I've seen the thread with one version back, but thought it best to start my own... not sure if I should have bumped the other?
I'm trying to use Syncthing between two FreeNAS 11.3-U2 machines, with two datasets. Both joined to AD domain, both with SMB shares etc. I get the error as per title. From googling, it's because the dataset ACL is set as restricted:
Another dataset2 is pretty much fine (got one file it doesn't like) in Syncthing, but it's set as passthrough. dataset2 only has dataset level permissions, but ACL, managed on domain etc.
This particular dataset above, I'm definitely managing with permissions via domain groups, which is probably why its ended up as restricted. Within the dataset I have top level directories with inheritance disabled, and different permission groups with access based enumeration (hides directories you don't have permission to).
So, it sounds like I have to set the dataset as passthrough (haven't googled how to do that yet) to allow syncthing to do its... thing. Question is, what is the impact of moving from restricted to passthrough, am I going to lose domain controlled permissions or some other functionality etc? Surely if I try to adjust permissions at some point, it will end up restricted again?
I'm trying to use Syncthing between two FreeNAS 11.3-U2 machines, with two datasets. Both joined to AD domain, both with SMB shares etc. I get the error as per title. From googling, it's because the dataset ACL is set as restricted:
Code:
# zfs get aclmode zpool/dataset NAME PROPERTY VALUE SOURCE zpool/dataset aclmode restricted local
Another dataset2 is pretty much fine (got one file it doesn't like) in Syncthing, but it's set as passthrough. dataset2 only has dataset level permissions, but ACL, managed on domain etc.
This particular dataset above, I'm definitely managing with permissions via domain groups, which is probably why its ended up as restricted. Within the dataset I have top level directories with inheritance disabled, and different permission groups with access based enumeration (hides directories you don't have permission to).
So, it sounds like I have to set the dataset as passthrough (haven't googled how to do that yet) to allow syncthing to do its... thing. Question is, what is the impact of moving from restricted to passthrough, am I going to lose domain controlled permissions or some other functionality etc? Surely if I try to adjust permissions at some point, it will end up restricted again?