Can't "apply owner" on a dataset to the "Domain\Administrator" AD user account

Status
Not open for further replies.
C

Cellobita

Contributor
Joined
Jul 15, 2011
Messages
107
I'm running FreeNAS-9.3-STABLE-201505040117, on a 16GB server with two mirrored standard SATA HD's, using the built-in Domain Controller functionality. Problem is, I have been trying to apply the built-in AD "Administrator" user account as owner of a dataset, but the change doesn't "stick" when I click the Change button; as a matter of fact, I can change the owner to any standard Unix account, but not to an Active Directory one.

There is no problem with the group owner, that I can set to whatever I like.

2015-05-06_17h20_04.png


Any suggestions or tips? I have searched the forum prior to posting, without success.
 
depasseg

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
I think there is a conflict with the word "Administrator" since it is a user and a group (or something like that). Try using a different administrator account (root has been suggested, and is what I use for my AD related CIFS shares).
 
C

Cellobita

Contributor
Joined
Jul 15, 2011
Messages
107
There is a group "Administrators" (plural) on Windows Servers, but it is not created by default when you provision the Domain Controller functionality on FreeNAS; I can also confirm that you can change the owner to, say, the "Domain\Guest" AD user, so your hypothesis may indeed be accurate - anyway, if this is indeed the case, perhaps it should be filed as a bug in Samba or FreeNAS.

Edit: I have changed the title on the thread to reflect the specifics of the issue.
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Not to mention that if you are doing CIFS shares, that window is not the appropriate window to be changing permissions. You should be doing it from within Windows itself, or via the CLI with getfacl and setfacl. ;)
 
C

Cellobita

Contributor
Joined
Jul 15, 2011
Messages
107
I understand that (my area of expertise is actually Windows Servers and AD), but shouldn't the option work or else be removed from the GUI?
 
depasseg

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
Just leave the owner as Root and the group as domain admins. And then use Windows to set the proper share permissions.
 
C

Cellobita

Contributor
Joined
Jul 15, 2011
Messages
107
I have done just that, with no problems whatsoever. However, being a stubborn guy, I still believe that, if it is not needed, it shouldn't be there - and, being there, it should work.

And, this is in no way dismissive of the incredible job the developers do (far above my poor coding skills), just my 2 cents.
 
depasseg

depasseg

FreeNAS Replicant
Joined
Sep 16, 2014
Messages
2,874
I think it is needed. To test it, change it to user:Root and group: wheel and then try to change the permissions in Windows.
 
Status
Not open for further replies.

Similar threads

M
  • Locked
Configuring Active Directory Service - AD Administrator Account
Replies
2
Views
3K
mtadeacon
M
M
  • Locked
NT_STATUS_ACCESS_DENIED errors on CIFS shares, even new ones
Replies
1
Views
5K
dlavigne
D
R
  • Locked
Loosing AD Permissions on Reboot
Replies
0
Views
1K
riggsr
R
S
  • Locked
getfacl says my unprivileged account should be able to read the contents of a dir, but it can't?
Replies
5
Views
2K
toadman
toadman
R
The user root is not valid.
Replies
3
Views
1K
Randomsense
R
Top