February 4, 201511 yr unRAID OS Version: 6.0-beta12 Description: there is no location in the web gui to manage share settings (public / private / hidden) for either the flash driver or the disks. How to reproduce: This is the only way I've seen it! Install b12 (and AD integrate) Expected results: Control in the webgui to manage shares, like in previous betas Actual results: Per description, no gui location to manage the security that I can see Other information: Active directory integrated mode is enabled, and working (very well) Can manage via /boot/config/disk.cfg but need to either reboot or stop and restart the array using the GUI (disclaimer: I could be being blind)
February 4, 201511 yr I can set those settings by going clicking on the drive in the Main tab (or Main/CacheDrive for the cache drive() and then from there selecting the SMB Security tab. I am not running Active Directory, but I would not think that was relevant?
February 4, 201511 yr Active Directory actually IS relevant. I've been frustrated enough by AD integration that I've reverted back to Workgroup.
February 4, 201511 yr Not the first time Schar reported it. (http://lime-technology.com/forum/index.php?topic=37428.msg346428#msg346428) While its not a show stopper, you really shouldn't have to manually edit the flash.cfg file
February 5, 201511 yr Author Yeah sorry for the second post, figured it was better in Defect Reports with a bit more info. Posted screenshots this time. Re: AD - interestingly my server unjoined itself, when I rejoined I couldn't authenticate against the server. Until I connected to the IPC$ share on the UNRAID server and it all sprung back to life (via Computer Management to see the shares. Was weird. I even tried fiddling with client network security policy in Win8.1 for a bit but that didn't seem to help. Happy to share if people want some information - trial and error has it so that my kids can no longer delete files Easiest way to manage security and groups once you are in is to use explorer advanced security settings to set up proper inherited permissions against groups (found that easier than facl). And the best place to do this was against the (hidden!) disk1 & disk2 shares.
February 5, 201511 yr I can set those settings by going clicking on the drive in the Main tab (or Main/CacheDrive for the cache drive() and then from there selecting the SMB Security tab. I am not running Active Directory, but I would not think that was relevant? Yes this is my experience as well. Perhaps this issue only affects Active Directory?
May 1, 201511 yr The display of the share settings is conditional, it checks for $var['shareSMBEnabled']=='yes', when AD is activated the value however is ads causing the non-display. Don't know if this intentional, LT has to answer and may need to correct the conditional statement.
June 10, 201511 yr Author Just reporting that this issue is still there in rc5. Although it appears to have re-surfaced for the Flash drive (so partially fixed). For clarity, the attached screenshot (flash settings) is what I'm expecting - the ability to control the disk shares via the GUI. Understood that this may not link into AD permissions but that should be acceptable to most! Thanks!
June 10, 201511 yr Ok we need to set up another AD DC config and run through all our testing, but enabling AD changes things for SMB: - users configured on the Users page are not relevant at all. - the 'unraid security model' (public/secure/private shaes) is not relevant either. In AD mode all permissions having to do with shares via SMB is handled via usual AD mechanisms, e.g., defining access on a per share/directory basis. The intent with AD was that SMB would be the only enabled network protocol. The only reason you would use the Users page would be to set a 'root' password which is only used with webGui/console login. The original idea was there would be two "modes": 1. Normal mode: SMB workgroup, AFP, NFS common set of user permissions, and 2. AD mode: only SMB enabled, no users defined on the unraid server. As things progressed we ended up having separate sets of users permissions for each protocol. For example you can have a user named "larry" that has r/w access via SMB to a share, but RO access to same share via AFP. Also you could have SMB setup in AD mode, yet still have users access those same shares via AFP or NFS. I think this is undesirable and is something we plan to simplify post 6.0 'stable'. Hope this make sense
June 11, 201511 yr Author Perfectly thanks. I had thought about asking for AD style permissions on the diskX shares (as well as a name) - that would truly rock. I could expose them as \\tower\disk01$ and lock it down to Domain (or Storage) Administrators. As part of this I'd expect that this was the only access mode via share. If that is possible then superb! Not sure how that would apply to flash or cache? As background: I've never created users in UNRAID. And only ever used SMB. My v5 server I use in public workgroup mode; my v6 server I run in AD integrated mode (mostly as I could never get v5 security to work for whatever reason; I never went back after getting my v6 server going as I will upgrade the v5 machine once v6 goes gold). My desired future state is AD integrated. Thanks for the update!
June 13, 201511 yr Author 2008R2 Functional level, mix of 2008R2 and 2012R2 DCs. Just standard, no need for Enterprise here. Will be upgrading to 2012R2 functional level once I rebuild my hyper-V server in the next month or so (which will be DataCentre edition I think). Clients are all Win7 or Win8.1 (for another month, then 10). Everything is fully patched.
Archived
This topic is now archived and is closed to further replies.