Categories
Uncategorized

Enabling transparent SMB authentication between your Microsoft Account and your Synology DiskStation

One thing that annoyed me quite a bit after upgrading to Windows 10 and using a Microsoft Account was, that now I had to actively provide credentials to access the SMB shares on my Synology DiskStation. Whereas before I was able to access the share without being asked to enter a username and password. For some idiotic reason, simply ticking that checkbox that says “Remeber my credentials” didn’t satisfy me. Today, after almost three years (the TP was release on 1st October 2014), I found the embarassingly easy solution.

The Problem

As you might know, one of the first things Windows does when browsing to a SMB share, is trying to transparently authenticate with the credentials of the active user. And if a user account that same username and password exists on the server, authentication will be successful and the SMB share will be opened. But if you have a Microsoft Account, this won’t work and Windows will ask you to provide valid credentials.

The Reason

To figure out your username, you would normally open a command prompt and do a quick echo %username% or whoami. It will show you your username. You would then compare that to the Synology user account. Naturally, you need to have identical password for both user accounts, too.

Strangely, transparent SMB authentication will fail and you will be greeted with a credentials prompt.

The reason behind this is that, by using a Microsoft Account, Windows’ SMB client will authenticate with the username, but with the email address of your Microsoft account. Have a look at the TCP transmission.

(“MicrosoftAccount\…” is the domain and not part of the username)

So what we have to do sounds easy. Log into the Synology and rename the user account “daniel” to “██████@gmail.com”. Unfortunately for us, Synology does not allow for the “@” character to be a part of the username. So we need to do some hacking.

The Solution

  • First, enable SSH on the Synology. You find that under Control Panel > Applications > Terminal & SNMP > Terminal > Enable SSH service.
  • Then SSH into your Synology. Use the credentials of your admin account. Once you are in, gain root permissions by executing sudo -i.
  • Run vim /etc/passwd and locate and rename the specific user account. In my case it would be from “daniel” to “██████@gmail.com”. This would look something like that:
# before
daniel:x:1027:100::/var/services/homes/daniel:/sbin/nologin 

# after
██████@gmail.com:x:1027:100::/var/services/homes/daniel:/sbin/nologin
  • Do the same for the Samba user account in vim /etc/samba/private/smbpasswd
██████@gmail.com:1027:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:…:[U          ]:…:
  • Restart the Samba service /usr/syno/etc/rc.sysv/S80samba.sh restart

Done!

The username in the Synology web interface won’t change though, but I don’t consider that a big deal. I hope that Synology will provide a native solution to this issue in the near future.

Thanks for reading and if you have any suggestions for improvements, please let me know in the comments.

  • Daniel