[AD] Non-domain users cannot access unraid shares? Any way around this?

[RAINMAN]

I added unraid to my domain to handle permissions.  I some of the groups I created had the user "Guest" in them.  I thought this would give users who are not part of the domain read only access but as soon as I type in \\tower I get a prompt to enter a username/password.  if I type anything in there that is not part of the domain it doesn't allow a connection.  If I type a domain account it works fine.  I was hoping I could grant non-domain users limited access.  Is this possible? 

 

Here is an example of my permissions.

 

 

This is what happens if I try and access that folder with a PC that is not on the domain.  If I enter DOMAIN\user it works.  But thats besides the point because i want all guests to the network to access some of the folders.

[Bjonness406]

Error: Image Not Available

[RAINMAN]

Sorry about that.  Fixed now.

[RAINMAN]

I tried creating a Group Policy for the fileserver then rebooted the fileserver but didnt make any difference that I can see.

 

 

[ashman70]

What is the unraid server pointed to for DNS? Does the UnRaid host show up in your AD DNS servers?

[RAINMAN]

I had manually entered it in my DNS server.  I have no problems resolving fileserver -> 192.168.254.3

[ashman70]

I'm not familiar with the process of adding an Unraid server to AD, I haven't done it myself, perhaps others who have can help?

[RAINMAN]

Thanks for your help.  I'm sure others have done it.  I can't be the only one that wants non-domain users connecting to their unraid shared folders.

[RAINMAN]

I managed to solve this myself after some deep diving into how samba and active directory work.

 

Basically, none of the group policies set in server 2012 will affect the linux box.  I removed all these that I was trying.

 

What needs to be done is enable guest access via the samba configuration.

 

In console I added

 

nano /boot/config/smb-extra.conf

 

map to guest = Bad User
usershare allow guests = yes
guest ok = yes
guest account = user

 

Restart samba

 

/etc/rc.d/rc.samba restart

 

When setting permissions for each folder adjust "Everyone" if you want guests to access or not.  Its a bit annoying that I can't just add the "Guest" account to the groups I created but this is functional at least.

 

I also noticed that this affects the top level share but all the files and folders within a share have the owner of nobody so if I give them read only access to the top level share they get fill access to all files below.  After I finish setting top level permissions I will have to change all the ownership permissions of all files/folders to my domain admin. 

 

I would have thought unraid would have set that when it joined the domain??  Is this a bug it didn't change these permissions from nobody to what I set in "AD initial owner"?

 

I'm not sure this is the best process but anyone have any suggestions for a better/easier way?

 

Edit: I changed guest account = user from guest account = nobody because nobody already had RW permissions on all files and I couldn't find an easy way to remove this.  The user account had RO permissions only from when I used it before active directory.