Solved

Accessing a non-windows network share and forcing prompt for password

Posted on 2013-01-23
14
280 Views
Last Modified: 2013-02-07
I'm trying to access a network share that sits on a NAS.  The share is read only for some people but I have write access to it.  When I access the share however it doesn't prompt me to log in with the account that has write permissions on it.  Are there any switches and ways that I can make is prompt me for a log in to determine if I have write permissions on that share?
0
Comment
Question by:wannabecraig
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38809271
Have you tried logging in as a user who definitely does not have write access, and trying to write to the share? Presumably you will get an access denied error or something similar, thus showing that the permissions are what you expect.

What OS are you using?
0
 
LVL 87

Expert Comment

by:rindi
ID: 38809272
It probably depends on the NAS and how you set it up. They all are a bit different and use different OS's. Apart from that, it is possible if the username you are logged on to the PC as is the same as that which has been setup on the NAS, along with the same password, you don't have to logon separately. But also that depends on the NAS.
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 38809317
The problem is that it' not prompting me for the 'write' user.  It just assumes I'm not in a group which has write access.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38809342
But if you already have write permissions it will know that from the ACL or its equivalent, and so it won't ask because it already knows.
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 38809345
ok, but say there are two different accounts, how can I get it to switch to the one I want to use?  Is there any way to force a particular user?
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38809453
That's a function of the OS, and you haven't said which one you're using.
0
 
LVL 87

Expert Comment

by:rindi
ID: 38809478
As I said, it depends on how you have set up the NAS and what functions it actually offers. Their setup is normally specific to each manufacturer. Usually you do the setup via a web-browser. Also check it's manual.

You might also just need to log off from your PC, then log-on to a different account on that PC, and then you may have other rights on the NAS.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:wannabecraig
ID: 38809544
I'm connecting from a Windows 7 machine to a netgear ready NAS with some linux distrib on it.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38809595
Were the permissions set on the Netgear device, or in Windows? Are the NAS and Windows box in a domain or a workgroup/homegroup?
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 38809885
NAS not in the domain, just a standalone Box. The permissions are set in the share on the NAS admin interface.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38810170
In that case the access is managed by the NAS. It will have a list of users along with the permissions and rights of each, and will grant or deny access as appropriate .

You could try browsing to a share using Run As to invoke Windows Explorer with a different user account on the Windows 7 computer, but I'd be surprised if it worked...

If you're the administrator then you should already know the user rights for every share on the NAS, and if you aren't then what are you trying to achieve?
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 38810195
I know the username and password, but they share is read-only to everybody and then read/write to an admin group. I set these shares up but Windows seems to access using the everybody account.  I'm trying to get to access it under the read/write account.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38810296
I'm not quite understanding you. Are you saying that everybody has read-only access, or that everybody has read-write access?

Are you using Windows 7 Home or Professional?
0
 
LVL 7

Accepted Solution

by:
BobintheNoc earned 500 total points
ID: 38817143
Windows has and maintains a list of credentials that it can call upon whenever a resource is accessed, Credential Manager in the Windows Vault.  From your START button, type in "Manage Network Passwords".  Look through your list on your Win7 Box to see if you have ANY entries for either the name or the IP address of your Netgear NAS unit.  If so, either delete or modify them if you want to change things up.

If you've ever entered credentials and had that little checkbox that "Saves" your credentials, Windows will save it to the vault.

Also, if the local accounts on the NAS unit happen to match your username and password on your Windows Machine, you could be automatically passing your currently logged on credentials automatically.  This was an old method we'd use in the old days when we didn't have Domain joined resources.

How do you access the NAS?  Via web browser?  Or via Windows Explorer?  If via Web browser and the web page you use is considered Intranet Zone, Windows will automatically send your credentials for you, if your current Windows logged on account name and passwords match up with a username stored on the NAS, along with the password, Voila, you get access--if it's an intranet zoned page.

It doesn't take much to put a page into the Intranet zone, simply NOT having a period in the name will usually do it.  Example:  http://mynas   will be an Intranet Zone automatically, and IE will automatically send your current credentials to that page.  Simply changing the address entry to http://mynas.  will put it into the INTERNET ZONE which will then prompt for credentials, IF the NAS requires them.  Same pretty much happens when accessing via UNC, example:  \\mynas\myshare  will be considered intranet  while \\mynas.\myshare  or \\mynas.mydomain.local\myshare will behave similarly.  If really stuck, you can always ADD the site/location to the RESTRICTED sites zone in IE to make sure it's not considered INTRANET.  Get to the RESTRICTED SITES zone list from InternetExplorer, Tools, Options, Security---Restricted Sites tab, then click the SITES button.

In the end, if you can't figure it out, look to the NAS administrative interface for any kind of logging or Auditing settings.  If it's got decent CIFS sharing and supports NTFS, there'll likely be some AUDIT entries that you can set so that when you access, read, modify, delete, etc., the log file will list FAILURE and SUCCESS audits with the username used.  A lot more complex but still valid method would be to use something like Wireshark or other network packet capture tool.  Start a capture, do something to the NAS files, then stop the capture and examine the list of packets.  Usually, you'll see some sort of authentication attempts via NTLM/LanMan and then more sophisticated methods like NTLM2 or even Kerberos.  Usually, with a tool like Wireshark, it'll dissect the packet and give you pretty readable information, possibly even the USERNAME used.

The last thing I thought I'd mention--some systems, in their amazing logic, if a credential is presented that matches up with a stored username, you get the restrictions/permissions that are listed to that account.  In some instances, if you supply a username that doesn't exist, you're considered UNAUTHENTICATED or even ANONYMOUS--if the rights for UNAUTHENTICATED or ANONYMOUS are set to allow WRITE, that may be your lead.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSH commands for Nas4free 21 304
LAN or WAN ? 11 66
WAN IP Conflict on Sonicwall 5 61
Cisco ASA5508-X vs Barracuda X200 2 32
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now