Active Directory permissions and EX4100 private shares

I have recently setup a new EX4100 and used the Active Directory wizard to get it setup on a small office domain. When i add the share and make it private, I give users access read/write permissons using the users active directory name that was shown in the ex4100’s configuration. I can see the folder on the network, but when I attempt to map a drive using windows server 2008 mapped drive service. I am asked for credentials, which I would think they are looking NTFS permissions since the users are apart of active directory and the device. Everytime I enter the users active directory user id and password the login fails, but when I make a user that only resides on the device they have no issues.

Is this device not capabile of mapping drives using active directory user id and password?




Does this happen with all the different users or just a few ? The credential used to access the shares are the same as the active directory.

This only happens to people that come from active directory, if it is a user created by the WD device they can access. When I create a share in the dashboard I make it private and give the users permissions i want to access the share. Users created in the dashboard can access, users from active directory keeps giving me access denied even though i know the user id and password are correct. If i make it public no one has issues accessing the folder.

What exactly does active directory do for you with this device? The only thing I have found is that you can login with an active directory user.

Can you tell me what kind of file system WD uses for their devices?

The way I dealt with it is to create an iscsi target on the EX2100, connect it to the windows server using the iscsi initiator in control panel.  Once it’s connected you can assigned  a drive letter and share it (with permissions) as you would any other share on the server.  The nice thing is you can also back it up as you would any other drive on the server.

dwd0219 - 

The EX4100 is using an EXT4 file system with SMB 4.0.???.  However, they’re using BusyBox under the hood, and that makes things much more interesting when it comes to the SMB config.  If you go and edit the SMB.conf file manually (SSH & VI), then those changes will be lost and overwritten with the default by a restart of the NAS and possibly an update/change made in the Shares Web GUI.

Hope this helps!

I’m running into this exact problem and while creating local users works, it defeats the purpose of joining this device to leverage an AD infrastructure.  And with this being not functional, this also defeats the purpose of advertising this product to the SMB market that use Windows for an infrastructure.

I hope they address this issue rather quickly.  

Is there a resolution to this yet? I’d like to use AD authentication with this device. A private share set up with a domain user to have read/write access prompts the domain user for credentials, and then doesn’t allow the user access when credentials are provided. so weird.

I know this is old, but I just got done figuring out their stupid permissions setup. The answer is explained in the Support area under “Private shares are inaccessible after joining a My Cloud to an Active Directory Domain”.
Basically, if you’re trying to give access to the Administrator account of your Active Directory domain, you have to give full read/write access to EVERY GROUP in your Active Directory, then you can go to Users and give access to the Administrator user, because one way or another, the Administrator seems to be a member of every group.
In a normal system, you create Permission Groups to allow you to easily assign users the permissions that allow them the access they need, without having to add them individually to every folder. But in this cockamamie system, every time you make a new share, you will have to go one by one through every group in your AD and individually give it full read/write access, then add every user, individually, that needs access. And of course, if you add a new group to your AD, any user that is a part of that group will suddenly lose access if you don’t remember to go to every private share you created and update the new group to Full access.
I’ve been in IT for a few decades now, and this is the most bass ackwards way of doing permissions I’ve ever seen. We can only hope that someone at WD figures it out.

Thanks Ken. Now that I look at it that makes sense. They must have the Deny attribute explicitly listed rather than having no permissions which would include the groups. That is a pain since Deny overrides all other permissions.

I’ve had it out with them for a couple years on this, well up into upper managmenet. It’s VERY clear that not a soul at WD has any idea what AD does or how it works nor do they care to listen. I’ve finally stopped using their stuff and moved to Seagate because they handle AD far better and do it for less $.

Hi, Though it is late joining, but I have managed to resolve this one using EX4100 and Server 2012 r2 AD. You will need to give full access to the following groups: Schema Admins, Enterprise Admins, Domain Users, Domain Admins and then whateer access you wanted to grant to the group you have created as part of AD to access any folder on the WD whether read or read write access.

Took me couple of weks but I hope this helps.

Sorry, but that’s pure garbage for WD to require this for AD.

Agree without reservations. I truly needed to get it up and running specially I bought two of them. Also totally failed to find a solution or logical explanation. I hade no choice but to go through trials!! It is working on one and need to try the second yet. Hoped the trial results would be of use to someone.

thanks for the solution. can you tell me the way to give full access to the groups you have mentioned.