Windows Permissions/Owner weirdness

[JMaciak87]

Hello everyone,

I have a FreeNAS server (ver 8.3.0) and I'm using it as a fileserver in a Windows 2008r2 domain. We're using Windows permissions on each ZFS dataset/CIFS share.

The issue: Permissions and ownership...everything is wonky. If I take ownership of a folder, I can add remove users/groups from the security tab in windows. However, I can't change ownership to the "Domain Admins" group. I get an error "An error occurred while apply security info to: \\server\Testing\subfolder This security ID may not be assigned as the owner of this object."

At the command line, what should the Unix user and group be for all of the folders? It's defaulting to "boss:domain admins" (where "adminuser" is my bosses username). Where is this being set? I want the Windows group "Domain Admins" to own all of the folders and have full control, but I run into all sorts of Access is Denied errors when trying to do that. I can't even adjust the Domain Admin permissions on the root folder. I just get access denied.

If I change the owner of all folders to my Windows username, I can do anything I want.

I'll be happy to provide more info.

 

[SmallGuy]

Look at this: http://unixhelp.ed.ac.uk/CGI/man-cgi?chown
You have to be connected as root user: use the console access in the web GUI of FreeNAS.

 

[witchbutter]

I have this problem as well and chowning doesn't help anything. In my case I believe I know what is wrong but in FreeBSD I don't know where to go to fix it. I changed the UID of my primary user to match the UIDs of linux clients and osx clients that are mounting NFS shares. When I did that all CIFS sharing ceased to work for that user but continues to work for other defined users.

In the shell if I do ls -l of the affected shares the correct user is owner and the permissions are rwx.
If I do getfacl of the same folder the owner is defined as the correct user.
Nevertheless CIFS still fails. And when I say fails, I mean that the username/password combination is no longer accepted for CIFS. If I take the same data, set unix permissions recursively and share out via AFP or NFS the data is reachable. This leads me to believe the issue lies with whatever Samba setup is included with FreeBSD.

I have done extensive troubleshooting of samba in linux and in the past I know there were ways to permanently link a user or group from the windows world to a *nix UID or GID and I suspect samba has cached that relationship somewhere which is now wrong because of my UID change.

 

[witchbutter]

In my case I was correct:

I shutdown CIFS via the gui and deleted /var/db/cache/samba/gencache.tdb as root in the console.
I then started CIFS and noticed there was no smbpasswd entry for my user and my install is using user security mode.
As root I ran smbpasswd -a username and now I am able to log in and access shares as before.

Because you are joined to an Active Directory domain your smb.conf should be different. Clearing the gencache.tdb on a semi regular basis might resolve your flaky domain group behavior, although I will say that with Samba 3.6.9 I've only ever been able to resolve group members properly when Windows ACLs were enabled in the filesystem and specified in smb.conf.

Can you post the content of /etc/local/smb.conf?