Alt-F and password protected Folders for any User

[J. Lukasser]

Hello :)

I bought from a friend a DLINK DNS 323 (Ver. C1 FW 1.10).

Now i create two groups and two users and have assigned according to a folder with password query.

If i now open on my Computer (windows 7, 64 bit) the nas about \\192.168.0.32 i see my folder USER1 and USER2.

Now i click on folder USER1 i must enter User and Password and then i see my Files, all okay.

Now i go back and klick on folder USER2. i click at use another account and insert user and password, but now i see the message.

"On \\ 192.168.0.32 \ USER2 can not be accessed. You do not have permission to use this network resource."

Now i restart my computer and open now first folder from USER2, insert user and password and i can see all files.

But if i go back now and click on folder USER1 i have the same error message as before i click at USER2.

I do not understand this?

Why could i only open one USER/Folder?

Is it possibility to log out from any user and login to another User/group?

But my question is, does with Alt-F work passwordprotected Folders, so that i can use FOLDER1 on NAS with an other Password as FOLDER2?

Thanks :)

Jos

[João Cardoso]

On Tuesday, November 25, 2014 10:15:12 PM UTC, J. Lukasser wrote:

Hello :)

I bought from a friend a DLINK DNS 323 (Ver. C1 FW 1.10).

Now i create two groups and two users and have assigned according to a folder with password query.

If i now open on my Computer (windows 7, 64 bit) the nas about \\192.168.0.32 i see my folder USER1 and USER2.

Now i click on folder USER1 i must enter User and Password and then i see my Files, all okay.

Now i go back and klick on folder USER2. i click at use another account and insert user and password, but now i see the message.

"On \\ 192.168.0.32 \ USER2 can not be accessed. You do not have permission to use this network resource."

Now i restart my computer

Try first logout as USER1 and login as USER2. The same issue happens?

 

and open now first folder from USER2, insert user and password and i can see all files.

But if i go back now and click on folder USER1 i have the same error message as before i click at USER2.

I do not understand this?

I believe that your windows is using the (cached ?) first user credentials.

If you examine the samba log, System->Utilities->View Logs, smbd, you should see something like:

[2014/11/26 15:19:11.135733,  1] smbd/service.c:1084(make_connection_snum)

  silver (192.168.1.1) connect to service Users initially as user jcard (uid=1000, gid=100) (pid 3646)

[2014/11/26 15:19:11.145143,  1] smbd/service.c:1084(make_connection_snum)

  silver (192.168.1.1) connect to service Users initially as user jcard (uid=1000, gid=100) (pid 3647)

[2014/11/26 15:20:30.880689,  1] smbd/service.c:1084(make_connection_snum)

  silver (192.168.1.1) connect to service Users initially as user mlima (uid=1001, gid=100) (pid 3995)

[2014/11/26 15:20:36.979512,  1] smbd/service.c:1084(make_connection_snum)

  silver (192.168.1.1) connect to service Users initially as user mlima (uid=1001, gid=100) (pid 3996)

As you can see above I have successfully logged in first as user 'jcard' and one minute later as user 'mlima'. I didn't logout as 'jcard' in the client, I just supplied the proper 'mlima' credentials to access 'mlima' folder on the nas.

That was done using a linux computer. I don't know how to do that under MS-Win. Does anybody knows?

 

Why could i only open one USER/Folder?

Is it possibility to log out from any user and login to another User/group?

That does not depends on Alt-f (really the Samba/CIFS/SMB server), but on the client, your MS-windows 7.

 

But my question is, does with Alt-F work passwordprotected Folders, so that i can use FOLDER1 on NAS with an other Password as FOLDER2?

I'm not sure if I understand the question.

You can login/access files/folders with multiple users/folders, as I have shown you above; each user has its own folder and only he can access its own files.

 

Thanks :)

Jos

[J. Lukasser]

Hi :)

In the Log i see the followin:

[2014/11/26 13:53:59.850384,  1] smbd/service.c:1084(make_connection_snum)
  USER1 (192.168.0.30) connect to service Public (Read Write) initially as user nobody (uid=99, gid=98) (pid 881)
[2014/11/26 13:54:02.514745,  1] smbd/service.c:684(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2014/11/26 13:54:02.523867,  1] smbd/service.c:684(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2014/11/26 13:54:02.530392,  1] smbd/service.c:684(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2014/11/26 13:54:02.537853,  1] smbd/service.c:684(make_connection_snum)

.......

So i can login as USER1, but i do not know how i can logout as USER1?

Greetings :)

[François Blackburn]

Maybe you should try to use the command "net use" (on windows) to see if you still login with USER1 and use "net use * /d" to delete the cache

[J. Lukasser]

Great, this works :)

But it can not be true I always have to enter "net use * /delete" before I can open a folder?

I would like each folder connect as network drive, but so that does not works :(

Greetings :)

[João Cardoso]

I'm not definitively an MS-Win user, but it looks to me that credentials should be prompted for when the credentials that one is logged in are not accepted by the remote (NAS) host.

A quick search shows that you are not the only one with this issue: http://community.spiceworks.com/topic/341370-forcing-prompt-for-credentials-on-browsing-shares

If you find that the issue is at the Alt-F side please report back with the solution :-)

 

Greetings :)

[François Blackburn]

I wanted to like you and to enter another user's files on the NAS by being on the same Windows account, but I have not found good solutions that always work (for me). So I moved toward Hardlink, Softlink and Group to share the files. Also, I still think this is a better solution.

In short, if you want the "Linux way", I need you to describe what you're looking to do and why, to help you.

But if you find a way for the "Windows way", let me know

Sorry for my English :)

[J. Lukasser]

Have now installed Alt-F-0.1RC4 on my DNS-323.

looks good :)

Have deleted all connections on my PC with "net use * /delete"

So with the stock Firmware i have acess to my protected folders.

Now on Alt-F i create a folder "Test1".

At the menu SETUP > USERS i create a new user "tester1" and a group "testgroup1".

Then i "connect" tester1 with testgroup1.

I go to SERVICES > NETWORK > smb Configure

At Folders to export to other hosts i click at BROWSE.

Now i select my folder "Test1".

But i think there at permissions now my problem, what must i select now?

Owner is set to root.

User in group is set to root.

All Buttons Can Read, Can Write, Can Browse are selected.

Then i click to submit and ok.

If i set now at the Menu ALLOW to anybody all works and i can read and write in the folder, but no password-query.

If i set ALLOW to nonpublic and i click on the folder i must enter user and password, but i have no chance to connect :(

What have I done wrong??? 

[João Cardoso]

On Thursday, November 27, 2014 4:49:59 PM UTC, J. Lukasser wrote:

Have now installed Alt-F-0.1RC4 on my DNS-323.

looks good :)

Have deleted all connections on my PC with "net use * /delete"

So with the stock Firmware i have acess to my protected folders.

First a small introduction:

When configuring shares there are two systems involved

-the samba server, that you configure in Services->network->smb

-the filesystem ownership and permissions, which you can configure in Setup->Folders, Permissions or in the Browse button that appears in several webUI.

The samba server can't override permissions set at the filesystem level, i.e., even if the samba server is configured to allow access for everybody, the folder must have the proper permissions at the filesystem level to be accessed.

When an user is created using the webUI, its home folder is created with the proper filesystem ownership and permissions, and the samba server knows by default its location and uses the "nonpublic" allow mode for it.

So, when you browse the network using a samba client you will see a share named Users with all users home folders as subfolders. To access any of that user home folders you must provide the proper user credentials.

 

Now on Alt-F i create a folder "Test1".

 

At the menu SETUP > USERS i create a new user "tester1" and a group "testgroup1".

Then i "connect" tester1 with testgroup1.

What is the tester1 full name? Assuming it is "Tester 1":

Then its home folder "/home/Tester 1" (in reality "/mnt/<fs>/Users/Tester 1") is created with the right ownership and permissions and it is immediately accessible as a share under "Users/Tester 1". You don't need to configure anything else.

I go to SERVICES > NETWORK > smb Configure

At Folders to export to other hosts i click at BROWSE.

Now i select my folder "Test1".

Your *other* folder.

 

But i think there at permissions now my problem, what must i select now?

If you want it to be accessed by the tester1 user, whatch the "/mnt/<fs>/Users/Tester 1" ownership and permissions

 

Owner is set to root.

User in group is set to root.

All Buttons Can Read, Can Write, Can Browse are selected.

So you want it to be public. If everybody can browse/read/write it...

Remember that the folder can be possibly accessed using other protocols, such as ftp or others.

 

Then i click to submit and ok.

If i set now at the Menu ALLOW to anybody

This is OK, public and the filesystem permissions are also setup for everybody access.

 

all works and i can read and write in the folder, but no password-query.

As a matter of fact it is accessed as the guest user.

 

If i set ALLOW to nonpublic

You have to supply user credentials.

 

and i click on the folder i must enter user and password,

Yes.

 

but i have no chance to connect :(

What message do you receive?

Have you tried to restart the samba server (StopNow/StartNow)? That might be needed, although the server is informed that its configuration has changed it might take some time to react (and the client might still provide cached credentials)

Can you succeed accessing the tester1 home folder?

What have I done wrong??? 

Nothing looks really wrong, except the wide open filesystem permissions, but that's a starting point. But I would need to know what you intend to do in the first place, namely why not use the tester1 own home folder.

If all you want to do is to have tester1 access a given folder, verify first that you can access its own home folder, watch its filesystem ownership and permissions and replicate them. And setup the folder as a samba share allowing only tester1 to access it.

If you want a whole group to access it, use +groupname in the allow entry, but remember to open group permissions at the filesystem level and to make the folder belong also to the group.

Don't forget server and client cache effects and read the Samba online small  help page.

[J. Lukasser]

I'm at the end, totally confused, it does not work as it should :(

can someone tell me step by step where I insert

My wish result should be
a folder where everyone has access (that works :) )
a folder just for group1 (passwordprotected)
a folder just for group2 (passwordprotected)

Can someone tell me step by step what I must insert in the following screenshots :)

[João Cardoso]

On Thursday, November 27, 2014 8:18:43 PM UTC, J. Lukasser wrote:

I'm at the end, totally confused, it does not work as it should :(

can someone tell me step by step where I insert

My wish result should be
a folder where everyone has access (that works :) )
a folder just for group1 (passwordprotected)
a folder just for group2 (passwordprotected)

Can someone tell me step by step

As explained, I did the following:

-Setup->Users, created Group G12, created users U1 and U2 with nicknames u1u1, u2u2, and assigned each of them to group G12.

-Setup->Folders, created folder /mnt/md1/F12, hit Permissions, changed only in "Users in Group" line: set it to to G12 and checked Read/Write/Browse. Checked also the "Make new files/folders inherit the group ownership" checkbox.

-Services->Network->smb, Configure, hit Browse in an empty share line, selected folder F12, called the share S12, set Allow to '+G12', checked Browseable and "Inherit

Perms" (so that new files would belong to group G12, as the base folder)

-Opened a samba client (Dolphin from KDE), browse the network until finding S12, credential were asked, entered U1 and its password,  create a file named "Created by U1"

-Opened another samba client (Nautilus from Gnome), as I wanted to be prompted for the credentials and if using the previous client the same credentials would be automatically used, browse the network until finding S12, asked for the credentials, entered U2, created a file named "Created by U2"

-Opened another samba client (PCManFM from LXDE), as I wanted to be prompted for the credentials again, browsed the net until found S12, gave my own 'jcard' credentials, and get access denied as expected.

-ssh the box and did a 'ls -l /mnt/md1/F12' and got, as expected:

[root@dns-320l]# l /mnt/md1/F12/

total 16

drwxrwsr-x    2 root     G12           4096 Nov 28 00:52 .

drwxrwxrwx   10 root     root          4096 Nov 28 00:12 ..

-rwxrw-r--    1 u1u1     G12             15 Nov 28 00:45 Created by U1

-rwxrw-r--    1 u2u2     G12             15 Nov 28 00:52 Created by U2

what I must insert in the following screenshots :)

That's asking too much ;-)

[J. Lukasser]

I have done exactly the same.

But i think my biggest problem is really windows :(

If i enter "net use * /delete" and wait any minutes i can login with pssword to the folder S12, but not to my folders FOLDER1, and vice versa.

I do not understand how makes this firms, they have many folder with password, and also windows 7?

In the evening i will install Ubunto on my Notebook, so i will test if linux works better :)

[F. Blackburn]

What is FOLDER1? If you have access to folder S12 with user1 and user2, it's not good?

ex:

Connect to Windows session with your account (WUser1)

Connect to NAS with User1

Access to NAS/home/User1 and NAS/S12

Connect to Windows session with your account (WUse 2)

Connect to NAS with User2

Access to NAS/home/User2 and NAS/S12

I'm curious to know why you need to access different account on the same windows account.

Why WUser1 need to access to NAS/home/User2? (I think is what you want, right?) 

Are there different people that use the same Windows session?

Or is it to keep an eye on the home folder of your family/friend? (it is assumption, I don't need to know the reasons :P)

I just want to know if is it possible to avoid using different login. Because I don't know if you're going to find the answer in this forum. I told you the command "net use */d" for testing, but I doubt that is a right way ^^'.

[Jan D.]

Depending on what you need to accomplish, could you create a third user/group that has access to both USER folders?

This would not work for every circumstance, but would work if lets say each folder is for an individual user that should not have access to anothers files, but you as an administrator need access to both.