Private shares, Users and Groups: Got it to work!

TL;DR

  • EX2 does not create proper smb.conf file based upon User/Group access rights.
  • HOSTS file on Windows can be used to map shares from different users on one Windows PC.

Once upon, this weekend…

Got my EX2 Ultra this weekend, basic setup was smooth: set it to spanning, updated firmware, installed plex.

Next steps:

  • add 2 users (A,B) with their own private share,
  • add a group (G),
  • put user A,B in group G,
  • create another private share where group G has full access.

Also smooth, web interface of the EX2 made it an easy task.

So… now map those shares to the Windows 10 PC’s of users A and B…

The EX2 was listed as a network device and all the shares were visible. So I tried to add the the private share for user A. But no matter what I tried, the dialog to enter credentials would repeatedly show up: Access Denied. So let’s try it from a command prompt:

net use x: \\mycloud\usera <userapassword> /User:usera /Persistent:yes

And this kept throwing ‘Error 5’ at me.

So: google… and it appears to be a common issue, with many, many different suggestions to fix it:

  • Run the CMD as Administrator (I was already doing that)
  • Tweak setting X,Y,Z in the Registry
  • Set Samba to Version 1,2,3 on the EX2
  • Reconfigure Samba on Windows 10
  • Give up, Windows 10 doesn’t support it
  • First map the private shares, then the public share (I was already doing that, but when I did try to map the Public share, no problem there)
  • Disconnect all shares (BUt I did not have any)
  • Delete all related Credentials from the Windows Credential Manager

Nada.

My only clue was that with each mapping attempt there would be a new line in the system log of the EX2 showing the failed attempt.

Well, there must be more logging on the device itself, so… enable SSH and look at the samba logs. But there was not much in there. The failed mapping attempt was rerouted to a user.log file and samba was set at a minimal log level. So… let’s increase the samba loglevel and try again.

Now it got interesting: the smaba log showed that initially the authentication did go ok. User A was identified ok with the password, but then when looking up the share samba did say: No Access for User A. But… but… User A does have access and in fact, User A is the only one with access.

Let’s move to the samba config file generated by the EX2.

I noticed that the private share for User A looked like this:

valid users=usera
invalid users=admin,userb,@groupg

Ai. Hang on there… usera is in groupg, so is usera now a valid user or an invalid user??? Using vi I removed @groupg from the invalid users and… (skipping a little thing for the moment) it worked. I could map the private share of usera.

Let’s look for confirmation and from the smb.conf documentation:

https://www.samba.org/samba/docs/using_samba/ch09.html

"The important rule to remember with these options is that any name or group in the invalid users list will always be denied access, even if it is included (in any form) in the valid users list."

Since I only have 2 users, I deleted the group and added access for both user a and user b to the share I initially wanted to give access to through the group.

So, I skipped something…

Initially after fixing the group… it still did not work, but I got the ‘Cannot use multiple users to map to the same resource’ error (or eh well, something like that).

There is a nice trick to fix that. I have the DHCP on my router setup to assign a fixed IP address to the EX2 based upon it’s MAC address, let’s say the IP is 10.82.1.99.

Then in the C:\Windows\System32\drivers\etc\hosts file I can add multiple entries:

10.82.1.99 nas1
10.82.1.99 nas2
10.82.1.99 nas3

And then map different users:

net use x: \\nas1\usera <userapassword> /User:usera /Persistent:yes
net use y: \\nas2\userb <userbpassword> /User:userb /Persistent:yes
net use y: \\nas3\userc <usercpassword> /User:userc /Persistent:yes

I hope this will save others some time (and of course, unless I misunderstood the purpose of groups on the EX2, I hope the samba config for groups will be fixed)

Daniel

1 Like

Thanks for this useful information. I’ve tested on a Win10 to map multiple users as you explained and it works fine but every time I reboot the computer, it only connects to the user1 share, the other 2 users’ shares are shown but disconnected. If I click on them it prompts for the password and they connect but not automatically as the first user’s share.

Is this also happening to you?

I would have to try that. I found out about this (actually on an official microsoft page) because I could not even map the first user, so I was happy that it works for a single user.

I’ll try mapping more and rebooting later today.

I was able to reproduce it. It seems that when mapping the shares from the command prompt, the credentials are not stored in the Credential Manager. I added them manually, but that still did not work. So I removed all the shares (and the manual Credential Manager entries), then added the shares back using the ‘Map Network drive’ option in Explorer and now it does work. After a reboot the shares for both users are restored.

One additional thing:

  • if you also map the Public share (or any other public share), you will need a separate name in the hosts file for those shares as well (1 name for all of the public shares), otherwise the ‘nobody’ account will claim the name and prevent the actual user from authenticating.
  • and apparently when mapping public folders: do provide full credentials. When I mapped it without, it still blocked me from adding the other shares despite using a different host name.

Ok i believe the shares will be restored irrespective of user groups with root access. As windows map drive will store drives.

In worst case scenario i believe iSCSI will be easy way to mount the drive into the system but it would be little complex on actual usage.

I might need your insight help on one particular application for this most other brands are very popular and widely used.

I need to know how well the FTP application is designed . Not as a server but as a client for downloading files from ftp server.

Say unless fat32 the ex2 using ex4 by default as the system is Linux based one.

I have a requirement for download files from ftp server’s with account based setup for regular download of files sizes ranging from 100MB to 70GB both multiple files and single file size of 4gb to 80gb .

It will have mutiple extensions. But i was wondering does this FTP allow threading based download. Is there any way to push the speed to full speed. Also is there any limitation on queuing. If so say i had added 100 files of each 250MB does it allow to increase the simultaneous downloads or only strict 1 by 1 . Which will not consume the bandwidth consistently

So i needs some more insight to this ftp application.

Many videos i have gone doesnt talk about this except go for torrent and plex kind of other topics covered.

Even one of user was asking can i download Seedbox to this nas then and there when a new files are downloaded without file lock. ( It might be complicated as once file download done it will start upload which may or may not release the lock)

So one dont have to keep queuing as it will take ages. I dont know if the ftp app will allow multiple link files at once to be imported via txt file or copy multiple files once for downloading.

I know its not download server. But NAS have wide variety of application in today’s world…

It might be best to create a new topic for this, or even in a different community as this is more related to a standard ‘linuxish’ tool. The FTP command itself is pretty basic, but of course you can call it from shell scripts and run multiple instances in parallel.

I know few video’s queuing the files in torrent but nothing much in FTP. If torrent have no file size restriction same applies for HTTP or FTP.

Does it support Secure.

can you provide some insight. I dont know user’s atleast look into and share the info.

I will upload a video once i get the device . But the 2nd purpose of this nas is to auto download FTP over night or all the time based on the files available.

Also one more query JBOD Is more of individual disk management in terms of Volume_1 & _2 . Does any one if it fails doesnt imply other volume also wont work,

Also how reliable these RED drives. I know many says NAS ready drives are with longer life than Desktop HDD. Mostly due to power saving feature’s keeping the drive cool and intelligent data management .

It costs little+ more than regular drives

Especially the WD ones.

This post just saved my sanity. I was banging my head around this, and finally removed the troublesome user from all groups. Suddenly they can map and access their private share.

I take it back. WD’s software is horrible and almost useless if you want to do anything outside a simple public share. I’m trying to connect to the same share on a different computer with the same credentials, and nothing works.

Been spending hours on this - and although I don’t speak your language (jk) I got the jist that if I deleted the groups my shares would work - 30 seconds later problem solved! I will update my own request and reference this. THANKS!!!