user share problem


Recommended Posts

Hey Friendly Unraid users.

 

Iv owned unraid for many months now and have loved it, however i have been plagued since day one with a user share problem.

 

Im trying to setup user accounts to access Shares. I THINK i have all the settings correct and yet when windows asks me to login with username and password (type them in) and says i don't have access. If i make the setting as "Public" then everything works fine (i can see, copy, move, create files and folders no problem).

 

Here you can see i have made two accounts in unraid "guest" and "alex". For the sake of making things simple here, i have made the password "1234". Now i would think that when windows asks for the login and password (which it does) i would just be able to type the account info in and should allow access to the unraid server. The goal being i will make user accounts for people in the house AND have a guest account so when friends visit they have access to my movies/TV shows.

 

Running version: 5.0-rc11 Pro (Current Version) this is a fresh install no upgrading....

 

Well, i tried all.....

 

restarted server

restarted SMB

Renamed Workgroup to "WORKGROUP"

Created more users and tested

changed Passwords

Double checked the actual config file (attached)

 

If anything i explained needs more detail please let me know, i will change this post and also reply with a clarification.

Capture.GIF.ac9920c45702ce29632bd6271e850333.GIF

Capture1.GIF.b88ed57d9898c5f1798c2b9bbcd045d4.GIF

Capture2.GIF.b52d68ccb4e2478fb04c0c16c3b7e597.GIF

Link to comment

This is a known Windows "issue" that is really hard to explain, so for now I'll just tell you how to get around it.

 

What is the log-on name you use for your PC?  I'm going to bet it's not "alex".  Maybe it's "Alex" or "alex smith" or some other name entirely.  Whatever it is, create that same user in your unRaid server, and define whatever secure or private share access you want under that user name.  Then close all windows that might be connected to the server and either reboot the windows PC or open a command window and type "net use * /delete" command.

 

Now when you browse shares on the unRaid server it will work, except if the password you assigned when you created your unRaid user does not match your windows logon password, Windows will prompt you to enter the password (that you specified in the unRaid server).  If you use the same password in both places you will not get this prompt.

  • Like 1
  • Thanks 1
  • Upvote 1
Link to comment

I'm assuming your aware that this is NOT what is expected from Unraid user shares nor is making a user for EVERY computer name using the network practical.

 

With that said i appreciated the work around. I was aware of the "secure" mode in raid which from what your telling me works great.

 

As of now, traveling with my unraid box and allowing users to access certain data is not going to work with "secure" mode implemented. Getting everyone's computer names, typing them into unraid and setting up a share is not as easy as handing them a piece of paper with the words

 

Login: Guest

Password: 1234

 

I am curious if others have gotten this to work. If not, im wondering why Unraid would even add the "private" share mode in the first place.

 

If anyone else has more information please let me know. It would be really nice to know some of my data wont get accidently deleted from a public user/share

Link to comment

Login: Guest

Password: 1234

 

I am curious if others have gotten this to work. If not, im wondering why Unraid would even add the "private" share mode in the first place.

 

If anyone else has more information please let me know. It would be really nice to know some of my data wont get accidently deleted from a public user/share

I seem to vaguely remember that you can have a problem if the username used is not all lower case at the Linux level?

Link to comment

I'm assuming your aware that this is NOT what is expected from Unraid user shares nor is making a user for EVERY computer name using the network practical.

 

With that said i appreciated the work around. I was aware of the "secure" mode in raid which from what your telling me works great.

 

As of now, traveling with my unraid box and allowing users to access certain data is not going to work with "secure" mode implemented. Getting everyone's computer names, typing them into unraid and setting up a share is not as easy as handing them a piece of paper with the words

 

Login: Guest

Password: 1234

 

I am curious if others have gotten this to work. If not, im wondering why Unraid would even add the "private" share mode in the first place.

 

If anyone else has more information please let me know. It would be really nice to know some of my data wont get accidently deleted from a public user/share

 

It's not as bad as you are thinking it is.  You only need to add user names for those wanting access to Private shares or wanting write access to Secure shares, everyone else will have "guest" access (by "guest" I mean not as user name "guest" but anonymous access).  Actually it's better NOT to have a user name "guest" because that will confuse AFP when/if you use that (LOL that's another story).  Sorry, these are not unRaid-specific issues.

 

Ok, to be exact, you don't have to use your windows login name.  You can use any name that's defined on the unRaid side.  You just have to make sure that the very first access to any share on the server results in you correctly entering that user name/password in the dialog box.  Having done that once, your Windows PC will "remember" those credentials for future access to the same server and you won't have to enter the username/password again.

 

Let me give you an operational example.  Let's say your windows PC netbios name is "mypc" and your windows login name is "larry".  Further let's say your server netbios name is "tower" and you have a single user defined on unRaid side named "curly".  Now you open Network and click on "tower" and a window opens showing all the shares.

 

In this state, if you now click on a "public" share, what happens behind the scenes is windows tries to authenticate with the server as user "mypc\larry".  On unRaid side, samba (linux smb protocol module) will check if "larry" exists.  In this case no, so samba will check if user "mypc" exists, in this case also no.  So samba will now see that "guest" access is enabled for the server, so it will reply to Windows with "success" but on the samba side, will associate any further access with the "nobody" user on the linux side.  Meanwhile, Windows stores the fact that it successfully connected with user "mypc\larry" in its own credentials cache.

 

Now, after above, you click on a Private share where the only unRaid user with access is "curly".  Samba will see the request to the share as user "larry" and tell Windows that the connection is unauthorized (because larry is not in the list of users for the Private share).  Windows sees this and presents you with a username/password dialog box.  So you enter "curly" as the user.  But now Windows sees that you already have a connection to the server as user "larry" and it DOES NOT ALLOW multiple connections to the same server via different user names.  This is a well-known limitation/bug in Windows.  Some people get around it, e.g., by connecting to the sever using the IP address in order to fool windows into thinking it's a different server.

 

To get above to work, you would close any windows that might have a previous connection to the first public share, then open a command window and type "net use * /delete".  That command closes all current server connections.  Now click on your Private share and enter "curly" user name it will work this time.

 

Same scenario, but this time after opening Network and clicking on "tower" you happen to click on a Private share first.  You get the dialog box and login as "curly" and everything works.  Now you click on a Public share and it still works (because on unRaid side all user names are accepted for Public shares).  So you see the behavior can be quite different and confusing depending on what you click on after clicking on the server.

 

Now you also know why it's easier to just use the same user names.

  • Like 5
Link to comment

I have used every scenario Tom describes here, including referring to the server by IP to get a different login to my server.

 

I can confirm that it all works just as described for me.

 

It took a long time to figure out what was really happening, including looking at a lot of code in samba.  The windows "bug", imho, is that it should not offer a login username/password dialog prompt when a server returns an "unauthorized" error as a result of trying to browse a Private share; I don't know why Windows does this and you can make it happen with a windows server so it's not strictly a samba compatibility issue.

 

Here's another confusing behavior: Let's say your windows logon name is "larry" with password "1234" and you have created an unRaid user named "larry" with password "5678".  You next click on 'tower' and then click on a Public share - guess what? Windows will ask you to enter a password(!).  Why? Because on samba side, it sees that "larry" is a valid name, so it now tries to validate the password, which fails (the windows connection sends the user name "mypc\larry" along with your windows password which is encrypted).  It reports this failure to windows so windows ask you for your (unRaid-side) password which you have to enter correctly or no shares for you!

Link to comment

limetech,

 

Thanks a million for such a great post. I really mean that, im so happy to get a straight forward answer. So many times in forums other users start telling the OP to change a million settings without actually knowing whats REALLY going on behind the scenes.

 

If i might add.....this should be a sticky note. On a better note make its way into the wiki/documentation. It explains well why the "private" share in Unraid it not a working function for windows. There must be many customers trying to get this to work.....

Link to comment

As for the actual work around. Its a bummer that this doesnt work properly. Realistically telling a friend to open up the command line, type something in, then FIRST open up a certain folder is rough. However im not going to go as far to say, that this ruins Unraid: it still is a bummer. No one should really expect security at such a "home user" level however i was more going to use it so fellow friends can share music/movies/tv shows but protect preying eyes from regular personal documents. Also lets not forget preventing someone from "cutting" files instead of using the copy command ;)

 

:'( :'( :'( :'( :'( :'(

Link to comment

Not sure I understand your problem.

 

If you want guests to be able to read/write a share make it Public.

If you want guests to only be able to read a share make it Secure.

If you don't want guests to have any access to a share make it Private.

 

You can also make shares hidden so it can't be seen when you browse. The only way to get to these is to specify the path.

 

Are you anticipating guests accessing your server from:

One of your computers using your Windows user?

Using one of your computers using a separate Windows user?

Using their own computer using their own Windows user?

Some other scenario I haven't imagined?

 

Where is a workaround required?

 

 

 

Link to comment

If you want guests to be able to read/write a share make it Public.

If you want guests to only be able to read a share make it Secure.

If you don't want guests to have any access to a share make it Private.

In your scenario that would work perfectly. Your scenario is really based on folder permissions not by user authentication.  Unraid gives the option to add multi users with different levels of access (since learning about the issue, im using the word "option" loosely).  :)

 

The limitation in your point, is that there can be many users (as in physical people using the server) however only two options/folder views are applied to all physical users.

Happy to give an example if that helps.

 

simply put your confusing authentication vs authorization.

Link to comment

If you want guests to be able to read/write a share make it Public.

If you want guests to only be able to read a share make it Secure.

If you don't want guests to have any access to a share make it Private.

In your scenario that would work perfectly. Your scenario is really based on folder permissions not by user authentication.  Unraid gives the option to add multi users with different levels of access (since learning about the issue, im using the word "option" loosely).  :)

 

The limitation in your point, is that there can be many users (as in physical people using the server) however only two options/folder views are applied to all physical users.

Happy to give an example if that helps.

 

simply put your confusing authentication vs authorization.

 

Please provide an example because your use of terms "folder permission" and "authentication vs. authorization" are very confusing to me  :P

Link to comment

This is an excellent post, which solved my problem, same as the OP, which has puzzled me for so many months and with endless retried.

 

Thanks Tom for the clear explaination on what is happening between the windows and the unRAID when they shake hands. Now I can proceed with user share in a cool mind.

 

I agree this info should be visible in the unRAID manuel, as I assume many users get lost and frustrated as the OP and I did.

 

 

Sent from my iPad mini using Tapatalk HD

Link to comment
  • 4 months later...

This is so frustrating, ive been trying to access my server from windows and keep getting the "windows cannot access \\tower" message. I recently reformatted my laptop and I guess my user name has changed. Ive created a new user in unraid with the same name and having the same password (only in windows my user name is capitalized, since unraid wont let me create a user with a capital letter). Ive been trying for hours and I cant access it through windows to copy new items over. Ive almost given up.

 

Edit: Ive run the permissions tool, ive tried changing the name of the server, and Ive changed the smb permissions to private and let the users have read/write access. Im not sure how to proceed from here. My Apple tv with XBMC is able to access, along with my gf's Mac.

Link to comment
  • 1 month later...

This is a known Windows "issue" that is really hard to explain, so for now I'll just tell you how to get around it.

 

What is the log-on name you use for your PC?  I'm going to bet it's not "alex".  Maybe it's "Alex" or "alex smith" or some other name entirely.  Whatever it is, create that same user in your unRaid server, and define whatever secure or private share access you want under that user name.  Then close all windows that might be connected to the server and either reboot the windows PC or open a command window and type "net use * /delete" command.

 

Now when you browse shares on the unRaid server it will work, except if the password you assigned when you created your unRaid user does not match your windows logon password, Windows will prompt you to enter the password (that you specified in the unRaid server).  If you use the same password in both places you will not get this prompt.

 

Ok problem, how do I create a user when the first letter is a capitol letter for the username?

 

Oh8pLmX.png

Link to comment

Ok problem, how do I create a user when the first letter is a capitol letter for the username?

 

I would just try renaming the Windows username and certainly not have any spaces in it.

 

With Windows 8, that's a little more difficult :-/

 

EDIT: actually with windows 8 it was super easy.  I followed the guide here: http://www.thewindowsclub.com/user-account-name-change  and rebooted the PC, and everything fired right up after.

Link to comment
  • 2 months later...
  • 1 year later...

Though im a bit late here, can this work if the windows 8 user login is an email address?

Edit: Found it, just the first name.

 

Care to share where you found it? Im trying to log in to a private smb share using a windows 8.1 user '[email protected]'

I would like to avoid creating new users just for the sake of accessing a private share.

Is this possible?

 

Also, this is the only thread discussing this issue I have found.

 

Edit: Found a solution here: http://lime-technology.com/forum/index.php?topic=36787.msg341890#msg341890

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.