D-Link Forums
The Graveyard - Products No Longer Supported => DNS-323 => D-Link Storage => Beta code! => Topic started by: Buhric on December 13, 2009, 03:13:56 PM
-
Hi, I got a quick question
I just updated my DNS-323 firmware to v 1.08b8
I did a reset to default with the button before and after the upgrade.
I setup my DNS like it was before the upgrade (I had noted down on a paper all the settings)
I got 2 x 1 GB hard drivers setup has 2 separate volumes... Volume_1 and Volume_2
There's 2 Different Users created
1 user has "R/W" access to Volume_1 and Volume_2
1 user has "R/W" access tp Volume_2 only
In Volume_1 I created a couple of folders that "All Users" have Read access only
After a few Tests I found out the following:
User1 has access "R/W" every where on both Volumes
User2 Is able to access the "read only" folder in Volume_1, and is prompted for credential when trying
to access the other folders in Volume_1
User2 as access to everything in Volume_2
If a user that is not in the DNS-323 user list tries to access the DNS throught "Network" in Windows 7
they get a prompt for a username password.
With v1.06, anyone could "see" all the folders shared by the DNS-323, but then if they tried to access
some folder that was not shared to "All users" they would be prompted for credentials.
But they could still access the folders that where set as "Read only" access for "All users"
Without being prompter for any username / password.
Was this an intended behaviour on v1.08? If so
would it be possible to revet it back to the v1.06 way ?
It was a lot simpler for "guest" users to access only the Folder that where setup for "All users"
Edit:
I also noticed that folders shared to "All Users" no longer display under "My Network Places"
-
All This just to ask:
How can I make _ANY_ user have "Read" access to certain folders
whitout having a User created for them in the DNS-323 ?
-
No I dont think so, you must have a user.
-
Thats to bad....
I really prefered to have the same functionnality that it had in v1.06...
I do computer repairs, and theres a bunch of tools that I have in the DNS in a folder
that is "Read Only" to "All" users
Before, with Windows 7 and firmware v1.06, I was able to select the DNS in the "Networks" and it would list all the folders that where shared.
If I tried to access a folder that was share for a user, it would prompt me for a username and password.\
But if i tried to access a folder that has "All users" and "Read Only", I was able to enter it without needing to enter anything....
Just wondering why this has changed....
Logically, if a folder was share for "All Users" all users should be able to access it.... not just the ones defined.
-
There is an option for all which does not require a username you can set for this folder. You should see the check box next to the user drop down in Network Access. You can mount folder to all PC's with no authentication needed.
-
To ECF:
That is exactly what I did.... but it still asks for authentication
example:
(http://img707.imageshack.us/img707/5440/capturenb.jpg)
and if I try to map to that Folder in Windows (XP or 7) by using:
"\\IPofDNS\Temp Stuff\"
I get prompted for authentication
IF the Windows session has the same user created in the DNS-323 user list,
like same username and password used to log into windows.
It does let me throught no problem.
The issue is that if one of my friend comes in with his laptop and connects to my Wifi
I want him to have access to that folder without having to create a username / password for him in the DNS-323.
-
I see and there no way to get past the authentication correct? As long as I am not using a user and select all I do not run into this prompt. I am logged in as Admin user on the PC. Have you tried this from all of you PCs and are you running any anti-virus software?
-
Well, if I enter a username/password that is part of the users list
in the DNS-323, it will let me throught...
Yes I tried from 3 different computers - Windows 7 and XP -
same problem since the upgrade to v1.08b8
heres the Folders I got shared
(http://img46.imageshack.us/img46/4056/captureea.jpg)
And theres 3 users setup in the DNS-323
Buhric
Michel
Acronis
If I use my computer - I am Logged in as Buhric in Windows
(same password in DNS-323) and I have admin rights -
I can access everything fine with no problems.
From a different computer - my brother is Logged in has Michel in Windows
(also same password in DNS-323) and with Admin rights
he is able to access:
Volume_1\FAV SOFT
Volume_1\Movies
Volume_2\Temp Stuff
the others folders, he gets prompted for a password.
Now from a 3rd computer - Logged in as user Alex in Windows XP
with Admin rights
Theres is NO "Alex" account in DNS-323
This user is NOT able to access any Folder in DNS-323
If he goes to "My Network Places"
DNS-323 does NOT show up
If he Select "View Workgroup Computers" DNS-323 is in the list
but if he tries to access it. he gets prompted for username password
Normaly he should be able to access the DNS-323, and be able to go
into the the 3 "ALL" folders, and only get prompt for credentials
if atttempting to access the other folders.
-
If he Select "View Workgroup Computers" DNS-323 is in the list
but if he tries to access it. he gets prompted for username password
Normally he should be able to access the DNS-323, and be able to go
into the the 3 "ALL" folders, and only get prompt for credentials
if attempting to access the other folders.
If you have set up only one folder with user based restrictions, all folders require user based authentication.
Therefor it is necessary to create the user "Alex" in the DNS.
You do not need to set up network access for this user, it is enough that his name and password is in the user list.
Access for all with no authentication works only if all shares are not restricted.
But then you can't add different permissions for you or an admin account.
Edit: forgot a word ... ::)
-
I'm REALLY hoping that D-Link fixes this. It used to work in earlier firmware versions, and I'd love to have that capability back.
It's really nice to have a public area and then be able to password protect other areas. The current version of Ubuntu can do it, so obviously this isn't a Linux limitation at this point...
-
If you have set up only one folder with user based restrictions, all folders require user based authentication.
Therefor it is necessary to create the user "Alex" in the DNS.
You do not need to set up network access for this user, it is enough that his name and password is in the user list.
Access for all with no authentication works only if all shares are not restricted.
But then you can't different permissions for you or an admin account.
Well if this is the case then it changed with firmware v1.08b8
It did not have this behavior with v 1.06
Edit:
Also like I mentioned before, adding a user is fairly easy if there's only a couple of users to add... But I repair computer and need access to certain tools in those "Free access" folders. And If I have to setup an account for every single user / computer I see... well its just not practical....
I'm even reconsidering rolling back the firmware to v1.06
-
You don't need to create a user for every customer you see. Just create one user on your DNS called "public" with password "public" for example and use that.
Or, don't use users/passwords at all on your DNS for any shares and I believe the DNS will behave like it used to.
-
...
Or, don't use users/passwords at all on your DNS for any shares and I believe the DNS will behave like it used to.
Yes, it does. I checked this when I set it up.
The first I do is to copy all directory and files onto the NAS and later I will set up permissions.
The DNS does not care about username or password in initial setup.
I see this behavior more as a security feature than a bug. If you use it in a small office or something similar, the access for all is restricted to all known users. Guests in this network are not allowed to access.
I also use a "guestuser" with "password" to give read access for all to a special setup folder.
I've a small batch file which connects this directory automatically and hand it over via usb stick to my "guestuser".
-
You don't need to create a user for every customer you see. Just create one user on your DNS called "public" with password "public" for example and use that.
This would be an alternative.... but i rather have it NOT prompting for credentials at all like in v1.06
Or, don't use users/passwords at all on your DNS for any shares and I believe the DNS will behave like it used to.
You are right, if all shares are set to "ALL" users it never prompts for credentials, But I need some folders protected..... I don't want people erasing mt files!!!!
I see this behavior more as a security feature than a bug. If you use it in a small office or something similar, the access for all is restricted to all known users. Guests in this network are not allowed to access.
I get your point here. But then theres a "double standard" here....
Why when all folders are Shared to "ALL" the DNS-323 lets anyone pass... and not only users in the User list?
By your logic, it should only let "known" users access the DNS
I also use a "guestuser" with "password" to give read access for all to a special setup folder.
I've a small batch file which connects this directory automatically and hand it over via USB stick to my "guestuser".
Which is better / simpler....
Having to pass a USB key (or files) to everyone that wants access to the DNS-323
OR
just let them connect to it via "Network" or "My Network Places"
I vote to have D-Link re-implement this login process has it was in v1.06
who's with me?
-
I vote to have D-Link re-implement this login process has it was in v1.06
who's with me?
Well, I've complained long and loud about this, so far with no success. That's been the only glitch upgrading to the beta, suddenly my anonymous folders were not available.
-
Any word from d-link on this?
Will the soft ing. go back to the way it was, or will this be a "feature" going from v1.08 and on?
-
I've heard nothing from D-Link about that functionality coming back...
-
Interesting. I just tried this with the new beta and it worked.
I'm setup like this:
Music Volume_1/Media/Music ALL No No
Volume_1 Volume_1 Bob Yes No
Access to Volume_1 prompts for a userID and access to "Music" doesn't. It just lets me in. I also double checked the smb.conf file in the /etc/samba folder and in the section on access it shows like this:
[ Music ]
comment =
path = /mnt/HD_a2/Media/Music
valid users =
read only = yes
guest ok = yes
oplocks = no
map archive = no
[ Volume_1 ]
comment =
path = /mnt/HD_a2
valid users = Bob
read only = no
guest ok = no
oplocks = yes
map archive = no
If you can access it, make sure guest=yes is set.
-
How about getting it to work with Windows?
-
How about getting it to work with Windows?
Sorry. That's what I meant. This is accessing it from my Vista box. Didn't try XP. The Smb.conf part was referring to access the DNS via SSH to modify the Samba server configuration.
-
You need something like funplug installed to look at those values, right?
-
right
-
No joy here. I created a new folder under Volume_1, but can't access it. I allowed access to ALL accounts, which is what used to work. I'm running 1.08b8
-
Music Volume_1/Media/Music ALL No No
Volume_1 Volume_1 Bob Yes No
Access to Volume_1 prompts for a userID and access to "Music" doesn't. It just lets me in.
K, but what does your DNS-323 user list looks like?, is there a user setup with the same username/password has your Vista account ?
Because the issue is that if the Windows user account is in the DNS-323 user list... all seams to be ok,
its when the account is NOT listed in the DNS-323 that it starts to ask for credential to any type off access.
-
If your windows login name/password is in the user account list, you have passworded access by definition. The whole issue here is allowing anonymous shares for some folders and password protected shares for others.
-
In my case, Bob is a user on both the DNS-323 and my Vista. When I'm logged in as Bob, I have access to Volume_1 and everything else with W/R. When I log into my Vista as another user who is not setup on the DNS-323, I do not have access to the Volume_1 and have read only access to Music without it asking for any credentials.
Not sure why it's working for me but it seems to behave like it did with 1.06
-
I created the separate folder and added a share name, but I have no access to it unless I enter the password for Volume_1. It appears properly, and if I assign an account to it, I can then access it using a unique name/password.
I see no difference from the last beta.
-
I'll play around with it tonight to see if I can get it not to work for me. The only thing I can think of now is A:I have funplug installed and B:my folders were already created.
Do you have XP or Vista? I'll try both when I'm testing.
-
This test was from an XP machine.
-
In my case I tested from all 3 OS
XP, Vista and Windows 7
Same result in all fo them after the upgrade to v1.08b8
-
Same issue, that the cause is:
security = USER
in smb.conf file. If you change it to:
security = SHARE
you will get same behavior as 1.06. But I don't know how to persistent it.
Steps:
1. Telnet or ssh into your DNS-323
2. pkill smbd
3. pkill nmbd
4. edit smb.conf and change "security = USER" to "security = SHARE"
5. /usr/sbin/samba/smbd -D
6. /usr/sbin/samba/nmbd -D
and you should be done. As I remember "security = SHARE" causing some other issue, and "security = USER" should be better, and on my another Linux box, "security = USER" never cause this "guest" not able to access issue. Not issue why it causing issue in DNS-323.
-
Sorry for not getting back... Life got in the way of testing :) I still need to test things out but wanted to make a comment to say my security is set to user so I'm still not sure why mine is the only one working. Hopefully I'll be able to see if I can break mine in the next day or 2.
-
Just Noticed something else with Windows 7
I can't set the "Hide" attribute to a file in windows.
Well the checkbox is there and I can check it, but it wont "stick"
after an OK or APPLY
so I check the users permissions on the folders.
This is what I have... is it normal?
(http://img255.imageshack.us/img255/4158/captureqb.jpg)
From where is windows getting this uers? They are not even setup
in Windows... not as users or Groups
I'm looking under "Local Users and Groups" in "Computer Management"
-
So no one found a way to hide files in the DNS-323
from Windows... without having to install any 3rd party software like funplug ?
-
yes, this is an irritating issue for me as well. hope D-link apply the fix that someone else provided earlier in the thread.
-
Same issue, that the cause is:
security = USER
in smb.conf file. If you change it to:
security = SHARE
you will get same behavior as 1.06. But I don't know how to persistent it.
Steps:
1. Telnet or ssh into your DNS-323
2. pkill smbd
3. pkill nmbd
4. edit smb.conf and change "security = USER" to "security = SHARE"
5. /usr/sbin/samba/smbd -D
6. /usr/sbin/samba/nmbd -D
and you should be done. As I remember "security = SHARE" causing some other issue, and "security = USER" should be better, and on my another Linux box, "security = USER" never cause this "guest" not able to access issue. Not issue why it causing issue in DNS-323.
What exactly does this accomplish? Does this return the behavior to allow both password protected and anonymous shares?
Does this survive over reboots? Probably not over a firmware upgrade, right? Where is the smb.conf file located? What editor is available with ffp to edit the file?
-
So no one from D-Link can confirm that the authentication method for the DNS-323 was changed between v 1.06 and v1.08b8 ?
-
Well, I can confirm it changed! On the earlier versions, I could have anonymous shares and password protected shares. That no longer works, if you have a password protected share, anonymous shared don't work.
-
By what I have read if there are no users permissions set than 'ALL' means that anyone can access the shares, but if user permissions are set than 'ALL' means all defined users only can access the shares?
Maybe D-Link can perform some programing magic and have a check box that allows 'ALL' to mean open access or open access restricted to defined users.
This would solve this annoying issue and give the owner of the device control back. As it is I am still on v1.04 and am not upgrading until I have to. :-\
-
Join the chorus. :D
-
well how does one get D-Link to sit up and take notice ???
what do we have to do ???
-
@gunrunnerjohn
Hi I read in the "Bug" list thread that the "All users" no access was working on v1.08b9
and you said that you would be taking a look at it....
Did you have time to do it? whats the results?
thanks
-
I have yet to load 1.08b9, one of these days... :)
-
Just Noticed something else with Windows 7
I can't set the "Hide" attribute to a file in windows.
Well the checkbox is there and I can check it, but it wont "stick"
after an OK or APPLY
This isn't a specific issue for the NAS. Linux/Unix file attributes are stored differently to Windows ones. Hidden files in Linux filesystems are represented by a "." prefix.
See here http://oreilly.com/catalog/samba/chapter/book/ch05_03.html (http://oreilly.com/catalog/samba/chapter/book/ch05_03.html)
...It is possible to achieve but it could cause further confusion.
-
Thanks for the info jamieburchell..