Linux based NAS with a Windows domain controller: Permissions

[neohelp]

Hello

I seem to have trouble with a Linux based NAS that I have made part of a Windows (SBS 2003) Active Directory domain. When I made it part of the domain, all the domain users have passed to it.

I cant write to the "root" of the NAS so I make a folder. Inside this folder, I copy all of my old data to it. The problem is that the permissions dont seem to pass or pass only sometimes....

To copy I use this: http://ipmsg.org/tools/fastcopy.html.en because it supports ACL.

The domain clients are Windows 7 and Windows XP. The NAS is a QNAP TS469U-RP.

Thank you for all the help

[+BudMan MVC]

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

[neohelp]

  On 16/07/2013 at 11:14, BudMan said:

And what are the permissions? Just set them! And don't copy ACLs -- when you copy files they should use the permissions of the folder / drive you copy them too.

Set the permissions you want on the drive/folders of your nas! Sounds like you want to be able to copy to root? if so then correct the permissions..

What are you having trouble with about understanding permissions?

The problem is that it is suppose to be automatic: When I copy from the server to the NAS, the permissions go with it. The permissions I am talking about are:

FolderA : User1 can write, User2 is owner, All of group Users can write, etc.....

That is what is not being passed.

And I do not want to do it manually because there are a lot files/folders and one of the features is that it supports passing ACLs....

[sc302 Veteran]

what linux based nas is this?  I would like to look at the instructions for said nas.

[+BudMan MVC]

Lets see the permissions please!

Screen shots works, lets see the effective permissions tab as well with a couple different user names put in.

example - this is from a client just right clicking on the share

If you NAS is linux based, make and model like sc302 suggested would be helpful.

ls -la listing from linux console for your files and directories would be helpful in seeing permissions set via linux.

for linux to use windows permissions you have to map them to a linux user normally.

Also you can copy ACLs with /0 in the builtin xcopy command

 /O           Copies file ownership and ACL information.

Or robocopy as well, another built in tool can copy permissions

/COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                     (copyflags : D=Data, A=Attributes, T=Timestamps).
                     (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

      

             /SEC :: copy files with SECurity (equivalent to /COPY:DATS).

Keep in mind where you making a copy from - if any local permissions have been set its unlikely those would work, match up to domain accounts via SID, etc.

As setting permissions on your NAS, I would assume your wanting to remove the old files after you copy them.. So its just easier and cleaner to create the permissions you want to use on the device doing the shares vs trying to copy them.. Only reason to take the permissions along would be if you had complex permissions on each file, etc.

You can run into problems if inherit flags are being used on source or dest and they conflict or don't line up, accounts to map correctly, etc.

[neohelp]

The NAS is a QNAP TS-469U-RP

Thank you for the help.

[sc302 Veteran]

what I would suggest is to use iscs vs nfs.  it will be much better for you if your ad permissions aren't being applied.  It would be best if you could dedicate a nic for it, but it is not needed.

[neohelp]

  On 16/07/2013 at 23:19, sc302 said:

what I would suggest is to use iscs vs nfs.  it will be much better for you if your ad permissions aren't being applied.  It would be best if you could dedicate a nic for it, but it is not needed.

I actually was intrested in iSCSI the problem with it is that Im not completely sure how it works and we were already using a "shared folder" type structure so the transition would be "transperent", we just decided to go with this.

If you could share some document with iSCSI and AD permissions, Ill consider trying it out :)

[neohelp]

Another kicker: On the server there are groups I can add permissions for and on the NAS I cant!

On the left side, you see users/groups I can add for setting their different permission settings. This is the AD server.

But on the right hand side, you see the users/groups I can add for the NAS server. Shouldnt it, since I am accessing from the AD server, be the same?

Scratch all that: Just read it is by design. God, this is going to make my life a bitch :(

[neohelp]

Well slowly but surely Im getting the permissions sorted out.

Some people have network drives mapped to the C: drive of the server! Grr....

[WMw2]

Not sure how in-depth you want to get into Linux but I managed to set this up using Software RAID6 on Linux with mdadm, 4TB  and got results of about 300MB/s read and 300MB/s write (That's MegaBytes not bits).  Wired that up through my place over a 1Gig/s network for around 120MB/s R/W to from that.  About 6 steps. 1 step to do the RAID.  So around $800 for 4TB and those speeds.

 

Here's the page about all that and it actually works as posted:  

 

All shared with CIFS and secured by selinux (Having said selinux, maybe that's where the issue is with yours?  Not sure.  Ran into the same thing with my custom one):

HTPC / NAS Backup

 

Sharing with Samba / CIFS

 

But like I said, not sure how in depth you want to get into Linux though having an entire OS behind the setup will give you lot's of tools in case of issues and not a closed down box.

 

HF!

[neohelp]

Got it all sorted out and working.