When trying to access existing remote network shares from a Windows machine, you may see some errors that prevent you from accessing the share. This blog is about some of those errors and how to fix them. Problem 1: User account has insufficient permissions This is the most obvious issue but is often overlooked. […]
When trying to access existing remote network shares from a Windows machine, you may see some errors that prevent you from accessing the share. This blog is about some of those errors and how to fix them.
This is the most obvious issue but is often overlooked.
If you log into Windows and are unable to access a remote network share, then make sure your account has sufficient access permissions for the share.
If a Windows service such as Apache web server is unable to access the network share, then make sure that the Windows service is run using an account that has sufficient permissions to access the share. When the service is run by a user account without proper access permissions, the service will not be able to read the share.
Solution:
To fix problems with share access for a service, follow these steps:
Solution
By default, domains are unable to communicate with other domains. For the communication to be established, a trust relationship between these domains should be configured.
After a trust relationship is defined between Domain A and Domain B, users of Domain B can log on to their own domain through a workstation in Domain A. Here Domain B is the trusted domain and Domain A is the trusting domain.
There are different types of trust relationships. Explaining all of them is out of the scope of this document. But some information is provided below:
Trust Type | Transitive | Non-Transitive | Direction | Authentication Mechanism |
Notes |
Parent-Child | Yes | No | Two-way | Kerberos V5 or NTLM |
Created automatically when a child domain is added. |
Tree-Root | Yes | No | Two-way | Kerberos V5 or NTLM |
Created automatically when a new Tree is added to a forest. |
Shortcut | Yes | No | One-way or Two-way |
Kerberos V5 or NTLM |
Created Manually. Used to improve logon times between two domains |
Forest | Yes | No | One-way or Two-way |
Kerberos V5 or NTLM |
The trust allows all domains in one forest to trust all domains in another forest. Used to share resources between forests |
External | No | Yes | One-way | NTLM Only | Created Manually between domains in two separate Forests |
Realm | Yes | Yes | One-way or Two-way |
Kerberos V5 Only | Created Manually. Used to access resources between a non-Windows Kerberos V5 realm and an AD DS domain. |
Used to access resources between a non-Windows Kerberos V5 realm and an AD DS domain.
Steps to Create External Trusts
Even when the trust relationship is established successfully, access to network shares might fail. This could be due to authentication firewall rules preventing access for the user account.
To confirm what the actual error is:
eg : DIR \\test.local\Filecloud
If the listing is successful, then the user account should have access permissions to the path. But if an error like the following appears below it, although the group or the user has been granted rights to access the share Then the share is in another domain and the trust was set up with ‘selective authentication.'
"The computer you are signing into is protected by an authentication firewall. The specified account is not allowed to authenticate the computer. "
Solution:
Navigate to the domain which has the share:
This will fix the issue, and you will be able to access the shares and list.
[caption id="attachment_29717" align="aligncenter" width="1327"] Share Protected By Authentication Firewall[/caption]
By default, Windows has a limit of 255 characters for the path. Trying to access files/folders from a Windows share longer than this limit might result in access issues.
Solution:
One option to fix this issue is to restructure the folder on the Windows share such that the path length does not exceed 255 characters.
Another option is to enable long path support for Windows (this support only is available on Windows 10 and server versions).
Steps
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem