Problems with domain security groups

All questions pertaining to Windows Active Directory Service can go here
Forum rules
1) This is a user forum for Synology users to share experience/help out each other: if you need direct assistance from the Synology technical support team, please use the following form:
https://account.synology.com/support/suppo ... p?lang=enu
2) To avoid putting users' DiskStation at risk, please don't paste links to any patches provided by our Support team as we will systematically remove them. Our Support team will provide the correct patch for your DiskStation model.
JDaus
I'm New!
I'm New!
Posts: 2
Joined: Tue Apr 07, 2015 7:27 am

Problems with domain security groups

Postby JDaus » Sat Apr 01, 2017 12:58 am

DSM is setup on the domain. last night i created active directory security groups to allow me to limit priveldge within network shares.

I added users that i required to these groups and set about changing the share permissions and folder permissions within these shares to have only the groups that we require (plus 'admin' and 'cloudstation').

Once i had changed several of the folders within our companydata share, the folders where no longer accessible to users within the security groups that have read/write access to these folders.

The only thing i can think that may be causing the issue is the fact that i am using '-' in the security group names ... could this be the problem ?
EDIT* I just added myself to an old group without dashes and allowed that R/W access to a folder and it doesn't show up ...
EDIT** allowing "domain users" R/W permissions to the folder, shows it ... i'm more confused now than every.

I the decided that i needed to "update domain data" for domain users and groups on DSM. this made no difference.

then i decided i would look at whether old groups (such as "domain users"), which they do, so now i am very confused as to what the reasons for this permission problem are. the only conclusion i can come up with is there is something wrong with getting updated groups from the domain into DSM.

I will have to resolve this issue one way or another by monday morning, so would appreciate any feedback.

BTW, i'm using RS812+, DSM 6.0.2-8451 Update 9
o.baarss
I'm New!
I'm New!
Posts: 1
Joined: Wed Aug 09, 2017 3:08 pm

Re: Problems with domain security groups

Postby o.baarss » Wed Aug 09, 2017 3:13 pm

We have exactly the same problem. The "domain users" group worked, our own secuity group is not working...

Did someone find a solution or a reason for this behavior???
peyo
I'm New!
I'm New!
Posts: 1
Joined: Thu Aug 24, 2017 9:37 am

Re: Problems with domain security groups

Postby peyo » Thu Aug 24, 2017 9:41 am

Same problem here

Adding Domain users Group to the share lets everybody connect.
Adding individual users to the share works too.

But creating a group, adding it to the share and adding users to the group won't do.

What can we do?
skhanna
I'm New!
I'm New!
Posts: 2
Joined: Wed Dec 06, 2017 3:26 pm

Re: Problems with domain security groups

Postby skhanna » Wed Dec 06, 2017 3:47 pm

We had the Domain Groups working until yesterday.

The problem started this morning, with users that previously had access to shared folders not being able to connect. So yesterday user X was a member of 'Group Accounts' that had been given Read/Write access to the Account shared folder.
Today although user X is still a member of the group, they couldn't connect and they had no group permissions assigned to them when viewed under the Shared Folder Domain Users. Giving each individual user access to the folder solved the problem for the Shared Folders.

The bigger issue we have is that the users can not access their home drive because of this problem.

Support ticket submitted.
skhanna
I'm New!
I'm New!
Posts: 2
Joined: Wed Dec 06, 2017 3:26 pm

Re: Problems with domain security groups

Postby skhanna » Thu Dec 07, 2017 5:06 pm

Found the solution to our problem...
The custom domain groups we setup were configured under the scope as 'Domain Local'. Recreating the group with the scope set to 'Global' solved the problem.

[The home drive was a tick box that hadn't been re-ticked while trying to solve the other issue]

Note: The problem did not replicate itself across two other Synology drives all connected to the same domain.

Return to “Windows AD Domain”

Who is online

Users browsing this forum: No registered users and 1 guest