I have a TS451+, Dual 1Gb NICs, running QTS 5.2.7.3297. It is not a domain controller or a member of AD/LDAP and does authentication locally
I’ve been running it on my LAN for a few years with great service. I recently added a new firewall and want to connect the 2nd interface to another port of the firewall (DMZ) for VPN access to keep VPN traffic off my LAN.
If I connect a PC (tried both Win 10 & 11) to the DMZ network and connect to \\QNap-DMZ\ via windows explorer I can see all shared folders. If I click on one of the folders or type in \\QNap-DMZ\Multimedia, I get prompted for a user/PW then it just re-prompts me again. Access Denied. I can access the admin interface and SSH via DMZ.
If I connect a PC (Win11) to the LAN network and connect to \\QNap-LAN\ via windows explorer I can see all shared folders. If I click on one of the folders or type in \\QNap-LAN\Multimedia, I get prompted for a user/PW and then have access to the folder’s contents.
I’ve tried…
Interfaces are both up
Interface getting IP addresses via DHCP then set with static IPs
Disabling Service Binding (That I want to use)
In windows networking I have SMB versions (highest = 3, lowest = 1)
Reset all file and folder permissions on the Multimedia folder.
Checked the SMB Access log. Each attempt shows the host connecting and a “Logged In” action.
I’ve set up Kodi on one of the Win 11 laptops with the \\QNap-DMZ\Multimedia\Video resource and get prompted for a new password when I try to connect from the DMZ network.
/mnt/HDA_ROOT/.config/smb.conf and /etc/smb.conf match (they might be symbolic link?)
I’d love to get some help here. I’ve been fighting with this for a few days.
I just call the interface DMZ4. It’s an interface on the firewall that has no external exposure. It is reached via a VPN tunnel into my OPNSense firewall.
LAN is 10.10.20.0/24 (QNap is 10.10.20.205) and DMZ4 is 10.10.40.0/24 (QNap is 10.10.40.205)
VPN Subnet is 10.10.70.0/24. But SMB doesn;t even work when I have a laptop on the 10.10.40.x network
One hunch was that it could be a saved credential issue on your clients, but if there is different subnets it’s should not matter. Can you try a non Windows client to test?
I don’t have any non-windows machines. But I have a work laptop (Win 10) that’s never been connected to either Qnap interface before today. I get the same behavior. I’ve also used the Windows Credential manager to delete saved credentials.
If it had saved credentials and it prompted me for new ones and I entered those, would the new credentials not be used at that point for that \\IP\share?
The PC I’m connecting with is on the .40 subnet. Nothing to block it. I can ping, telnet, and log into the web interface of the Qnap machine from that network. It isn’t a timeout. It comes back pretty quick with an Access Denied message and a re-prompt for credentials.
My firewall is currently allowing all/any/anywhere for LAN and the same for DMZ. For testing purposes. Once this is straightened out I’ll clamp down the firewall rules for DMZ from the other interfaces
OK. I swapped MAC assignments on my firewall and swapped cables in the ethernet ports.
Now Interface 1 is on the 40 network and Interface 2 is on the 20 network.
Same problem. SMB works perfectly on 20.205. But keeps asking for user/PW on the 40.205 interface. This is from a PC connected to the 40 network. If I just connect the PC to the 20 network, it can connect to 40.205\multimedia just fine.
I’m going to start a ticket with the SMB 4.15.004 and point to this thread.
I was contacted regarding my ticket and shown how to download logs.
looking at the smb.conf file I see
hosts allow = 10.10.20.*
To add networks for shared folders… Under Shared folder permissions. It defaults to user group permissions, but there’s also microsoft networking host access.