We bought 3 PR2100 devices last week.
I’m setting up the first one, and I’m running into a lot of issues already.
I’ve got it on our network with a static IP and I’ve joined it to our domain.
I’ve updated the firmware to version 2.30.193.
I’ve created some test shares.
I created one share prior to joining the device to our domain (as it will be using a local account, not a domain account). I can access this share from the local (non domain) account as well as domain accounts.
I cannot access any shares that are created after joining the domain.
If I create a share named “Test” and leave it public, I can access it.
If I turn off “Public”, then turn on full access for a domain user account (“DOMAIN\TestAccount”), that account cannot access the share, even if I reboot the PR2100 after setting the permissions.
This happens even when I grant full access to ALL of the domain groups that the user account is in (Domain Admins, Domain Users, etc.).
What’s going on? Is there any logging or debug information available to explain why I’m being denied access to the shares?
Edit: The logs show many entries of "SAMBA CIFS: Authentication for user [DOMAIN\User] has FAILED. " (with the actual Domain name and user name in there.).
Why is the PR2100 set up such that DENY entries for every single user and group it can find via AD are added to shares? Why can’t these entries be removed from the config? The result is that even if permissions are working as described, people in multiple groups will cause situations where you have to grant access to a group that should NOT have access in order to grant access to a group that should.
For example, if a user account named “Manager” was in the groups “Financial” and “Reporting”, then both the “Financial” group AND the “Reporting” group need access to ALL SHARES the “Manager” user needs access to. This is completely out of sync with industry standards.
Is there any way to add permissions for a domain account that isn’t a USER account? I need to add permissions for a COMPUTER account, which is of the form of “NAME$”. For example, for a web server named WEB.DOMAIN.COM, the computer account would be named WEB$ (or WEB$.DOMAIN.COM).
I need to be able to grant permission to a specific share for a certain COMPUTER account. Is this possible? If so, how would I do this? I’ve been trying to work around this limitation by adding the computer account to a group, and then granting that group permission to the share, but I can’t even tell if this works or not because of the general permissions problem described above.
Is there any way to add multiple VLANs to the device? I was able to do this in the past with the old WD Sentinel devices, but I can’t seem to do it here. This isn’t strictly necessary, but I would like to do it in order to get our UPS setup working as each of the three devices will be on separate VLANs.
We used to rely on WD Sentinels years ago, and we replaced them in favor of custom built boxes 2.5 years ago because WD didn’t have a replacement for the Sentinels available.
We’re in the process of replacing our custom built boxes, and I was happy to see WD had refreshed the My Cloud line. Unfortunately, from the very beginning with a brand new product, it seems it doesn’t have basic functionality working.
If I can’t get the share permissions working soon and figure out how to add permissions for a computer account (or find a workaround), I’ll have to return these 3 devices for a refund.
Thanks