Explanation of NFSV4 ACL group@ in relation to active directory groups

J

j.lanham

Explorer
Joined
Aug 25, 2021
Messages
68
I've been having a strange issue with the permissions pages for setting up share ACLs. On Core, we had user and group owners assigned with AD accounts and groups, then Owner user and group as acls, then the specific AD group that needed access with the appropriate authorities. These got translated over when we migrated to Scale. However, when you got through and select the NSFV4 ACL that has @group specified, it always shows an error that "ACE has errors". Is this because the builtin group, owner monikers do not support AD groups? How is that supposed to work in terms of Samba related ACLs?

I guess, what I'm really asking is how does the NFSV4 acl set and the Samba related AD user and group ACLs supposed to interact. I'm trying to figure out some intermittent access problems we've been having. We have many shares that are accessed via NFS and SMB to be able to support our mainframe which speaks NFS fluently, but SMB not so much. SMB is needed for access by windows computers directly and also for scanners and other devices that do not speak NFS. It seemed to work seamlessly on Core, and I'm wanting to understand the new NFSV4 Acl system so I can mitigate the access problems. Any information would be highly appreciated.
 
M

morganL

Captain Morgan
Administrator
Moderator
iXsystems
Joined
Mar 10, 2018
Messages
2,694
j.lanham said:
I've been having a strange issue with the permissions pages for setting up share ACLs. On Core, we had user and group owners assigned with AD accounts and groups, then Owner user and group as acls, then the specific AD group that needed access with the appropriate authorities. These got translated over when we migrated to Scale. However, when you got through and select the NSFV4 ACL that has @group specified, it always shows an error that "ACE has errors". Is this because the builtin group, owner monikers do not support AD groups? How is that supposed to work in terms of Samba related ACLs?

I guess, what I'm really asking is how does the NFSV4 acl set and the Samba related AD user and group ACLs supposed to interact. I'm trying to figure out some intermittent access problems we've been having. We have many shares that are accessed via NFS and SMB to be able to support our mainframe which speaks NFS fluently, but SMB not so much. SMB is needed for access by windows computers directly and also for scanners and other devices that do not speak NFS. It seemed to work seamlessly on Core, and I'm wanting to understand the new NFSV4 Acl system so I can mitigate the access problems. Any information would be highly appreciated.
Click to expand...
Mainframes, mixed, NFS and SMB, AD integration..... these are complex setups. I'd recommend using TrueNAS Enterprise and get the support package. Please contact me if we can help.
 
J

j.lanham

Explorer
Joined
Aug 25, 2021
Messages
68
It was all working in Core. We upgraded because we needed to be able to back it up locally and needed agent support. I refer to it as a mainframe only because it's a small IBM midrange system. We are a very small company with tons of data storage needs. That's why we're using Truenas. We can't afford enterprise and it's based on Core, which we can't revert to. I know it sounds like a complicated setup, but it was working under Core just fine. That's why I need guidance on the how the ACLs relate.
 
You must log in or register to reply here.

Similar threads

bcat
SOLVED NFSv4 ACL inheritance differences in SMB vs. Unix
Replies
12
Views
3K
bcat
bcat
anodos
ACL support for SCALE NFS server coming soon :)
Replies
1
Views
1K
anodos
anodos
abishur
SOLVED Cannot add second group to ACL for SMB share
Replies
8
Views
2K
abishur
abishur
F
NFSv3 vs NFSv4 mount behavior with ACL
Replies
2
Views
716
fonze98
F
J
I am having real problems with ACLs based on Active Directory domain.
2
Replies
27
Views
3K
j.lanham
J
Top