Permission on replication task

[wtrucci]

Hi all, I have a freenas1 used like master nas with dataset and CIFS share connected to a AD domain.
I have a slave freenas (freenas2) with a replication task betweeen the master.

Replication task is done with root account (I don't know if it's possible to use AD administrator account) and works fine but i loose the permessions on CIFS replication dataset. Is there a way to maintain AD permissions on replication task too?

BR
Walter

 

[depasseg]

Permissions should follow the replication (at least mine does, and my master is part of a domain). Are your datasets both the same type (unix? windows?)?

 

[wtrucci]

Hi, sorry for delay on reply.
The datasets are windows with ACL and domain controller. After some tests I see that permissions are copied correctly but I can't use samba share on this copied datasets. If I do a replication back on original freenas all works fine.
Is there a way to use cifs share on second freenas without change permission in freenas1 fault case?

BR
Walter

 

[Blake1970]

I seem to be having the same issue. Permissions on the destination are being reset to Root and Wheel even though both source and destination servers are joined to the same domain and using all windows datasets. I am running 0648, any ideas?

 

[depasseg]

Under the replication task settings, is the "dedicated user" box checked or unchecked?

 

[Blake1970]

unchecked. I am using root. Should I be using a domain account?

 

[wtrucci]

I have try to select dedicated user but I'm using a domain so the users are not on freenas, but are on domain server and I don't know how to store ssh key on domain user. Do you have an idea?

 

[depasseg]

It sounds like your replication and permissions are working, but you can't make a CIFS share from the PULL system. Is that accurate?

 

[wtrucci]

Right

 

[depasseg]

So what problem are you experiencing? Is it an error from a client that's trying to connect? You can't create the share? You can't assign a different user?

I'm sorry if I've missed it.

 

[wtrucci]

Replication task is done without error, but if I creare a cifs share in pull freenas I can't use data becouse permission are not associated correctly.

 

[depasseg]

How did you create the CIFS Share on Pull? I just did a test and everything worked. The only default setting I changed, was to uncheck the "Apply Default Permissions".

Now, because it's a snapshot target, you should not be able to edit (or add) files to the share. I hope you aren't expecting to be able to do that.

 

[anodos]

Hi all, I have a freenas1 used like master nas with dataset and CIFS share connected to a AD domain.
I have a slave freenas (freenas2) with a replication task betweeen the master.

Replication task is done with root account (I don't know if it's possible to use AD administrator account) and works fine but i loose the permessions on CIFS replication dataset. Is there a way to maintain AD permissions on replication task too?

BR
Walter

You'd have to join the replication target to your AD domain. The freenas default uses the rid idmap backend for mapping AD users and groups to unix users and groups. This may or may not work in your scenario. Test and see.

If it doesn't work then you'll have to use the 'ad' idmap backend and configure unix extensions for your domain. This will mean having to redo permissions on your main freenas server since UIDs and GIDs will probably change with the idmap backend.