So here’s what the section of the smb.conf should look like:
SAMBA WINDOWS ASKING FOR PASSWORD UPDATE
We assume during the smb.conf update when the master browser was enabled, something went wrong and the file was not saved properly. In this case the samba daemon authentication was not tied to the Synology account manager, meaning the daemon did not have access to the user accounts and could not verify them. While it looked like it had all the basic bits needed for the samba daemon to run, it was missing some vital config lines. So we turned to the smb.conf file to check the configuration. We inspecting the log for SMB and noticed the samba daemon was attempting to authenticate users, but not finding their accounts. root access is also accessible via the SSH so you should have very strict controls about who can access it, and disable it when it’s not needed.Windows shares are handled by the samba daemon, with the config held in the smb.conf file, and extended logs held in the logs/samba folder. You can enable SSH to login via a secure shell rather than through the web front end. The Synology uses a customised version of Linux to run the operating system. This is a good fault-finding activity but the logs quickly grow in size so remember to either configure them to stay below a certain size, or disable the logging of unnecessary data after you’ve solved the problem. Then we enabled the file transfer logs and SMB logs on the Synology server. We setup the network firewall as the time-server and pointed all the devices at that. Problem Solvingįirst of all, we checked the workstations and server were all synchronising clocks correctly, in domain settings a wrongly configured clock on a file server can cause user authentication to fail. There are not many options to easily diagnose the cause of the issue without digging a bit further into the Synology server system. This worked fine, but in enabling the Master Browser, the shared folders on the Synology became inaccessible. This should have caused the always on server to be the device that held onto and updated the list of other network devices and their names and addresses (Used when you open the Network Browser on a computers and see all the available devices). As the network was running as a workgroup, the Master Browser option was enabled on the Synology server. It was used as a file server in a predominantly Windows based environment, and had the Windows File Sharing service enabled. Recently we had a Synology DS1513+ server that had developed a glitch. The Synology small format servers have proved to be pretty awesome devices, allowing for hybrid RAID disk configurations and many enterprise server grade functions by means of downloadable apps. Once you have your users set up, it is a couple of small steps to restrict the access to your Unraid SMB shares to just those users!) By requiring a login, you will at least keep out undesirable (and, perhaps, malicious) clients who do not have login credentials.The Synology DS1513+ 5 Bay server (Image from UK Hardware) (You can use the Credential Manager to log them in automatically in the background!) If after doing that you want to allow unrestricted access, you can do it with the Unraid SMB security settings. (MS is going to be doing their best to prevent it!) To prevent these type of issues, setup a login for your Windows users and require them to log in.
SAMBA WINDOWS ASKING FOR PASSWORD WINDOWS 10
This is going to be an ongoing issue for anyone who is trying to run Unraid trying to use an unrestricted Guest access mode using a Windows 10 or Windows 11 computer. This is all been done because of real existing security issues! They also disabled SMB1 and a few other things. Read the entire article as they have done more than just restrict SMB2 and SMB3 protocols.
For problems with access using Guest account privileges, see here:
0 kommentar(er)
