TL;DR
- EX2 does not create proper smb.conf file based upon User/Group access rights.
- HOSTS file on Windows can be used to map shares from different users on one Windows PC.
Once upon, this weekend…
Got my EX2 Ultra this weekend, basic setup was smooth: set it to spanning, updated firmware, installed plex.
Next steps:
- add 2 users (A,B) with their own private share,
- add a group (G),
- put user A,B in group G,
- create another private share where group G has full access.
Also smooth, web interface of the EX2 made it an easy task.
So… now map those shares to the Windows 10 PC’s of users A and B…
The EX2 was listed as a network device and all the shares were visible. So I tried to add the the private share for user A. But no matter what I tried, the dialog to enter credentials would repeatedly show up: Access Denied. So let’s try it from a command prompt:
net use x: \\mycloud\usera <userapassword> /User:usera /Persistent:yes
And this kept throwing ‘Error 5’ at me.
So: google… and it appears to be a common issue, with many, many different suggestions to fix it:
- Run the CMD as Administrator (I was already doing that)
- Tweak setting X,Y,Z in the Registry
- Set Samba to Version 1,2,3 on the EX2
- Reconfigure Samba on Windows 10
- Give up, Windows 10 doesn’t support it
- First map the private shares, then the public share (I was already doing that, but when I did try to map the Public share, no problem there)
- Disconnect all shares (BUt I did not have any)
- Delete all related Credentials from the Windows Credential Manager
Nada.
My only clue was that with each mapping attempt there would be a new line in the system log of the EX2 showing the failed attempt.
Well, there must be more logging on the device itself, so… enable SSH and look at the samba logs. But there was not much in there. The failed mapping attempt was rerouted to a user.log file and samba was set at a minimal log level. So… let’s increase the samba loglevel and try again.
Now it got interesting: the smaba log showed that initially the authentication did go ok. User A was identified ok with the password, but then when looking up the share samba did say: No Access for User A. But… but… User A does have access and in fact, User A is the only one with access.
Let’s move to the samba config file generated by the EX2.
I noticed that the private share for User A looked like this:
valid users=usera
invalid users=admin,userb,@groupg
Ai. Hang on there… usera is in groupg, so is usera now a valid user or an invalid user??? Using vi I removed @groupg from the invalid users and… (skipping a little thing for the moment) it worked. I could map the private share of usera.
Let’s look for confirmation and from the smb.conf documentation:
https://www.samba.org/samba/docs/using_samba/ch09.html
“The important rule to remember with these options is that any name or group in the invalid users list will always be denied access, even if it is included (in any form) in the valid users list.”
Since I only have 2 users, I deleted the group and added access for both user a and user b to the share I initially wanted to give access to through the group.
So, I skipped something…
Initially after fixing the group… it still did not work, but I got the ‘Cannot use multiple users to map to the same resource’ error (or eh well, something like that).
There is a nice trick to fix that. I have the DHCP on my router setup to assign a fixed IP address to the EX2 based upon it’s MAC address, let’s say the IP is 10.82.1.99.
Then in the C:\Windows\System32\drivers\etc\hosts file I can add multiple entries:
10.82.1.99 nas1
10.82.1.99 nas2
10.82.1.99 nas3
And then map different users:
net use x: \\nas1\usera <userapassword> /User:usera /Persistent:yes
net use y: \\nas2\userb <userbpassword> /User:userb /Persistent:yes
net use y: \\nas3\userc <usercpassword> /User:userc /Persistent:yes
I hope this will save others some time (and of course, unless I misunderstood the purpose of groups on the EX2, I hope the samba config for groups will be fixed)
Daniel