Linux based NAS with a Windows domain controller: Permissions


Recommended Posts

Hello

I seem to have trouble with a Linux based NAS that I have made part of a Windows (SBS 2003) Active Directory domain. When I made it part of the domain, all the domain users have passed to it.

I cant write to the "root" of the NAS so I make a folder. Inside this folder, I copy all of my old data to it. The problem is that the permissions dont seem to pass or pass only sometimes....

To copy I use this: http://ipmsg.org/tools/fastcopy.html.en because it supports ACL.

The domain clients are Windows 7 and Windows XP. The NAS is a QNAP TS469U-RP.

Thank you for all the help

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

  On 16/07/2013 at 11:14, BudMan said:

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

The problem is that it is suppose to be automatic: When I copy from the server to the NAS, the permissions go with it. The permissions I am talking about are:

FolderA : User1 can write, User2 is owner, All of group Users can write, etc.....

That is what is not being passed.

And I do not want to do it manually because there are a lot files/folders and one of the features is that it supports passing ACLs....

Lets see the permissions please!

Screen shots works, lets see the effective permissions tab as well with a couple different user names put in.

example - this is from a client just right clicking on the share

post-14624-0-60632500-1373995178.png

If you NAS is linux based, make and model like sc302 suggested would be helpful.

ls -la listing from linux console for your files and directories would be helpful in seeing permissions set via linux.

for linux to use windows permissions you have to map them to a linux user normally.

Also you can copy ACLs with /0 in the builtin xcopy command

 /O           Copies file ownership and ACL information.
Or robocopy as well, another built in tool can copy permissions

/COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                     (copyflags : D=Data, A=Attributes, T=Timestamps).
                     (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

      

             /SEC :: copy files with SECurity (equivalent to /COPY:DATS).
Keep in mind where you making a copy from - if any local permissions have been set its unlikely those would work, match up to domain accounts via SID, etc.

As setting permissions on your NAS, I would assume your wanting to remove the old files after you copy them.. So its just easier and cleaner to create the permissions you want to use on the device doing the shares vs trying to copy them.. Only reason to take the permissions along would be if you had complex permissions on each file, etc.

You can run into problems if inherit flags are being used on source or dest and they conflict or don't line up, accounts to map correctly, etc.

  On 16/07/2013 at 23:19, sc302 said:

what I would suggest is to use iscs vs nfs.  it will be much better for you if your ad permissions aren't being applied.  It would be best if you could dedicate a nic for it, but it is not needed.

I actually was intrested in iSCSI the problem with it is that Im not completely sure how it works and we were already using a "shared folder" type structure so the transition would be "transperent", we just decided to go with this.

If you could share some document with iSCSI and AD permissions, Ill consider trying it out :)

Another kicker: On the server there are groups I can add permissions for and on the NAS I cant!

On the left side, you see users/groups I can add for setting their different permission settings. This is the AD server.

But on the right hand side, you see the users/groups I can add for the NAS server. Shouldnt it, since I am accessing from the AD server, be the same?

Scratch all that: Just read it is by design. God, this is going to make my life a bitch :(

Not sure how in-depth you want to get into Linux but I managed to set this up using Software RAID6 on Linux with mdadm, 4TB  and got results of about 300MB/s read and 300MB/s write (That's MegaBytes not bits).  Wired that up through my place over a 1Gig/s network for around 120MB/s R/W to from that.  About 6 steps. 1 step to do the RAID.  So around $800 for 4TB and those speeds.

 

Here's the page about all that and it actually works as posted:  

 

All shared with CIFS and secured by selinux (Having said selinux, maybe that's where the issue is with yours?  Not sure.  Ran into the same thing with my custom one):

HTPC / NAS Backup

 

Sharing with Samba / CIFS

 

But like I said, not sure how in depth you want to get into Linux though having an entire OS behind the setup will give you lot's of tools in case of issues and not a closed down box.

 

HF!

  • 3 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I use two of these in RAID0 for video games and other things, together they are capable of 2.8 million IOPS and 15 GB/s on Gen4. At this price, 4 TB of Gen4 is faster and less expensive than a single 2 TB Gen5 NVMe, not to mention easier to cool off. Highly recommend.
    • that is a normal sign in, they just put in a dumb location to try to hide it... and yes I think the whole MS account by default is BS too, the first question should be do you want an online profile or a local one
    • From our past comments, it looks like some ppl are defo enjoying these stories.
    • You are missing the point, we should not have to do that. Should have a do you want an MS account option on the normal sign in.
    • Hynix 2TB Platinum P41 NVMe Gen4 2280 SSD is back at a mouth-watering price by Sayan Sen If you are in the market for an SSD, especially an M.2 2280 NVMe drive, then take a look at the Platinum P41 from SK hynix, which is currently back to its lowest price in the last six or so months (purchase link down below). This is a Gen4 SSD that promises sequential reads and writes of up to 7000MB/s and 6500MB/s, respectively. Meanwhile, the sequential read and write speeds are rated at up to 1400K IOPS and 1300K IOPS, respectively. The 2TB variant of the P41 features a 2GB DDR4 DRAM cache as well, which is meant to improve write caching and random access times with quicker metadata look-ups. Hynix says that the drive can operate at temperatures of up to 70 °C and thus you should opt for a heatsink if you intend to do data transfers for longer periods at a time. That should not be a problem, as the P41 Platinum is based on 176-layer TLC NAND and has a rated endurance of up to 1200 TBW (terabytes written) for 2TB. Make sure to update the firmware for the Platinum P41, as it fixes a throttling issue wherein the SSD would drop speeds after being used for several months (via Lower-Tone-3503 on Reddit). SSD firmware updates can often resolve critical problems, like in the case of WD/SanDisk SSDs, for example, which are still blocking Windows 11 24H2 due to inappropriate firmware. Get the SK hynix P41 at the link below: SK hynix Platinum P41 M.2 2280 NVMe SSD without heatsink: $129.99 + $10 off w/ promo code SACET23323, limited offer => $119.99 (Newegg US) You can also check out the other SSD deals we have covered in these articles here. This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
  • Recent Achievements

    • Dedicated
      tesla maxwell earned a badge
      Dedicated
    • Dedicated
      Camlann earned a badge
      Dedicated
    • Week One Done
      fredss earned a badge
      Week One Done
    • Dedicated
      fabioc earned a badge
      Dedicated
    • Week One Done
      GoForma earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      629
    2. 2
      Michael Scrip
      224
    3. 3
      ATLien_0
      219
    4. 4
      +FloatingFatMan
      142
    5. 5
      Xenon
      134
  • Tell a friend

    Love Neowin? Tell a friend!