From Unraid | Docs
< Plugin‎ | webGui
Jump to: navigation, search

Windows/Samba integration can be perplexing, here's how it works.

When a Windows user clicks on an unRaid server listed under Network/Computers, Windows initiates a connection between itself and the server. You can think of this initial connection as a "log on". The connection request includes a set of credentials, that is, an encrypted user name and password associated with the Windows PC initiating the connection.

Usually the credentials are that of the user who is logged into the Windows PC; however, if sometime in the past, you logged into the server using a different user name/password (e.g., using a dialog box), then those same credentials will be used for all subsequent connections. See below for instructions on how to clear this.

The unRaid server now looks up whatever credentials were passed by the Windows PC in the set of created unRaid Users. If we have a user name and password match, then access to the server is granted as that user. This obviously implies that you have previously created an unRaid user and password that exactly matches the Windows user name and password.

If we have a user name match, but the passwords do not match, then Windows will present a log on dialog box asking you to enter a user name and password. Normally, you would enter your same user name, and enter the password you set for this user on the unRaid server. If we now have a user name and password match, then access to the server is granted as that user name. If the wrong password was entered, the dialog box will re-appear. This mechanism permits you to have a different password on the server than you have for your Windows log on.

Here is the part that causes confusion. If upon initial connection there is no unRaid user name that matches the Windows user name, or you enter a user name in the dialog box that does not exist on the unRaid server, access to the server is granted! In this case the server considers this to be a "guest" connection.

At this point, our Windows PC is now granted access to the server. This simply means that all the shares will now appear in the explorer window. Whether or not the Windows user may access those shares is determined by the unRaid share security mode set for each share:

For Public shares
All users, including guest users, have full access to the share. Any files created by a logged on user will appear to be "owned" by that user. Files created by a guest user will appear to be owned by a user named "nobody".
For Secure shares
All users, including guest users, have read access to the share, but only logged on users can possibly write to the share and/or create new files. Such newly created files will appear to be owned by the logged on user. You select which users may write the share in the SMB Security Settings for the share.
For Private shares
Only logged on users can possibly access the share. You select the access permission for each user (no-access, read-only, or read/write) in the SMB Security Settings for the share. Newly created files will appear to be owned by the logged on user.
Note: if a user attempts to access a Private share for which that user has no access, Windows will present a log-on dialog box. If you now enter a valid user name and password that has read-only or read/write access to that share, Windows will usually complain that, "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server of shared resource and try again."
This dialog box will not appear if this is the first share you access following initial browsing to the server.

Creating a Fresh Windows Connection

Once a Windows PC has made a connection to a share on a server, the same credentials that were used will be used again for all subsequent connections to any other shares on that same server. To cancel this behavior and initiate a fresh connection, follow these steps:

  1. On the Windows PC, close all applications which could be accessing the server, close all windows that are exploring shares on the server, and close the Network window. Then open a command window and type this command:
    net use * /delete
    Alternately, reboot the Windows PC.
  2. On the unRaid server, Stop and then Start the array.

Other Notes

If you have created user names on the unRaid server that match Windows users, then those Windows users may or may not see a log on dialog box depending on whether their Windows log on password matches the corresponding unRaid password.