Share restrictions after firmware upgrade

Please post questions and issues pertaining to share access and file permission here.

Share restrictions after firmware upgrade

Postby Satprem » Thu May 07, 2009 10:01 am

Investigating into this issue has really tested my patience.

Model: ReadyNAS NV+ [X-RAID]
Firmware: RAIDiator 4.1.5 [1.00a043]
Memory: 1024 MB [2.5-3-3-7]
Mode: User

After having upgraded to the latest firmware when it was released, I needed to create a new share yesterday. I have to have it locked down from everyone but a handful of people. So logically I set the "default access" to "disabled", tick the "write-enabled users" and entered a comma-seperated list of users. And this is where problems start, and I should probably mention that as you would expect this method had never previously failed to work for me, but then the last time I created a new share was two or three firmware releases back. The problem is that nobody can access the share! After a long trial and error I figured that you can access it if "default access" is set to "read-only" or "read/write", but as soon as you set it to "disabled" (obviously with setting up either "read-only" or "read/write" access on per user basis) it stops working. If I define a group that works too, but I need to restrict the access to only a few users, not the whole group!
Is this a firmware bug? If so, we need a patch asap, as we have to implement the "chinese wall" for one of our projects.
Or is this issue specific to our NAS only? In that case can someone either guide me through fixing this or SSH in and fix it for us.

Logs are available if required.

Thanks!
Satprem
ReadyNAS User
 
Posts: 60
Joined: Mon Aug 21, 2006 1:53 am
Location: Loughborough, Leicestershire, UK
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby ewok » Thu May 07, 2009 10:47 am

Satprem wrote:Is this a firmware bug? If so, we need a patch asap, as we have to implement the "chinese wall" for one of our projects.
Or is this issue specific to our NAS only? In that case can someone either guide me through fixing this or SSH in and fix it for us.


This seems to work on my NAS. It's running post-4.1.5 code, but I'm not aware of any changes in that area. I haven't heard of any other similar complaints with 4.1.5, so it may be something specific with your setup. I'll send you a PM with remote login details and we can debug this.
User avatar
ewok
Jedi Council
 
Posts: 9455
Joined: Tue Mar 08, 2005 3:58 pm
Location: Fremont, CA
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby tsprocket » Thu May 07, 2009 1:48 pm

I am working on a NAS DUO with the same issue. If I setup any restrictive permissions on a share that share is not accessible to anyone. The way it works now either everyone can see a share or no one can. I would love to have access so I see the permissions as they are set on the folders and files under each share to try to figure out what is taking place. I bought this because the setup seemed to be exactly what we needed but only if the permissions work as advertised.
tsprocket
ReadyNAS Newbie
 
Posts: 2
Joined: Thu May 07, 2009 1:29 pm

Re: Share restrictions after firmware upgrade

Postby ewok » Fri May 08, 2009 9:54 am

tsprocket wrote:I am working on a NAS DUO with the same issue. If I setup any restrictive permissions on a share that share is not accessible to anyone. The way it works now either everyone can see a share or no one can. I would love to have access so I see the permissions as they are set on the folders and files under each share to try to figure out what is taking place. I bought this because the setup seemed to be exactly what we needed but only if the permissions work as advertised.


Over which protocol? What are your access settings for the share?
User avatar
ewok
Jedi Council
 
Posts: 9455
Joined: Tue Mar 08, 2005 3:58 pm
Location: Fremont, CA
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby BenP » Sun May 10, 2009 3:28 am

Thankfully I decided to check the forums! I thought I was being really dense.

Yes, I also have this problem on my Duo. If I attempt to lock down access to just one user (me) any attempt to log-in fails. In fact without anonymous access on any of the shares, I now cannot even view the shares in explorer.

Not having tried this prior to the 4.1.5 firmware upgrade, I just figured it was me. Evidently something got broke. I only have CIFS enabled on each of the shares, and I am connecting from a Windows XP SP3 box. I guess the work around is to create a group, but me in it then assign the group to the share? I'll go try that.
BenP
ReadyNAS Newbie
 
Posts: 11
Joined: Tue Feb 24, 2009 2:07 pm

Re: Share restrictions after firmware upgrade

Postby BenP » Sun May 10, 2009 3:43 am

Nope, it's totally busted :x

Setting the Default-Access to disabled, means no-mater how you fill the access rights out, you won't get in.

Setting to default to Read-only works, but then accessing the share never prompts you for a username.....so you can only ever read.

So basically there seems to be no security support in CIFS in this version.... that's rather SUB-OPTIMAL if you ask me.

Possibly it's an interface thing, and any rights you allready have set-up will be fine, but new ones created in 4.1.5 just won't work?

Ewok, can you think of any way round this at the moment? Will windows connect over NFS?
BenP
ReadyNAS Newbie
 
Posts: 11
Joined: Tue Feb 24, 2009 2:07 pm

Re: Share restrictions after firmware upgrade

Postby BenP » Sun May 10, 2009 3:56 am

Okay, it's actually even worse than that, I now have my shares all set back to
Default-Access: Read-Write
Allow Guest access: true
With no users or groups listed

But I cannot write to the backup folder. My other shares have recovered fine. I will have to try rebooting the laptop and the ReadyNAS to see if it's a permissions caching issue.

If I get this back working I will have to stop fiddling in case I get locked out totally!

This is a real pain!
BenP
ReadyNAS Newbie
 
Posts: 11
Joined: Tue Feb 24, 2009 2:07 pm

Re: Share restrictions after firmware upgrade

Postby BenP » Sun May 10, 2009 4:19 am

Right, rebooted both the laptop and the duo, and I have write permission back on backup - phew. I'm not gonna touch a damn thing now, I've pushed my luck enough for one day!

So, any thoughts on a fix / workaround for this? I really don't like the idea of all those open shares with my backups in them!
BenP
ReadyNAS Newbie
 
Posts: 11
Joined: Tue Feb 24, 2009 2:07 pm

Re: Share restrictions after firmware upgrade

Postby Satprem » Mon May 11, 2009 7:58 am

The group setting seems to only work with groups that existed before the firmware upgrade, i.e. if I create a new group with just a few users that I want to have access to the share and apply it for the CIFS protocol it's the same as just having the share Disabled with no user or group settings specified.
Satprem
ReadyNAS User
 
Posts: 60
Joined: Mon Aug 21, 2006 1:53 am
Location: Loughborough, Leicestershire, UK
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby Satprem » Mon May 11, 2009 8:04 am

BenP wrote:I will have to try rebooting the laptop and the ReadyNAS to see if it's a permissions caching issue.

Don't forget that Windows caches permissions and doesn't instantly reread them unless you change share's default access. So I normally disable-reenable (on Vista, even easier on XP - just use repair) my NIC after each change to share permissions
BenP wrote:This is a real pain!

Couldn't agree more.
Satprem
ReadyNAS User
 
Posts: 60
Joined: Mon Aug 21, 2006 1:53 am
Location: Loughborough, Leicestershire, UK
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby BenP » Mon May 11, 2009 10:51 am

Ewok, any official line on this? I appreciate that you can't magic up a patch out of now-where, but can you replicate this your end and is it going into the defects list for the next release?

The obvious next question is , if so, what sort of release schedule are we looking at? Week/Month/Quarter etc


-- Update --

Right, I had a cunning plan. By using the existing users group (rather than my newly added backup group), I got the shares working - just don't delete that existing group, or you've had it!

This gets me round my immediate problem, but obvious doesn't allow me to setup shares for other people etc.
BenP
ReadyNAS Newbie
 
Posts: 11
Joined: Tue Feb 24, 2009 2:07 pm

Re: Share restrictions after firmware upgrade

Postby ewok » Mon May 11, 2009 11:18 am

BenP wrote:Ewok, any official line on this? I appreciate that you can't magic up a patch out of now-where, but can you replicate this your end and is it going into the defects list for the next release?


I still can't replicate it here, but I'm working with Satprem to get it figured out. Once we know what's going on, I'll have a better idea of what we can do about it.
User avatar
ewok
Jedi Council
 
Posts: 9455
Joined: Tue Mar 08, 2005 3:58 pm
Location: Fremont, CA
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby Satprem » Wed May 13, 2009 2:44 am

BenP, while investigating into this issue with ewok as it turns out it doesn't work for me only when I'm working from one specific machine and that's the only machine running Vista in the office. All the XP ones have no problem recognising user restrictions.
Could you please let us know which OS you're running on the machine you couldn't log on from, and if it is Vista could you try logging in from an XP box if you have one at your disposal.

Thanks!
Satprem
ReadyNAS User
 
Posts: 60
Joined: Mon Aug 21, 2006 1:53 am
Location: Loughborough, Leicestershire, UK
ReadyNAS: Pro

Re: Share restrictions after firmware upgrade

Postby BenP » Wed May 13, 2009 12:59 pm

Hi, nope I'm afraid it's an XP box here. I have yet to infect any of my machines with vista :)

Playing with logging in to the various shares with different permissions just now, I noticed this line in the access denied message that popped up:

"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.."

Right, so even though it popped up a dialogue and asked for login details, it has basically ignored them and tried to connect with what it has connected elsewhere. Thats pretty poor - but I assume it's the windows notworking at fault.

So how on earth do you "Disconnect all previous connections to the server"? I have tried disabling and reenabling the wireless, but this doesn't work - I just browse to the shares in IE, and there's no way to disconnect.
BenP
ReadyNAS Newbie
 
Posts: 11
Joined: Tue Feb 24, 2009 2:07 pm

Re: Share restrictions after firmware upgrade

Postby ewok » Wed May 13, 2009 1:08 pm

BenP wrote:"Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.."


Ah, that good old error message. :D

Windows doesn't like it when you try to connect to the same server with multiple users at the same time. Rebooting will get rid of the old connections, or you can use the "net use" command at the command prompt. Something like this should do it:

net use \\$nas_ip\$sharename /delete

Replace $nas_ip and $sharename accordingly.
User avatar
ewok
Jedi Council
 
Posts: 9455
Joined: Tue Mar 08, 2005 3:58 pm
Location: Fremont, CA
ReadyNAS: Pro

Next

Return to Share Access and File Permission



Who is online

Users browsing this forum: No registered users and 6 guests