Accessing a network drive from Windows 10 and how to add users

I have successfully added a USB drive to my network. I can access the drive by logging into the router. In the "network shares" on luci I tried it with and without allowing guest access.
When I try to access the drive from Windows 10. I am first asked to select a certificate from a choice of three: 1) "Token Signing Public Key"; 2) "MS-Organization-Access"; 3) "@<my service provider". (I have tried 1) and 3))

I then get an error message " You can't access this shared folder because your organization's securty policies block unauthrenticated guest access. These policies help protect your PC from unsafe or malicious devices on your network".

I also couldn't find out how to add users to the router. I was hoping to be able to set the disk up so that I could control access for different users. I couldn't find a package for adding users.

I would be really grateful for some advice on what to do.

Thanks,
Chris

1 Like

Please let us know;

  • openwrt version
  • all samba / luci*samba / ksmbd programs that exist on your system

samba has been a moving target over the last year or so... therefore it's important to clarify which versions of everything you are currently running.

Can you give us some more informations about that? How did you add that drive?

Not necessary. Same old stuff despite the moving targets.

You can't access this shared folder because your organization's securty policies block unauthrenticated guest access

It's a policy set in Windows. Usually when your Windows 10 PC is somehow connected to your company network. Is this the case? Do you login with Office 365 account that is managed by your company? It's also possible Windows gives this error when your PC is not linked to your company, and the warning is just inaccurate. I wouldn't know because I don't use shares without password protection.

Anyway regardless of your Windows 10 configuration, try change the policies if you have enough privileges to do so. On your client, type gpedit.msc in the start menu (or use the Run dialog by pressing Windows Key + R). Go to Computer Configuration > Administrative Templates - Network -> Lanman Workstation. Then enable the Enable insecure guest logons policy. Reboot Windows or run gpupdate /force in the command prompt. If you're not able to change the policy, your company might have blocked this. If you run your own Domain Controller, adjust the policy there.

I also couldn't find out how to add users to the router. I was hoping to be able to set the disk up so that I could control access for different users. I couldn't find a package for adding users.

It's all explained in the OpenWRT guide for Samba. In short, adding users involves editing the /etc/passwd file to create a Linux user who cannot login into the shell (set the shell to /bin/false), making that user a samba user by issuing the smbpasswd -a <user> command, and editing the samba configuration to allow samba users to access the defined shares.

By the way this guide allows anonymous users. I wouldn't recommend that (hence the mentioned Windows restriction you're having problems). I would always set a password for Samba users via smbpasswd. Please remember that Windows can only use one single logged in credential per Samba server. So if you have a passwordless public share and a password protected private share on the same Samba server, it's better to create a user called public with password public, and create your own user exampleuser with password examplepassword. Then you allow access for the public and exampleuser user on the public share, and only allow exampleuser on your private share. Don't forget to remove the guest ok option from the both shares.

1 Like

Thank you for your help. I do login with a 365 account. I have now followed the instructions, added a user and can now map and access the drives without making any changes to the Windows machine.

Please may I have a bit more help.

The disk that I have attached is 1 TB.
I set up the storage device using the instructions at https://openwrt.org/docs/guide-user/storage/usb-drives
If I do a df I get:

Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/root                 3328      3328         0 100% /rom
tmpfs                   255980      1104    254876   0% /tmp
/dev/ubi0_1              58028      9332     45696  17% /overlay
overlayfs:/overlay       58028      9332     45696  17% /
ubi1:syscfg              71908       556     67644   1% /tmp/syscfg
tmpfs                      512         0       512   0% /dev
/dev/sda1               999320      2564    927944   0% /mnt/sda1

The space is mainly on /mnt/sda1. If I use /mnt/sda1 as the path on Luci network shares it doesn't work. If I use /overlay it does work, but I only get 56Mb of the disk. Please can you help me gain access to more of the disk. I basically want to mount a patition that has the whole disk on it.

Thanks,
Chrisl

/dev/ubi0_1 mounted at /overlay isn't your external hard disk. It some region from your device's memory. /mnt/sda1 is your whole external disk. The reason why /mnt/sda1 is unknown with the information you supplied. It could be a permission thing or a filesystem thing.

If you could supply additional system and samba logs that would be really helpful, e.g. system log messages that indicates the drive is correctly mounted and such.

Otherwise we could go step by step through the process to figure out what's wrong. For starters: did you format it as ext4? Can you write to the disk, e.g. touch /dev/sda1/test and see this test file when you plug in your external hard disk to another Linux machine? Note that Windows can't read ext4 formatted disks without the use of third-party tools.

1 Like

Thanks for your help. I have realised that I had the wrong mountpoint. I corrected this under system and it worked.

Okay nice, I actually meantined the wrong mount point in my post, mount points are in '/mnt' and not '/dev'.

Thanks again. Your help got me sorted. Have a nice day.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.