Shares on non-domain network devices

thorsten · 2018-07-23 16:07:43 UTC

NethServer Version: 7.5.
Module: users and groups, shared folders

Hi,

recently I wanted to connect my TV to my Nethserver. Therefore I created some shared folders, e.g. “musik” or “video”, a user “sanas” and a user group “media”. The password of user “sanas” is simple enough to misstype

The shared folder “video” is assigend to “multimedia” and has an ACL entry for “sanas”.
I set up as follows:
grafik

Next I tried to link the share “video” to my TV - which was not possible at all just if I active “Read only guest access” I can watch the mp4 video files.

Does anybody have an Idea where to start failure investigation?

THX
Thorsten

pike · 2018-07-23 16:16:22 UTC

Could you specify on your TV which user give to your server?

thorsten · 2018-07-23 16:24:16 UTC

Hi,

yes, of course. I shows all available shares on the network and marks them with a green, open or red closed lock-symbol. if green, I can directly access the share, If red, it asks for a user and password. I used the same system wihin Zentyal environment for some years and it worked (same share names, users and passwords)

I do enter “sanas” as well as the passwort, but I do not manage to connect. By the way: the TV recieves its IP from Nethserver DHCP.

Thanks,
Thorsten

pike · 2018-07-23 16:35:33 UTC

Please, would you try “user@domain.ext” pattern?
If it does not work, try with “Domain\user” pattern.

thorsten · 2018-07-23 16:42:48 UTC

I hat that Idea, too, but It does not work from scratch: The TV does not offer \ and @ within the users names.
But I will try something different today evenent:

I attached a Bluetooth keyboard to my TV and I am able to do user entries using my Iphone. I will try that today evening.

Also I will try to reset the network settings. I do not have the Nethserver online for a long time. Maybe DNS ist still pointing to the old Zentyal server, which had the same host name while FQDN is different, of course.

Additionally it is not required for some kind of music hardware for which I createt the user “sanas” from that I think / hope the UserPrinciple name or the full domain name is not required on my TV.

pike · 2018-07-23 16:44:29 UTC

Sorry… i misused text formatting
user@domain.ext
or
domain\user

thorsten · 2018-07-24 06:11:17 UTC

Hi,

no changes:
DNS / Netzwork is correct on TV
neither user@mydomain.tld nor MyAD\User ist possible for the TV using TV Remote app or Bluethooth keyboard.

The error screen on the TV reads:
“Error connecting server. Please change settings. Try again later” (or similiar)

Again: Quite intereting: Open / public shares are not a problem.

Are there any logfiles I may review?

THX
Thorsten

m.traeumner · 2018-07-24 13:01:00 UTC

I think you can find something in

/var/log/messages

planet_jeroen · 2018-07-24 13:16:27 UTC

Could this be an invalid certificate issue ? The TV trying to connect using SSL, but encountering a self-signed certificate, could lead to authentication failures.

See SSL certificates for Samba AD (NSDC host)

planet_jeroen · 2018-07-24 13:34:20 UTC

Also, I added that to the previous post but changed my mind … but: if you are using a domain account, the TV will use it’s DNS to resolve the domainname to an authorative server. If your TV’s DNS server is not aware of the domain, it will not find your ad server unless you have to enter it in the settings. In that case, use the IP of your AD container.

thorsten · 2018-07-24 17:13:46 UTC

I do not think so: The TV was fine with Zentyal. I did not have a Samba Certificate either. Anyway I like your hint and I will add Samba Certificates as directed

THX
Thorsten

thorsten · 2018-07-24 17:15:50 UTC

Nice tip, I will try out. But how does this work if the TV does not have “a regular DNS server” e.e. to connect to the internet. Advantage: This will increasy my privacy. Disadvantage: some apps like VOD will not work any more.

Will give Feedback ASAP.

THX
Thorsten

planet_jeroen · 2018-07-25 08:04:22 UTC

If possible, the easiets setup would be:

NethServer should have DHCP role, NethServer DHCP scope should give the containers IP as DNS server.
DNS setting on NethServer network can be your ISP or OpenDNS or whatever will resolve outside DNS.

Notice the IP of the Domain Controller in the the above picture, and the DNS server given in the DHCP scope. This way, all devices on your network will use NethServer as DNS server, and NethServer will use google in my case to resolve everything else.

thorsten · 2018-07-25 13:13:40 UTC

Ok I will try that. Thank you.

But in this case nethserver itself ist not the DNS but the IP of the AD container, correct?

planet_jeroen · 2018-07-25 13:37:21 UTC

Correct. As soon as you enable the AD module on Nethserver, you should use the DNS provided by i for at least domain clients. You should configure the upstream DNS server on the Networking page, and the rest will manage itself.

Any custom DNS records should be made using the mmc DNS snapin, not on the Nethserver DNS page. You will not see the changes there either, as it is a separate DNS server.

pike · 2018-07-30 10:14:05 UTC

OK, ~~lasts~~ more alternatives (which could be fine also without changing network structure/settings as @planet_jeroen suggested)
%NethServerIpAddress%\%username%
or
%username%@%NethServerIpAddress%

(CamelCase is wrote only for better reading, “%” should not be considerate litterally)

Suggestion made by @planet_jeroen are fine if you want to use NethServer as a network service provider for DHCP, DNS server and other nice things, even if you want to use NethServer as network gateway.
But sometimes people only want to add/change the piece they already have without change other things…

thorsten · 2018-08-12 19:42:47 UTC

Hi,

no change: none of the suggested ideas help. I do not get why I can access the shares when open to public but not if passwords / user / groups are set.

THX for further ideas…

Thorsten