martingl
Cadet
- Joined
- Apr 18, 2018
- Messages
- 2
Hi,
We have a weird situation happening.
--
Here’s some infos on our config :
FreeNAS version 11.1U4
AD 2012 R2 Forest / Domain Functionnal Level
No UNIX extensions
No NIS server
The FreeNAS is not in production yet.
smb4.conf generated by FreeNAS attached to thread.
klist list 3 principales at start ( krbtgt, ldap, cifs ) and seems to fall to 1 ( krbtgt ) after a while.
id a_username resolves ok and groups are listed within the idmap range
wbinfo -u and wbinfo -g lists are ok
One dataset per share. With initial permissions set on the dataset as (user: root / group: ourdomain/Domain Admins)
What’s happening:
I’m trying to move a Windows share content to a CIFS share (800GB) on FreeNAS via ROBOCOPY.
Here’s the Robocopy command line :
Robocopy \\windows_server\sharename \\freenas1\sharename /MIR /COPYALL
Requirements:
- Permission must follow (ACL)
- Ownership must follow
The problem we are having.
When running the robocopy after a period of time (unknown) FreeNAS begins to wreck the permissions and set various interpretations.
Example:
The share/files/folders should have these permissions:
- ad_group_a should have read access
- ad_group_b should full control
- specific_ad_user should be the owner of everything
if we transfer only a small part of the share (~10GB) everything is set correctly. If we transfert at least 500GB of data we start getting the issue.
On some files permissions are set to:
- Everyone read & execute
- Specific_ad_user has Full Control
- OURDOMAIN\Domain Admins ( interpreted as BUILTIN\Administrators in FreeNAS ) has Full Control
Instead of the source permissions describe previously.
I could post/add getfacls of both OK and Wrecked scenario and also post/add icacls from the windows side. If needed for clarification.
We have a weird situation happening.
--
Here’s some infos on our config :
FreeNAS version 11.1U4
AD 2012 R2 Forest / Domain Functionnal Level
No UNIX extensions
No NIS server
The FreeNAS is not in production yet.
smb4.conf generated by FreeNAS attached to thread.
Code:
wbinfo -t checking the trust secret for domain OURDOMAIN via RPC calls succeeded
klist list 3 principales at start ( krbtgt, ldap, cifs ) and seems to fall to 1 ( krbtgt ) after a while.
id a_username resolves ok and groups are listed within the idmap range
wbinfo -u and wbinfo -g lists are ok
One dataset per share. With initial permissions set on the dataset as (user: root / group: ourdomain/Domain Admins)
What’s happening:
I’m trying to move a Windows share content to a CIFS share (800GB) on FreeNAS via ROBOCOPY.
Here’s the Robocopy command line :
Robocopy \\windows_server\sharename \\freenas1\sharename /MIR /COPYALL
Requirements:
- Permission must follow (ACL)
- Ownership must follow
The problem we are having.
When running the robocopy after a period of time (unknown) FreeNAS begins to wreck the permissions and set various interpretations.
Example:
The share/files/folders should have these permissions:
- ad_group_a should have read access
- ad_group_b should full control
- specific_ad_user should be the owner of everything
if we transfer only a small part of the share (~10GB) everything is set correctly. If we transfert at least 500GB of data we start getting the issue.
On some files permissions are set to:
- Everyone read & execute
- Specific_ad_user has Full Control
- OURDOMAIN\Domain Admins ( interpreted as BUILTIN\Administrators in FreeNAS ) has Full Control
Instead of the source permissions describe previously.
I could post/add getfacls of both OK and Wrecked scenario and also post/add icacls from the windows side. If needed for clarification.