search

jellyfin / jellyfin-server-windows

The Windows tray app and installer for Jellyfin Server on Windows.
https://jellyfin.org
MIT License
80 stars 27 forks source link

Configuring Network Drive when Installed as a Service #54

Open anthonylavado opened 2 years ago

anthonylavado commented 2 years ago

Brought over from the main Jellyfin repo, so it can be added to the instructions here.

Network Service (and Local System) for that matter can only access network shares or mounted drives in a Windows Domain environment. Since they identify themselves as the computer account on the network. So outside a domain the target host has no idea about the client host and can't give it access. Your best bet is to create a new user that is named (for example Jellyfin) and use the net use and runas commands to give that user the credentials to the share. Then Jellyfin should be able to enumerate the shares. I suppose the other option is to do full public samba shares, but that is very insecure. (It's guest access in the samba config) That should work, although I'm not 100% on that.

@EraYaN, can you perhaps give a tutorial on how to achieve this? I tried net use but I don't think I'm doing it right.

I just installed a new Windows Server 2022 VM, and was struggling with this same issue. This is how I solved it;

  1. If you don't have a dedicated (non-admin) user to access your media shares, then create one on your NAS and give it the correct permissions. Lets assume the username is JellyMedia
  2. Regardless of options during the installation of Jellyfin, in Windows create a user account with the same account name and password as you did on the NAS (so JellyMedia). For now this user must also be a member of the local Adminsitrators group for this configuration to work! :(
  3. In Windows, open Services, and locate the Jellyfin Server service. Change the log on as to the account you created in step 2. Then restart the service.
  4. When adding a library in Jellyfin, only use the Folder option, NOT the shared network folder. And you must use UNC path, not mapped drives. So for instance use \nas01\media\movies

That should do it. Now I only have to figure out what rights the service accounts needs so that it doesn't need to run as a local admin user. Right now the service throws an error 143 in the event log. The account automatically is granted the log on as a service right when adding it in step 3, so it must be something else.

Originally posted by @fthorsen76 in https://github.com/jellyfin/jellyfin/issues/1836#issuecomment-943097864

EraYaN commented 2 years ago

The other "correct" corporate Windows Domain solution is to give the "Computer Account" access to the file share. That is how Microsoft wants you to solve it for the Network Service and system accounts.

anthonylavado commented 2 years ago

@EraYaN Oops I didn't think a quote would have tagged you, but here we are. Thanks for the extra info!

AdamLMark commented 1 year ago

Thanks very much, @anthonylavado! Exactly what I was looking for.

ElEmFurt commented 10 months ago

Brought over from the main Jellyfin repo, so it can be added to the instructions here.

Network Service (and Local System) for that matter can only access network shares or mounted drives in a Windows Domain environment. Since they identify themselves as the computer account on the network. So outside a domain the target host has no idea about the client host and can't give it access. Your best bet is to create a new user that is named (for example Jellyfin) and use the net use and runas commands to give that user the credentials to the share. Then Jellyfin should be able to enumerate the shares. I suppose the other option is to do full public samba shares, but that is very insecure. (It's guest access in the samba config) That should work, although I'm not 100% on that.

@EraYaN, can you perhaps give a tutorial on how to achieve this? I tried net use but I don't think I'm doing it right.

I just installed a new Windows Server 2022 VM, and was struggling with this same issue. This is how I solved it;

  1. If you don't have a dedicated (non-admin) user to access your media shares, then create one on your NAS and give it the correct permissions. Lets assume the username is JellyMedia
  2. Regardless of options during the installation of Jellyfin, in Windows create a user account with the same account name and password as you did on the NAS (so JellyMedia). For now this user must also be a member of the local Adminsitrators group for this configuration to work! :(
  3. In Windows, open Services, and locate the Jellyfin Server service. Change the log on as to the account you created in step 2. Then restart the service.
  4. When adding a library in Jellyfin, only use the Folder option, NOT the shared network folder. And you must use UNC path, not mapped drives. So for instance use \nas01\media\movies

That should do it. Now I only have to figure out what rights the service accounts needs so that it doesn't need to run as a local admin user. Right now the service throws an error 143 in the event log. The account automatically is granted the log on as a service right when adding it in step 3, so it must be something else.

Originally posted by @fthorsen76 in jellyfin/jellyfin#1836 (comment)

Pt 4 worked for me, along with running the Jellyfin.Windows.Tray.exe instead of the service (possibly if I tried pt 4 with the service method it might have also worked). Thanks for the tip!