May 25, 200917 yr I have a AD setup. On the unRAID Settings tab, my AD initial owner is set my account and the AD initial group is set to "DOMAIN\unRAID Users". I set permissions in order on all folders where the owner is my account and the group is "DOMAIN\unRAID Users". All directory permissions are set to 775 and all file permissions are set to 644. When I use Explorer to browse to a file on the user share (e.g. \\tower\TV\Comedy\Saturday Night Live\s34e21), I can see the file I want to view (let say it's an .avi or .mkv file). If I double click it to launch Media Player, Media Player cannot play the file and unRAID magically changes the permissions on the folders so that I can no longer view the folders or files under TV\Comedy. Logging into the server, and doing an "ls -lR /mnt/user/TV/Comedy", I see the folder permissions on TV/Comedy, TV/Comedy/Saturday Night Live, and TV/Comedy/Saturday Night Live/s34e21 and are now 644 and the group is now "DOMAIN\domain users". If I use chown and chmod to reset the permissions back to 775, I still cannot access those folders after that (even though they do not change again upon re-attempted access via Explorer at that time). Accessing via disk shares (e.g. \\tower\disk1\TV\Comedy ... ) works fine. Edit: I did a chmod -R 775 on /mnt/user/* and rebooted the unRAID server and the problem seems to have cleared up.
May 27, 200917 yr Author One other note... I did see the issue reoccur, so I know there's a problem here somewhere... it's just not trivially reproducible.
May 29, 200917 yr I'm having a similar problem with Beta 6. I haven't troubleshot it as much as Nyago123, but I did the permissions thing. Got access to my files. Next day, access gone again. I've had to turn Active Directory support off for the moment so that we can continue to access files. Hope we have a solution soon--I really want AD! Tony
July 22, 200916 yr I'd like to push this thread up - because me too tried AD-security without success (wastn't able to join the domain) and went back to simple security for the time now. I definately need only readaccess for common users, restricted access for some shares for the kids and full access for the admin. Anybody with a successful config in use? Or do I need to wait for next beta? Thanks, Guzzi PS: log shows: Jul 22 21:28:04 XMS-GMI-02 emhttp: shcmd (214): /usr/bin/net ads join -U "Administrator"%"*****" 2>&1 | logger Jul 22 21:28:04 XMS-GMI-02 logger: realm must be set in in /etc/samba/smb.conf for ADS join to succeed. Jul 22 21:28:04 XMS-GMI-02 logger: Invalid configuration. Exiting.... Jul 22 21:28:04 XMS-GMI-02 logger: Failed to join domain: Invalid parameter Jul 22 21:28:05 XMS-GMI-02 emhttp: shcmd (215): /usr/bin/net ads testjoin -P >/dev/null 2>&1 Jul 22 21:28:05 XMS-GMI-02 emhttp: _shcmd: shcmd (215): exit status: -1
July 23, 200916 yr Author Hi Guzzi, My AD works with caveats: 1. I created a domain admin login account with a password where neither contained any special characters or spaces which is exclusively for unRAID use. Some of the early issues involving this may have been fixed but I'm sticking with this for now. 2. On the Shares page, I did set my own account and a group I created as the AD initial owner and the AD initial group. I continue to see the aforementioned bug where security changes spontaneously when browsing on whole directory trees in /mnt/user. What I notice is that the permissions go to 644 and the group becomes "domain users" instead of what I've specified as the AD initial group on the Shares page. This tells me "domain users" is hard-coded in somewhere or is in some config file from prior use. When this happens, I just go do a chmod -R 775 directory and a chown -R "<user>:<group>" directory to fix it in /mnt/user. I do notice I have both a /mnt/user and a /mnt/user0. I don't know what they are both for.
July 23, 200916 yr Hi Guzzi, My AD works with caveats: 1. I created a domain admin login account with a password where neither contained any special characters or spaces which is exclusively for unRAID use. Some of the early issues involving this may have been fixed but I'm sticking with this for now. 2. On the Shares page, I did set my own account and a group I created as the AD initial owner and the AD initial group. I continue to see the aforementioned bug where security changes spontaneously when browsing on whole directory trees in /mnt/user. What I notice is that the permissions go to 644 and the group becomes "domain users" instead of what I've specified as the AD initial group on the Shares page. This tells me "domain users" is hard-coded in somewhere or is in some config file from prior use. When this happens, I just go do a chmod -R 775 directory and a chown -R "<user>:<group>" directory to fix it in /mnt/user. I do notice I have both a /mnt/user and a /mnt/user0. I don't know what they are both for. Hi Nyago, thanks for your help offered, but I think I am too far away from linux to deal with permissionsets etc. - if Tom is aware of this problem I hope for a fix from his side for the next release. I have now changed to user security for the time it takes - took me quite some time to figure out that no capital letters are allowed .... /mnt/user0 is afaik the same as user and used internally if you have configured a cache disk. I also use hidden shares for smb-extra.conf - I have my root share in there. Anybody know the securitysettings for this share (that allows access to averything and is not configurable in the webGUI)? Guzzi
Archived
This topic is now archived and is closed to further replies.