Hello,
I searched around this forum but couldn't find something useful for my issue.
I had created a ZFS volume and a dataset. After that I activated the Active Directory Service and joined the domain without problems.
After looking for help in this forum I found an command (I forgot the name) which shows me, that FreeNAS got all domain users and all groups even with the right members so I think this part worked without any problems.
After this, I went to the dataset-permissions and set the following:
Owner = domain\administrator
group = domain\somegroup
rights=770
Windows-style-ACL
After finishing this options I re-opened the dataset-permissions. Everything was changed, but the group is still "wheel".
Now I opened SSH and set "chgrp -R domain\\somegroup dataset-name" now it seems to be ok.
When using Windows 7 and logging in as domain\administrator I can use the share and write/delete/list everything. When using an other account, who is member of the group I can't access the share (althoug the permission is set to 7 for the group) --> permission denied.
Now I did a new start and typed (SSH) find . -type f -exec setfacl -b {} \; and the same for the directories to reset the permissions. Nothing of the behavior changed.
At this state, I logged into Windows 7 and accessed the share as administrator and went to the "security"-tab of the share's-properties. It said, that the permissions are wrong ordered (???) and I saw 6 entries:
one for owner allowed
one for owner denied
one for group allowed
one for group denied
one for everybody allowed
one for everybody denied
I deleted the "denied" entries and added one windows-group (domain\somegroup) with full access.
After that I tried with an user, who is member of this group but it didn't get access to the share?
What is wrong. I just want:
full-access for domain-administrator
full-access for some groups
read-access for some-groups
no access for the rest
Thank you very much for reading this long post and some help.
Please excuse my bad english - I hope you could understand the most of my problems.
I searched around this forum but couldn't find something useful for my issue.
I had created a ZFS volume and a dataset. After that I activated the Active Directory Service and joined the domain without problems.
After looking for help in this forum I found an command (I forgot the name) which shows me, that FreeNAS got all domain users and all groups even with the right members so I think this part worked without any problems.
After this, I went to the dataset-permissions and set the following:
Owner = domain\administrator
group = domain\somegroup
rights=770
Windows-style-ACL
After finishing this options I re-opened the dataset-permissions. Everything was changed, but the group is still "wheel".
Now I opened SSH and set "chgrp -R domain\\somegroup dataset-name" now it seems to be ok.
When using Windows 7 and logging in as domain\administrator I can use the share and write/delete/list everything. When using an other account, who is member of the group I can't access the share (althoug the permission is set to 7 for the group) --> permission denied.
Now I did a new start and typed (SSH) find . -type f -exec setfacl -b {} \; and the same for the directories to reset the permissions. Nothing of the behavior changed.
At this state, I logged into Windows 7 and accessed the share as administrator and went to the "security"-tab of the share's-properties. It said, that the permissions are wrong ordered (???) and I saw 6 entries:
one for owner allowed
one for owner denied
one for group allowed
one for group denied
one for everybody allowed
one for everybody denied
I deleted the "denied" entries and added one windows-group (domain\somegroup) with full access.
After that I tried with an user, who is member of this group but it didn't get access to the share?
What is wrong. I just want:
full-access for domain-administrator
full-access for some groups
read-access for some-groups
no access for the rest
Thank you very much for reading this long post and some help.
Please excuse my bad english - I hope you could understand the most of my problems.