experience using computers.
#1 Most important: you will not be able to follow this in Windows 10 Home due to lacking access to 'AllowInnsecureGuestAuth'.
#2 I borrowed a Windows 10 Pro computer a few hours ago to be able to edit 'AllowInnsecureGuestAuth'.
#3 I have progressed after many hours of exploration from getting the dreaded "0x80070035... Windows cannot access...' to a a screen that requests my credentials for 'root' user, even though I set up the windows credential to be a different user (lets call that user 'BTrain').
#4 Setting up the credentials on the PDF provided by OP is very finicky. You have to use the name of the Unraid Server and shares (in my case 'Tower' and 'TEST' respectively) as such: '//Tower/TEST' but when trying to map the drive only the IP number will work (192.168.x.xxx). This will take you to where I am now stuck: the prompt where a password for 'root' is requested.
#5 If I try to enter my password for the root client the program takes me back to another error.
#6 If I try to enter my password for the BTrain user, I am sent back to error 0x80070035.
Are you guys sure UnRaid is the most beginner friendly NAS? LOL.
-
On 10/25/2020 at 11:47 AM, cbr600ds2 said:
I don't have the setting AllowInnsecureGuestAuth. It won't break if I manually add it in or... I don't want to change to much because it works fine from my laptop. I just want to be able to do stuff on my new desktop. Is it because this version of Windows isn't registered (yet?)
Feedback for those who cannot find ' AllowInnsecureGuestAuth':
You will only find this setting on Windows 10 Pro.
I have no idea how to make it this setting appear or work on Windows 10 Home.
-
16 hours ago, Frank1940 said:
Might I suggest that you consider not trying to turn off SMB security settings. Instead, setup Unraid and your Windows computers in a secure manner. It is a bit of a hassle to do the first time but it should only be a one time event. Basically, what you are trying to do is to run SMB using security features that might have been satisfactory for 2010. MS occasionally updates SMB security and its settings in its Monthly updates and these updates can break systems that try to defeat them.
See here for how to do this:
https://forums.unraid.net/topic/110580-security-is-not-a-dirty-word-unraid-windows-10-smb-setup/
Thanks for responding.
I have tried everything on your forum for the last two weeks.
I got UnRaid with the impression that it was the most user friendly program for a 'NAS'.
Now I am 60hrs deep into this frustrating rabbit hole and I have no idea where I am going.
I have read the sticky and followed the instruction on my two PCs and laptop to no avail.
I am not a computer savvy guy and I cannot even make heads or tails about what is 'SAMBA', '110580', Windows Versions, Registry edits plus all the unraid management mentioned out there.
This product is not even remotely user friendly for those using Windows 10 (is that not like 99% of all computer users in the world?). Do I need to be an advanced IT professional to use this stuff? What is your target demographic even?
At this point I am trying to figure out if learning to use Ubuntu might yield better results and try to access the Unraid server from there. Any solutions besides using Windows 10 + Unraid are very welcome. I am honestly tired of trying to make this work.
Edit: The thread that you are referring me to literally leads me to a PDF that leads me to the same problem I posted about. After following the PDF I am back to the same problem: I cannot double-click on AllowInsecureGuestAuth because it does not exist.
What you are suggesting is 'not trying to turn off SMB security settings'. Does that mean following 'Case 2' or 'Case 3' on pg16 of the paper attached on the thread?
-
On 9/16/2020 at 11:23 AM, UnBeastRaid said:
This information is GOLD:
1. Open the registry editor and go to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
2. Double-click on AllowInsecureGuestAuth
3. Under "Value data:", change it from 0 to 1
Helped me solve a two week issue trying to access my network shares.
Thank you
Tried this. Could not find the 'AllowInsecureGuestAuth:
Security Is Not a Dirty Word: Unraid & Windows 10/11 SMB Setup
in General
Posted · Edited by B Train
Well dear unRaid community; I solved my problem and it is something no one thought of telling me.
It is time for me to swallow my pride, tell everyone of my stupidity an contribute one more fix to the dreaded '0x80070035 error':
Solution:
Microsoft does not find a drive if it is set as INVISIBLE on your unRaid share.
Go to your unRaid setup page, under the share tab look for the setting 'Export' and read the description. Set it up to 'Yes'.
Thank you for your guidance, Frank1940, and to the unRaid community across multiple platforms (fb, reddit, youtube) for answering my stubborn and incessant questions. At least I gained quite an understanding of a lot of inner workings for this software.
Do not hesitate to PM me to ask for assistance.