There is an existing forum thread titled CIFS error "Unable to save permission changes on folder , the parameter is incorrect". That is the basis of an issue I am having. I wish the existing thread could be resolved, but I am unable to find a resolution if one exists. So I have attempted to work around the issue:
This is a fresh install using UFS volumes after [sadly] discovering that ZFS is not going to work with the current hardware configuration, and the system is configured to use Windows Active Directory:
FreeNAS-9.2.1.2-RELEASE-x86 (ce022f0)
Platform Intel(R) Xeon(TM) CPU 1.80GHz
Memory 3883MB
I created a new UFS volume but could find no way via the UI to create folders/sub-folders on the volume. Using the shell I created a folder on the volume: /mnt/volume/cifs/folder. Still in the shell I changed the user:group of the new folder using chown to 'AD-Domain\Administrator':'AD-Domain\Domain Admins'. Using the FreeNAS UI I created a cifs share and from a Windows machine successfully attached to the share using MMC applet - 'Shared Folders' snap-in. When I view the permissions ACL I see the following:
Everyone
AD-Domain\Administrator
AD-Domain\Domain Admins
So far so good...
When I attempt to change the permissions ACL via the Windows MMC applet, I get the error ...'the parameter is incorrect'. Since a resolution to this error could not be found I went back to the shell and after verifying /etc/fstab 'nfsv4acls', I successfully executed the following for /mnt/volume/cifs/folder:
setfacl -x everyone@... to remove the 'Everyone' group
setfacl -m "AD-Domain\NAS Read Only Group" ... with the appropriate read only flags set
setfacl -m "AD-Domain\NAS Read Write Group" ... with the appropriate read write flags set
Execute getfacl for /mnt/volume/cifs/folder and I get returned the expected ACL - perfect!
However, when I view the ACL in the Windows MMC applet - 'Shared Folders' snap-in, the original ACL is still displayed, the new ACL created using setfacl is basically ignored. Reboot after reboot, the ACL according to getfacl in the shell is exactly what I want it to be, but the ACL as displayed in the Windows MMC applet continues to remain:
Everyone
AD-Domain\Administrator
AD-Domain\Domain Admins
If I chown root:wheel /mnt/volume/cifs/folder, the Windows MMC applet will then show root and wheel in the ACL list; none of the setfacl ACL entries are ever recognized. Actual access is consistent with what Windows is showing me.
Please help,
Thanks.
CIFS Share on UFS Volume - Windows ACL Changes Ignored
This is a fresh install using UFS volumes after [sadly] discovering that ZFS is not going to work with the current hardware configuration, and the system is configured to use Windows Active Directory:
FreeNAS-9.2.1.2-RELEASE-x86 (ce022f0)
Platform Intel(R) Xeon(TM) CPU 1.80GHz
Memory 3883MB
I created a new UFS volume but could find no way via the UI to create folders/sub-folders on the volume. Using the shell I created a folder on the volume: /mnt/volume/cifs/folder. Still in the shell I changed the user:group of the new folder using chown to 'AD-Domain\Administrator':'AD-Domain\Domain Admins'. Using the FreeNAS UI I created a cifs share and from a Windows machine successfully attached to the share using MMC applet - 'Shared Folders' snap-in. When I view the permissions ACL I see the following:
Everyone
AD-Domain\Administrator
AD-Domain\Domain Admins
So far so good...
When I attempt to change the permissions ACL via the Windows MMC applet, I get the error ...'the parameter is incorrect'. Since a resolution to this error could not be found I went back to the shell and after verifying /etc/fstab 'nfsv4acls', I successfully executed the following for /mnt/volume/cifs/folder:
setfacl -x everyone@... to remove the 'Everyone' group
setfacl -m "AD-Domain\NAS Read Only Group" ... with the appropriate read only flags set
setfacl -m "AD-Domain\NAS Read Write Group" ... with the appropriate read write flags set
Execute getfacl for /mnt/volume/cifs/folder and I get returned the expected ACL - perfect!
However, when I view the ACL in the Windows MMC applet - 'Shared Folders' snap-in, the original ACL is still displayed, the new ACL created using setfacl is basically ignored. Reboot after reboot, the ACL according to getfacl in the shell is exactly what I want it to be, but the ACL as displayed in the Windows MMC applet continues to remain:
Everyone
AD-Domain\Administrator
AD-Domain\Domain Admins
If I chown root:wheel /mnt/volume/cifs/folder, the Windows MMC applet will then show root and wheel in the ACL list; none of the setfacl ACL entries are ever recognized. Actual access is consistent with what Windows is showing me.
Please help,
Thanks.
CIFS Share on UFS Volume - Windows ACL Changes Ignored
