RAINMAN Posted March 1, 2016 Share Posted March 1, 2016 I added unraid to my domain to handle permissions. I some of the groups I created had the user "Guest" in them. I thought this would give users who are not part of the domain read only access but as soon as I type in \\tower I get a prompt to enter a username/password. if I type anything in there that is not part of the domain it doesn't allow a connection. If I type a domain account it works fine. I was hoping I could grant non-domain users limited access. Is this possible? Here is an example of my permissions. This is what happens if I try and access that folder with a PC that is not on the domain. If I enter DOMAIN\user it works. But thats besides the point because i want all guests to the network to access some of the folders. Quote Link to comment
Bjonness406 Posted March 1, 2016 Share Posted March 1, 2016 Error: Image Not Available Quote Link to comment
RAINMAN Posted March 1, 2016 Author Share Posted March 1, 2016 Sorry about that. Fixed now. Quote Link to comment
RAINMAN Posted March 1, 2016 Author Share Posted March 1, 2016 I tried creating a Group Policy for the fileserver then rebooted the fileserver but didnt make any difference that I can see. Quote Link to comment
ashman70 Posted March 1, 2016 Share Posted March 1, 2016 What is the unraid server pointed to for DNS? Does the UnRaid host show up in your AD DNS servers? Quote Link to comment
RAINMAN Posted March 1, 2016 Author Share Posted March 1, 2016 I had manually entered it in my DNS server. I have no problems resolving fileserver -> 192.168.254.3 Quote Link to comment
ashman70 Posted March 1, 2016 Share Posted March 1, 2016 I'm not familiar with the process of adding an Unraid server to AD, I haven't done it myself, perhaps others who have can help? Quote Link to comment
RAINMAN Posted March 1, 2016 Author Share Posted March 1, 2016 Thanks for your help. I'm sure others have done it. I can't be the only one that wants non-domain users connecting to their unraid shared folders. Quote Link to comment
RAINMAN Posted March 2, 2016 Author Share Posted March 2, 2016 I managed to solve this myself after some deep diving into how samba and active directory work. Basically, none of the group policies set in server 2012 will affect the linux box. I removed all these that I was trying. What needs to be done is enable guest access via the samba configuration. In console I added nano /boot/config/smb-extra.conf map to guest = Bad User usershare allow guests = yes guest ok = yes guest account = user Restart samba /etc/rc.d/rc.samba restart When setting permissions for each folder adjust "Everyone" if you want guests to access or not. Its a bit annoying that I can't just add the "Guest" account to the groups I created but this is functional at least. I also noticed that this affects the top level share but all the files and folders within a share have the owner of nobody so if I give them read only access to the top level share they get fill access to all files below. After I finish setting top level permissions I will have to change all the ownership permissions of all files/folders to my domain admin. I would have thought unraid would have set that when it joined the domain?? Is this a bug it didn't change these permissions from nobody to what I set in "AD initial owner"? I'm not sure this is the best process but anyone have any suggestions for a better/easier way? Edit: I changed guest account = user from guest account = nobody because nobody already had RW permissions on all files and I couldn't find an easy way to remove this. The user account had RO permissions only from when I used it before active directory. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.