Tuesday, 7 September 2010

How to Migrate to User Security Mode

With newer OS'es like Windows 7 and OSX Snow Leopard, the "Share" security mode featured on some older ReadyNAS devices like the NV+ is unfortunately no longer supported. The solution to the problems this causes is to migrate the ReadyNAS to "User" security mode. In "User" mode, individual user accounts are created on the NAS for each person that will access it. That user account is then granted appropriate access to shares, rather than the shares themselves being password protected. To migrate to "User" mode, 3 major steps are required:
  1. Change Mode
  2. Create a User for you to access the NAS
  3. Fix permissions so that new user account has full access to the data, as before.
Afterwards you may wish to take an additional step 4) to create other user accounts and give them permissions that may be the same or different from your own user account. These are the accounts your friends, colleagues, family would use


Details:


Step 1) Load Frontview and then go to Security → Security Mode in the left menu.


This should present you with a window that has 3 major options for the Security mode: Share, User & Domain. You should change the option from Share to User, and if necessary complete the "workgroup" option, keeping it the same as you had in share mode. Then press the Apply button (bottom right)


Step 2) Go to the Frontview menu Security → Users & Group Accounts.


This will load a window where you can add your new user account. Select the "Add User" tab and add one account entering a username of your choice (eg "john"), your email address, and a password, leaving the other options alone. There are no restrictions on the characters you can use in the password or the length, but note that you cannot create a user with the same name as an existing share. And then again apply your changes with the button in the bottom right.


Step 3) Reset Permissions in Shares → Share Listing → Protocol → Advanced Options


Because of the mode change, the permissions on your files are likely to be in appropriate and could give you access issues. To pre-empt this, in Frontview go to Shares → Share Listing and select the protocol icon for your first share (eg AFP or CIFS) When the protocol options window has loaded, to the right is a tab called "Advanced Options". Select that and in the new tab, change the options so that they look exactly as in the following image and then press apply


You need to repeat the above for each of your shares. Once done - you should be set to reconnect your mac or pc and have full access to your shares Afterwards you may wish to have a look at this post for the Step 4 I mentioned - it is a good overview of how to setup permissions for multiple users (should you need to)


NOTE: This is a first draft of how to make this migration and therefore there may be errors or points that are not fully explained. Feedback would be appreciated so the guide may be improved

18 comments:

  1. In your post "Overview of ReadyNAS Permissions" , you mentioned that the "Share folder group" should be the group "users". In the above, it is the default "nogroup".
    I would be interested to find out why you have left it as "nogroup" here.
    Thank you.

    ReplyDelete
  2. Hello - and well spotted.

    The reason is that "nogroup" is the default Frontview setting when creating a share in User security mode. This post is intended to convert the NAS to User mode by replicating the default settings, so emulating if the NAS had been setup in User mode from the start. I didn't want to complicate the process by going into more advanced share permissions as not all users wish/need to understand those.

    ReplyDelete
  3. I have got confused in step 3 where is says "You need to repeat the above for each of your shares."

    I don't have any shares. Though I have set this for 'backup' and 'media'.

    The other problem is that I have no idea what protocol I am using. Should I make these setting in (3) for each of CIFS, NFS and AFP?

    ReplyDelete
  4. "backup" and "media" are shares - they are the default shares created when your NAS is first setup

    You have probably been using CIFS as this is the protocol enabled by default due to it being supported under Windows, OSX and Linux. That said, the settings referred to are independent of the protocol being used and only need to be set once per share. (You must first choose a protocol to get access to the Advanced options tab, but whether you choose CIFS, AFP or NFS - you will get access to the same tab)

    ReplyDelete
  5. This change solved an error when trying to import CDs to iTunes living out on my ReadyNAS Duo. Running W7 64bit. iTunes would report: The file ______ couldn't be converted. You don't have write access for your iTunes Media Folder or a folder within it. Tried to reset all the permission via W7 and those resets don't stick on the NAS, of course.

    Making changes as noted here migrating security mode solved the problem. Thank you.

    ReplyDelete
  6. Worked great. Used it to access files on USB disc attached to ReadyNAS duo. The files were from a backup job from NAS to USB disc

    ReplyDelete
  7. I'm using RAIDar 4.2.15 on a new Ultra 6. I don't see any "Security Mode" option under the Security section in Frontview. What I see is identical to what I see in the simulator:

    http://www.readynas.com/simulators/frontview/home.htm

    That is, two sub-entries for Security, "Admin Password" and "User & Group Accounts". Does this mean I'm already in user security mode? Thanks for attempting to clear this up.

    ReplyDelete
  8. Hi Nat - sorry for the late response; I've only just seen it.

    The Ultra 6 only supports User Mode security. Share Security Mode has never been supported on x86 based NAS' like the Ultra Series, and only the Pro models feature Active Directory support

    ReplyDelete
  9. Hi I think my problem is related to this. Ive just changed to usermode. but what happend is that the readynas disapeared from my network. I see it as a mediadevice and storagedevice but cant see it as a "computer" so I cant click on it to access it. I have a NV+. (btw im from sweden so excuse my english)

    ReplyDelete
  10. Update: Ive found the readyNAS by typing \\readyNAS in the explorer. but it still doesnt appear as an icon to click on when looking at the network. hope you understand what I mean. (I can access my files now atleast :) )

    ReplyDelete
  11. There are numerous reports of this issue by Windows 7 users. It has nothing to do with the security mode (though there are other issues related to Windows & Share Security Mode) and seems more related to changes in windows 7. I haven't seen anyone post a definitive solution yet

    (Apologies for the late reply – my site seems to have stopped notifying me of new comments)

    ReplyDelete
  12. For some reason I don't see a "Security Mode" on my ReadyNAS Duo. I've had the device for several years but I think the firmware is up to date with 4.1.8. When I go to "Security" there is only Admin Password and Users & Groups. The problem I'm trying to fix is getting a "Forbidden..." when accessing shares via HTTPS. I've got the Advanced Options set specifically to a user and corresponding group Owner and Read/Write access. I'm chosen to update the permissions on the shares. Any thoughts?

    ReplyDelete
  13. There is no Share Security mode on the Duo - it only supports User Security mode

    Your error is probably because the user "admin" - the account used by the Apache web server - does not have access to the share. (As a guess, you have probably disabled "Everyone" rights when updating the Advanced Options.) Update the access/permissions settings to fix this

    ReplyDelete
  14. I've been playing around the ReadyNAS Ultra4 RAID4.2.17. I am having problem accessing the shares that I created. this share permits only 1 user. It is prompting for a password but when I entered my account details, there's an error says that the Share is not accessible. You might have permission to use this network resource. Contact the administrator of this server to find out if you have access permission.
    Multiple connections to a server or shared resource by the same user, using more that one user name are not allowed. Disconnect all previous connections to the server or shared resource and try again.

    Do you have any idea how can I accomplish what I would like to do?
    And one more thing, when I tried to access it through browser, it says that there are no shares accessible, but in fact I have 2 shares that are set for public access.

    Please help.

    ReplyDelete
  15. I would suggest you post your issue on the ReadyNAS forum, providing full details of how your NAS and PC are setup and how you are trying to access the NAS.

    The symptoms suggest you may be trying to connect to your NAS multiple times using different credentials - something that Windows does not allow.

    ReplyDelete
  16. I wanna change FROM "Share" to "User" mode, but am confused about one thing: Will this in any way affect my content - meaning delete it? I understand that I might have to go through some permissions marathon but I am prepared to do that, if this will mean that I finally can delete those files and folders on my NAS that in "Share"-mode simply wont be deleted. Thx for a great post.

    ReplyDelete
  17. Changing mode does nothing to your data - it simply changes how shares are presented to the user

    ReplyDelete
  18. Hi Sphardy

    I Just migrated my NV+ to user mode. Great guide. The only thing I'd like to add, is that step 3) in my case took several minutes per share. When you do the change a "wheel" comes up, and disapears again. But only after an appearing window stating: "Share contents ownership and permissions changed to match the share." AND hitting a different pane and then return to Share Listing I was able to continue. In the meantime Share Listing was blank. Had me quite concerned there for a while.

    I STILL have trouble deleting some files. Even new ones just created. Now I'll try a reboot having the NAS checking all shares upon startup.

    ReplyDelete