Linux based NAS with a Windows domain controller: Permissions


Recommended Posts

Hello

I seem to have trouble with a Linux based NAS that I have made part of a Windows (SBS 2003) Active Directory domain. When I made it part of the domain, all the domain users have passed to it.

I cant write to the "root" of the NAS so I make a folder. Inside this folder, I copy all of my old data to it. The problem is that the permissions dont seem to pass or pass only sometimes....

To copy I use this: http://ipmsg.org/tools/fastcopy.html.en because it supports ACL.

The domain clients are Windows 7 and Windows XP. The NAS is a QNAP TS469U-RP.

Thank you for all the help

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

  On 16/07/2013 at 11:14, BudMan said:

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

The problem is that it is suppose to be automatic: When I copy from the server to the NAS, the permissions go with it. The permissions I am talking about are:

FolderA : User1 can write, User2 is owner, All of group Users can write, etc.....

That is what is not being passed.

And I do not want to do it manually because there are a lot files/folders and one of the features is that it supports passing ACLs....

Lets see the permissions please!

Screen shots works, lets see the effective permissions tab as well with a couple different user names put in.

example - this is from a client just right clicking on the share

post-14624-0-60632500-1373995178.png

If you NAS is linux based, make and model like sc302 suggested would be helpful.

ls -la listing from linux console for your files and directories would be helpful in seeing permissions set via linux.

for linux to use windows permissions you have to map them to a linux user normally.

Also you can copy ACLs with /0 in the builtin xcopy command

 /O           Copies file ownership and ACL information.
Or robocopy as well, another built in tool can copy permissions

/COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                     (copyflags : D=Data, A=Attributes, T=Timestamps).
                     (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

      

             /SEC :: copy files with SECurity (equivalent to /COPY:DATS).
Keep in mind where you making a copy from - if any local permissions have been set its unlikely those would work, match up to domain accounts via SID, etc.

As setting permissions on your NAS, I would assume your wanting to remove the old files after you copy them.. So its just easier and cleaner to create the permissions you want to use on the device doing the shares vs trying to copy them.. Only reason to take the permissions along would be if you had complex permissions on each file, etc.

You can run into problems if inherit flags are being used on source or dest and they conflict or don't line up, accounts to map correctly, etc.

  On 16/07/2013 at 23:19, sc302 said:

what I would suggest is to use iscs vs nfs.  it will be much better for you if your ad permissions aren't being applied.  It would be best if you could dedicate a nic for it, but it is not needed.

I actually was intrested in iSCSI the problem with it is that Im not completely sure how it works and we were already using a "shared folder" type structure so the transition would be "transperent", we just decided to go with this.

If you could share some document with iSCSI and AD permissions, Ill consider trying it out :)

Another kicker: On the server there are groups I can add permissions for and on the NAS I cant!

On the left side, you see users/groups I can add for setting their different permission settings. This is the AD server.

But on the right hand side, you see the users/groups I can add for the NAS server. Shouldnt it, since I am accessing from the AD server, be the same?

Scratch all that: Just read it is by design. God, this is going to make my life a bitch :(

Not sure how in-depth you want to get into Linux but I managed to set this up using Software RAID6 on Linux with mdadm, 4TB  and got results of about 300MB/s read and 300MB/s write (That's MegaBytes not bits).  Wired that up through my place over a 1Gig/s network for around 120MB/s R/W to from that.  About 6 steps. 1 step to do the RAID.  So around $800 for 4TB and those speeds.

 

Here's the page about all that and it actually works as posted:  

 

All shared with CIFS and secured by selinux (Having said selinux, maybe that's where the issue is with yours?  Not sure.  Ran into the same thing with my custom one):

HTPC / NAS Backup

 

Sharing with Samba / CIFS

 

But like I said, not sure how in depth you want to get into Linux though having an entire OS behind the setup will give you lot's of tools in case of issues and not a closed down box.

 

HF!

  • 3 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I think they mean a phone like the s6 edge where it breaks on first drop guarantee
    • This high-end GEEKOM Mini IT12 (2025 Edition) PC has been slashed by $200 by Steven Parker GEEKOM reached out to let us know of a discount it is running on its site in the U.S., where you can save $200 off the i7 model of Mini IT12 2025 Edition. That brings the already discounted price of $699 down to just $499; buying link below. Below are the full specifications of the variant on offer GEEKOM Mini IT12 (2025 Edition) Dimensions Size 117 x 112 x 45.6mm Weight 652g CPU Intel Core i7-1280P (14 Cores, 20 Threads, 24MB Cache, up to 4.80 GHz) Graphics Intel® Iris® Xe Graphics Memory 32 GB Dual-channel DDR4-3200 SODIMM; expandable up to 64GB Storage 1 TB x M.2 2280 PCIe Gen 4 x4 SSD, expandable up to 2TB 1 x M.2 2242 SATA SSD slot, expandable up to 1TB Operating System Windows 11 Pro Bluetooth Bluetooth® v5.2 Ethernet Intel® 10/100/1000/2500 Mbps RJ45 Ethernet Wireless LAN Intel® Wi-Fi 6E AX211 Kensington Lock Yes Adapter 19V power adapter, 90W, with geo-specific AC cord (IEC C5) I/O Ports 3 x USB 3.2 Gen 2 ports 1 x USB 2.0 port 2 x USB4 ports 1 x SD card reader 1 x 3.5 mm headphone jack 1 x 2.5GbE LAN port 2 x HDMI 2.0 ports 1 x DC jack 1 x Power button MSRP $699 (see below for discount price) You may remember that we reviewed the i7-1260P variant in 2023. Here are our initial impressions of the Mini IT12 at the time. Once you have the PC out of the cushioning inside the box and the foam removed, you are greeted with a Thank You envelope. Below that, after removing the cardboard "shelf," you can find the other components, such as the power lead, HDMI cable, VESA mount plate with a bag of screws, and the instruction manual. What’s In The Box 1 x Mini IT12 Mini PC 1 x VESA Mount 1 x Power Adapter 1 x HDMI Cable 1 x User Guide 1 x Thank You Card As you can see, one HDMI cable is included in the box. Since the port is not HDMI 2.1, you will need to consider purchasing a mini DisplayPort cable or a USB4 (Type-C) to DisplayPort cable to maximize the potential of the Iris Xe Graphics display options. In addition, GEEKOM offers a one-year full warranty on its products, and if needed, you can RMA or return them locally relative to your region (the U.S. has a U.S. warehouse, and the E.U. has a Germany warehouse). Buy the i7-1280P Mini IT12 (2025 Edition) for $499 (was $699) at GEEKOM U.S. Buy the i7-1280P Mini IT12 (2025 Edition) for $499 (was $699) at Amazon U.S. When checking out, use the $30 in-page coupon or NEOIT122025 coupon code. Best of all, the shipping is quick and free.
    • That's ######ing hilarious! And it sure works when you look at both of their faces.
    • When it comes to games specifically, sure, but until now the main focus has been on doing work. All you have to do is look at how hard they're pushing AI in the productivity space to see that they've got their enterprise users in mind 1st with gamers lower on the list. Now that should all change, at least for custom gaming devices like handhelds and even, I expect, custom mini-PCs that are like consoles you can put under your TV. The whole "Xbox PC" branding they had around the show says a lot IMO.
    • I'm excited to check this out. I never played the first version, but I did just finish playing through Smalland, and while I liked it, I found myself wishing for more engaging content.
  • Recent Achievements

    • Enthusiast
      the420kid went up a rank
      Enthusiast
    • Conversation Starter
      NeoToad777 earned a badge
      Conversation Starter
    • Week One Done
      VicByrd earned a badge
      Week One Done
    • Reacting Well
      NeoToad777 earned a badge
      Reacting Well
    • Reacting Well
      eric79XXL earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      470
    2. 2
      +FloatingFatMan
      283
    3. 3
      ATLien_0
      251
    4. 4
      snowy owl
      202
    5. 5
      Edouard
      197
  • Tell a friend

    Love Neowin? Tell a friend!