BRENT TOBICZYK's picture

At my company we have been using Turnkey File Server for about 2 years now with not a single issue. It has been flawless. We have Webmin 1.630 on fileserver (Debian Linux 7) bound to a Win Server 2003 AD. For some reason (which I cannot figure out) a few random uses suddenly cannot access it. It is definitely a user issue and not their individual computer issue. I was able to connect to our shared drive using my own login on their computer but anytime I try to use their credentials I keep receiving a win login prompt asking for password. I have tried changing the password on the AD, removing and adding users to their groups, deleting user and reattempting to connect. Nothing. Any ideas would be very helpful

Forum: 
Jeremy Davis's picture

My first guess would be Win OS. I know that you said you are pretty sure that it's the users themselves, but my guess is that you are an Admin and they are normal users...? To verify it's the indivdual users themselves, have you tested those same users from PCs which other users can connect ok (and vice versa)?

Maybe I'm on the wrong track but it seems to me much more likely that if it is inconsistent that it would be the local environment; rather than the shared one...

Also are they accessing the same shared folders? Or are they accessing different places? If they are different then it's probably worth comparing them (from within Linux). If they are the same then perhaps comparing the users config (from within Linux) could be worth a shot. I'd check both Linux and Samba users; although I think it would much more likely to be Samba related from what you are saying. Linux user issues would more likely let you log in, but then not let you access stuff.

Also depending on the access scenario you are needing, perhaps you could try using Linux file permissions to restrict/grant access to certain places and relax Samba permissions?

Having said all that, I have had impending HDD failures show weird symptoms similar to this (i.e. the TKL server HDD).

TBH I'm not sure how useful my input is as I haven't had much experience with Samba beyond simple filesharing scenarios where security wasn't important (and hence was just allowing all...)

BRENT TOBICZYK's picture

You are correct in that I am an admin but I have also tried using other standard users to map to the drive and was able to with no issues.

It really seems as if turnkey is not in sync with the windows domain. Maybe I am mistaken as to the way it works but I thought that each time someone logs in to the file share it reaches out to the pdc, authenticates the user, then allows/denies access.

As for the folder structure, there is a generic "Shared" drive that all "users" (anyone in the users group) can access. There is also a "homes" personal folder for each individual that only they can access. On top of those there are accounting, IT, shipping, etc that are all tied to specific groups and are controlled with their respective group.

Typically we initially map a user to the "shared" drive and by default it creates a personal folder as well. The users having issues cannot reach ANY of the folders for which they are supposed to be in the group for as well as not being able to reach their personal folder. This is only happening so far for 3 users out of about 50 or so.

Jeremy Davis's picture

Unless you (or someone prior to you) have set it up to sync with your domain. By default it operates as a standalone Fileserver. In theory it is possible to make it sync with a Windows domain, but I'm not a big Samba user so TBH I wouldn't know where to start...

If you keep in mind that TurnKey is built on Debian (v13.x = Debain Wheezy aka 7) and that the Fileserver uses Samba3 to provide SMB/CIFS shares then you should find plenty of info online (via google). Also it sounds like you are aware, but just in case, TurnKey Fileserver has a Webmin Samba module installed which may make manually editing your Samba config easier...

As it sounds like you are in production, the way I would go about this is as follows:

Manually configure the 3 users who aren't working as they should (so they can get on with their work). Then set up a new instance and play with it (documenting as you go) until it works as it needs to perhaps set up some test users on your domain server). Once you have it all documented and it is repeatable - i.e. you can start with a clean server and configure it from scratch to be how you want; then migrate the data and users across to the new server.

Note that this assumes your server is running in a VM; if it's not then I'd do your testing in a VM. You may not need to reinstall over you original server but regardless I strongly suggest that you take an image of your existing server before doing anything (and ideally test it and confirm that it works prior to going any further). Then worst case scenario you can restore and start again...

Add new comment