sonusfaber 17 Posted March 26, 2021 Posted March 26, 2021 Hello I am new on this forum and I am moving from Kodi to leverage the trasncoding capability of emby to play movies also on low bandwidht networks. I installed emby on an Ubuntu server VM on VMware ESXi My movies are stored on a NAS and shared over the network with SAMBA, allowing GUEST access to all the media, READ ONLY. In this way all my players around, based in different OS and technology can easily access everything (Xiaomi Mi Box, nVidia Shiled, JRiver, pCorePlayer, etc.) I addedd a library to emby server poiting to the place where my movies are stored but it did not worked, so... looking at the forum I find possible solutions: I added to the NAS the user "emby" since it is the user that the server runs. I addedd emby specific access to the shares. Now emby server can access to the share but it can display just some sub-folders... while other are not. I checked all the permissions on the shared folders and there are no differences. Is there any way to let emby server to access shared drives with GUEST access?
Luke 42077 Posted March 28, 2021 Posted March 28, 2021 Hi @sonusfaber read-only access should be fine. Are you saying that some sub-folders are missing? Did you check the permissions of the subfolders? They may have their own permissions set which would override the permissions from a higher level.
sonusfaber 17 Posted March 30, 2021 Author Posted March 30, 2021 On 3/28/2021 at 7:15 PM, Luke said: Are you saying that some sub-folders are missing? Yes... and permissions are the same. I investigated a bit more: if I add the parent folder, then I can see everything but not this folder. If I add directly this specific folder... it works. I reapplied chmod on everything, no way. Anyway... I tried also Emby on Windows. As before, movies stored on the NAS. What I understood from my tests and from the forum is that there is NO WAY on emby to force a SMB connection with specific user\password. On the NAS movies are visible in read only from remote using guest access, but this is not enough... emby fails to connect I read that the user used by emby to run on Windows should be the same that has access to the shared folder. This means, I guess, that the user used to logon into windows must be the same that has grants on the NAS...
Guest Posted March 30, 2021 Posted March 30, 2021 Actually if you mount password protected shares as Network Drives.. You are prompted in Windows for that Password and User.. If you create the mounted drives and have created a user account for this specifically with certain permissions you can login with that account and mount your libraries with those paths and SMB. Windows stores those credentials.. A network drive can be set to do different things while mounting it. Including logon Right now from my system I do not remember having to logon to my NAS, network drives or SMB to access it.. in a long time. So technically you can do what your talking about.
Q-Droid 989 Posted March 30, 2021 Posted March 30, 2021 (edited) 2 hours ago, sonusfaber said: Yes... and permissions are the same. I investigated a bit more: if I add the parent folder, then I can see everything but not this folder. If I add directly this specific folder... it works. I reapplied chmod on everything, no way. Do you have nested folders with media at each level? Emby can be picky about media library structure and naming. Read up on media naming requirements in the KB. https://support.emby.media/support/solutions/folders/44000764515 Edited March 30, 2021 by Q-Droid
sonusfaber 17 Posted March 30, 2021 Author Posted March 30, 2021 2 hours ago, Hxemby001 said: So technically you can do what your talking about. Still a bit confused, sorry. Movies are shared from the NAS in read only to "guest". In this way I have several "media players" around and all of them work very well. Now Emby is installed in a Windows 10 box. Windows does not mount any shared folders since I do not have this need and moreover I would not do that. I really can not understand the way used by Emby to connect to shared folders.... regardless the result. Using Kodi it is a totally different approach: just poit the interface to the shared folder, provide user and password (or guest access)... and it works. Do you mean that we can not pass to Emby any user\password to log in into remote shared folders since Emby is going to use WINDOWS CREDENTIAL to log in? So... let me say that... I can log on into remote shares from Windows Explorer, asking to Windows to store the credential, then disconect the mapped drive and then Emby will be able to connect?
Guest Posted March 30, 2021 Posted March 30, 2021 I will show you some examples of my NAS.. and explain my setup... BUT first.. one question... Have you set this up and rebooted the NAS? Mine had sort of the same issue.. and there was no way to allow access via password through Emby... I will be back with screenshots of what I have done that works out..
Guest Posted March 30, 2021 Posted March 30, 2021 (edited) Okay.. Dell 7040 Micro Windows 10 Pro <--> NETGEAR ReadyNAS 316 I should be using another account for access with permissions set a little differently, as it is right now I am signed into my NAS shares as admin.. with a good password. You are seeing the Admin Console screens of the Video2 Share that is one a small drive I have. I have disabled most protocols and I am using only the ones I need as you will also see. I opened Windows Explorer (Win + E) and under the Computer Tab, I mapped a network drive... It asks you for a drive letter and location of the share, you have an option to reconnect at sign in, and Connect using different credentials.. You can use those according to the set up you desire. If you look at my Windows Explorer under Network locations... Instead of going to Network.. You can go to those locations and reference or access your files. ( You can also mount drives to other online storage as well ) Your computer manages the access to those drives, with the logon credentials. BUT you no longer are exposed on your network, by the NAS shares. IF Emby is installed on the NAS, then you have to allow Emby access to those shares as after a reboot.. The account for emby as a user will show up.. and its access has to be selected for it to mount the shares as a library. With Linux it has been so long.. that I would not be the one to give you the specifics.. BUT The NAS is Linux OS based.. as well as the filesystem... and shares as shown on the NAS internally.. I have blurred out the actual NetBIOS name of the unit and drive letters.. I can show the fact each one is allowed to be mounted as a library in Emby (without special permissions) with both locations Network drive Letter/path and backup SMB location. System manages access. I had the same idea in the beginning as far as setting up an account in the NAS specifically for READ Only access to the file repositories while running the server on Windows 10 Machine... That way access could be more secure and specific. While retaining my admin account for other operations per due course. Edited March 30, 2021 by Guest
Luke 42077 Posted March 30, 2021 Posted March 30, 2021 Thanks for the detailed explanation ! @sonusfaber please let us know if this helps. Thanks !
sonusfaber 17 Posted March 31, 2021 Author Posted March 31, 2021 Dear, many thanks for your support. Yesterday night I made some additional tests, also after having read your suggestions. In my case, Em by is not on the NAS box, but on a separate windows 10 PC (it is a VM running on VMWare ESXi) and the NAS is just a 12 TB Linux box with SAMBA, again it is a VM. The ESXi is a HPE Proliant server full of cores and RAM I know that eventually I could install Emby on the NAS and avoid the SAMBA in the middle... I know... but I hate install programs on the NAS. Anyway let me resume what I did: 1) WIdows 10 brand new, just re-imagined, install Emby, try tro connect to the NAS shares... NO WAY. 2) from the WIndows Explorer I mounted one of the several shares on the NAS and told to windows NOT STORE password 3) Now Emby can connect 4) removed the mapped drive 5) Emby still connects to the share 6) WIndows reboot 7) Emby can not connect In other words it is enough to keep anything mapped from the NAS to let Emby work I will investigate a bit more using NET USE against a fake target to see if it works. If Emby does not run as a service, it runs in the user space of Windows so if the user session can access the NAS, so does Emby (this is my feeling). If Emby runs as a service as system account.... I do not know If Emby runs as a service as user account... it is a bit more complex to figure out... because the user used by EMby service should be granted permissions on the NAS so we should create the same user on the NAS with the same password or ... maybe we can work on SAMBA and map to guest bad user or bad password... Anyway my question: Why Emby can not pass user\pssword or guest account to a remote NAS like Kodi or pCorePlayer? Is it a technical problem? thanks
sonusfaber 17 Posted March 31, 2021 Author Posted March 31, 2021 performed additional tests... what I wrote this morning is not correct: below the right version: 1) WIdows 10 brand new, just re-imagined, install Emby, try tro connect to the NAS shares... NO WAY. 2) from the WIndows Explorer I mounted one of the several shares on the NAS and told to windows NOT STORE password 3) Now Emby can connect 4) removed the mapped drive 5) Emby still connects to the share Emby lists the library pointing to the netwrk share, but I get ffmpeg errors since what I can see is just the library entry but it does not work anymore 6) WIndows reboot 7) Emby can not connect after a couple of hours troubleshooting... I can say that Emby (not running as a service) can connect and work on remote shares if: A) the Windows is already mounting media shares or any other network shares on the remore server OR we can also use WIndows Credential Manager to store the user and password for the shares used by Emby. In this way Emby can connect without Windows mounts any shares. This means just ONE THING: Emby is not able to manage by its onw network shares... but running Emby over WIndows, then it is WIndows that, in some way, needs to have access and/or rights for such shares.
Guest Posted March 31, 2021 Posted March 31, 2021 You must have a way to login.. through the means of connection - and to do this automatically you would then also need to store password, as well as use it in requests... This actually keeps user names and passwords out of requests made by the server, and leaves the protection to Windows. This is a better idea in my opinion since you would have to circumvent more than the server... Terminal connections between MAC and LINUX for example include such information.. Your SMB type shares and those connections would have to be the ones circumvented, which is localized. Hopefully you were not taking my explanation as an exact guideline.. but purely thorough explanation of what happens during the process, above.. Some of those are actually good things. My drives mount on startup and logon.. as per normal.. ( In my NAS I should be using another account name, with the options I want enabled. Since I am the Admin you see it as it was sitting when I connected for the explanation, the example showing that no other authorization needs to be or an account created in this instance.. as well as only the protocols needed... ) So you can create an account for the purpose of mounting your drives... to keep the Admin out of the picture.. The last statement is correct.. and yes you will not get access to those shared without storing the user/password unless you logon to those drives/shares each time. This is why when most people setup there server on their main system, the libraries are local ( same system ) or unprotected shares. Doing it the above way.. nobody on my immediate network can connect to the archive or the NAS. YET, I can serve the files through EMBY.. even use its DNLA3 function which includes a method of shaping the usage through EMBY account configuration. ( Notice that the protocols turned off on the NAS, are also turned off on my computer UPnP is also off. ) Hopefully your getting the picture.. Everything has these options these days.. I can even turn my router into a file server and a DNLA3 server... and the extender as well... ( All of that is off too BTW ).. my phone.. main thing is to try to realize hat is the best for security, and likely to be a part of the attack surface.. as far as what can be exposed.
Luke 42077 Posted April 1, 2021 Posted April 1, 2021 Quote but running Emby over WIndows, then it is WIndows that, in some way, needs to have access and/or rights for such shares. Correct. Emby can utilize the network shares that you've setup in the OS. Does this answer your questions?
sonusfaber 17 Posted April 1, 2021 Author Posted April 1, 2021 20 hours ago, Luke said: Emby can utilize the network shares that you've setup in the OS. Does this answer your questions? Yes. I understood doing some tests. What about running Emby as a service? It would be interesting to understand what will happen running Emby as a service with a specific windows user...
Guest Posted April 1, 2021 Posted April 1, 2021 (edited) I haven't tested using it in that manner, I have not entered it into my registry as a service either... Since it is just me.. and its not allowing remote.. I don't worry about keeping it on all the time.. Pretty sure it will work though, as long as the drives are mounted. Edited April 1, 2021 by Guest
sonusfaber 17 Posted April 1, 2021 Author Posted April 1, 2021 I am not so sure it will work "out of the box". Emby as a service can run with specific user or local system. Local system does not have network access. I suppose that I need to create a user, assign right to this user to reach the shares and let Emby run with this account. I need to test. Anyone ever tried?
sonusfaber 17 Posted April 1, 2021 Author Posted April 1, 2021 Luke, why there is no way to specify user and password in the network share dialogue box of Emby? Is it an hard work to add the required code?
Luke 42077 Posted April 2, 2021 Posted April 2, 2021 It's not that simple because there are no complete developer libraries for the smb protocol for .NET Core, so even if we put in this effort, we're going to run into other limitations after that. At that point it becomes a question of, do you want us allocating our resources on building an SMB driver or do you want us focusing our time on media consumption and playback. That's what it makes the most sense to mount the share in the host OS, and then add the local share path in to Emby Server.
sonusfaber 17 Posted April 5, 2021 Author Posted April 5, 2021 OK Luke, I got it. Anyway, I understood the way to correctly mount SMB shares when Emby does not run as a service. Any suggestion how to mount shares when Emby runs as a service?
Luke 42077 Posted April 6, 2021 Posted April 6, 2021 23 hours ago, sonusfaber said: OK Luke, I got it. Anyway, I understood the way to correctly mount SMB shares when Emby does not run as a service. Any suggestion how to mount shares when Emby runs as a service? What do you mean when running as a service or not? It's the same process either way.
sonusfaber 17 Posted April 7, 2021 Author Posted April 7, 2021 17 hours ago, Luke said: What do you mean when running as a service or not? It's the same process either way. Yes, of course... it is the very same process, but change the way the process presents itself to the rest of the world. If Emby does not run as a service then it runs in interactive mode and runs with the user environment belonging to the user who launched it; if the user logs off then everything and also Emby are closed. If Emby runs as a service, then it runs regardless who is logged on and runs with other credentials.
sonusfaber 17 Posted April 9, 2021 Author Posted April 9, 2021 Here again after some tests running Emby as a service. No way to run Emby by using local system account... maybe with some additional works to give network access to local system it will run, but not out of the box So i defined a new user to run Emby and Emby as a service is using this account. As you know by default and because of security reason Windows can no more mount shares as guest, so... the solution was to let Emby run with its local user, then avoid to define this user on the NAS but put a line in the smb.conf "map to guest = bad user" in this way... Emby service presents itself to the NAS with this user, but since it is not defined in the NAS system, then the connection fails back to a local guest access and so the Windowes user appears as user NOBODY on the NAS ( UID 65534 ). Hope this will help someone else.
Luke 42077 Posted April 9, 2021 Posted April 9, 2021 Thanks for the feedback. Sorry, I got a little confused as I thought we were talking about running on Linux.
sonusfaber 17 Posted April 10, 2021 Author Posted April 10, 2021 On 4/9/2021 at 7:09 PM, Luke said: running on Linux Emby installed on Windows 10 ESXi VM and movies stored on a 12 TB Ubuntu working as a pure file server. Since Emby leverages on the OS to access network shares, running Emby as an application then the user logged in must have the grants to access the shares and if there are multiple shares with different accounts, then it is not possible to work in this way on Windows. The server we want to connect to can be accessed by 1 single user at a time. So the alternative is to run Emby as a service with an ad hoc account. If the media shares are exposed to guest by the NAS in read only (like in my environment) and since new security policies does not allow guest accounts on Windows, the solution is to map bad users as guest on the NAS.... so windows try to access the shares with a user that is not defined on the NAS and the NAS failover this account to guest\NOBODY. At the end of the story, if you receive a question like: "how can Emby connect to shares as guest?" the answer is: "let emby to run with the user you prefer, DO NOT create this user on the NAS and set MAP TO GUEST = BAD USER in the smb.conf"
Guest Posted April 10, 2021 Posted April 10, 2021 It is still confusing to me as to why you are setting things up this way... Is it Ubuntu's access of those share that are making it difficult to access them with Emby? ( or what would be the windows machine ) Is it running Emby as a service with permissions without having to logon the issue... or is that defining the access in such a way... Otherwise I would run Emby on the Linux machine and use it all there for permissions and so on... unless it is a system resource issue. Guest account was killed off in a version update of Windows 7 I believe.. You used to have to secure and disable it in the Security policy to secure a system as basics. Run as LocalSystem.. should give the rights you need to access system resources. That would also mean allowing the shares from emby to be accessible without permissions being needed in read-only mode. Unless this is something that can't be done in Ubuntu... It does seem that you are trying to keep security minded in this manner... but it seems like it has gotten more complicated than it needed to be... However the security concern for Ubuntu comes into play as well, and I see that.. unless 'as guest' is what Ubuntu requires for this type of access.. and there is no other way.. Be sure to force encryption for SMB3 as well on both systems helps.. 22 minutes ago, sonusfaber said: If the media shares are exposed to guest by the NAS in read only (like in my environment) and since new security policies does not allow guest accounts on Windows, the solution is to map bad users as guest on the NAS.... This part seems to be that you are saying that you have shares open as guests... Did you think about creating an Emby Account on Ubuntu.. ( where you setup your read-only shares )...( like my NAS does when I install it on the NAS - and restart is necessary BTW ).. run as LocalSystem on Windows... with its libraries pointed at those shares? Or have I gotten something wrong..
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now