Openfiler AD integration and controlled access
I have resolved the issue, though understanding is still lacking.
It turns out that if you access the SMB share through the NETBIOS name entered in Openfiler's SMB / CIFS Setup
screen, Vista is happy.
Doing the same using the IP address does not work.
Most perplexingly, I have a Windows Server 2003 machine (not on the domain) that behaves the other way around, i.e. access is only allowed through the IP address and not through the NETBIOS name.
Related videos on Youtube
Hans Malherbe
Updated on September 17, 2022Comments
-
Hans Malherbe over 1 year
I integrated Openfiler with an Active Directory.
I configured a SMB/CIFS share as
Controlled Access
and setdomain admins = PG
anddomain users = RO
. This should give domain users readonly access to the share.When I open a share from a Vista machine on the domain everything works.
When I try to open the share from a Vista machine that is not on the domain I get the login prompt as expected, but no matter what I enter, I get a message
\192.168.1.51\raided.main.iso is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again.
When I configure the share as
Public guest access
it works both ways. Both of these machines are on the same network.What gives?
-
Hans Malherbe almost 15 yearsThat's a good idea but for the fact that I integrated with AD for the easy maintenance. I can just as well maintain the roaming users in the local Openfiler LDAP server.
-
Arek almost 15 yearsHow many computers not connected to domain do you have? In my case it's minority of them, so it's ok to manage their logins and passwords by hand in AD. Also managing users and groups in Active Directory is simply more comfortable and powerful.
-
Hans Malherbe almost 15 yearsWe're doing R&D on a domain completely isolated and secured from the company domain. Project members have their computers added to the company domain yet needs to access our private domain with separate credentials.