This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 14.000000000000002%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Our client has a NAS server which is being accessed by users but the NAS keeps blocking some IPs with error repeatative bad password.
Then they have to unblock it from the NAS and then they get access.
While I have checked the user's password is not changed for a while.
After unblocking the IP we tried to access the drive and it was accessible without changing password.
I have changed the user password and tried to access the drive yet it was accessible, the IPs which are getting blocked are reandom.
Could it be issue with the AD or from the NAS server?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
What is the make and model NAS that is being used? Also are the clients on different vlan's?
NAS is from Hitachi, not sure about model.
Users are remote on VPN.
I assume there no issues for user accessing the NAS while in the office and not through VPN correct? When a lockout happens, are you seeing anything odd in your firewall?
There no way to be in office now.
Firewall is another department, but I a pretty sure they are not picking up anything.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 24%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Let me tell you about similar situation we had with fujitsu and ibm NAS. May be this will help you too.
1) Kindly check if there is any password policy running with NAS or NAS hold some policy like that. Some NAS box hold AUTOBLOCK policy where using bad password block the IP of clients
2) Kindly check with SOC team ( if you have ) or IT security Team if they are receiving any alert from your NAS IP address.
---------IF YOU FIND THIS HELPFUL, PLEASE ACCEPT THE ANSWER-----------
Yes there is a feature of Hitachi NAS called "Automatic barring of SMB clients repeatedly using incorrect passwords"
Which is blocking the IP addresses of the client who are using SMB to access this NAS as network mapped drive. Though they are logged in with correct credentials yet their IPs get blocked by the HNAS, we don't have to reset their password or no account lockout logs we see, for some strange reasons their IPs are getting blocked, ee have to then manually unblock the IPs
You may also want to reach out to you NAS vendor to see if they have heard of this before as well.
The Vendor Tech was quite horrible, he just said if you are facing trouble then you can just turn of the feature like many other customers who faced the same issue.
Some vendors (ie. HNAS, https://community.hitachivantara.com/discussion/why-does-hnas-need-smb-client-barring-whereas-other-products-in-market-do-not-seem-to-have-a-need-of-the-same-functionality) implement SMB auto barring protection against unauthorized request that might fit the signature of a DDOS attack. If disabling such feature is not acceptable, possibly you would have to review your authentication flow to implement a more robust method.
Network traces captured simultaneously captured in both ends of the connection might show any possible errors taking place during SMB Session Setup (after SMB Dialect is negotiated).