Non-Administrator Active Directory users cannot access Shares

Status
Not open for further replies.
XStylus

XStylus

Dabbler
Joined
Nov 22, 2017
Messages
20
Hi there,

I seem to to having an issue whereby users in my Active Directory cannot access a share on FreeNAS 11.2-RC1 unless they are a domain administrator. I'm sure there's something I'm doing wrong, but for the life of me I can't see what.

The FreeNAS, as best as I can tell, is joined to the Active Directory happily. DNS settings are properly set to point to the domain controller's internal DNS,, and the FreeNAS is getting NTP time sync from the domain controller, so I'm going to assume that's all good unless someone has a suggestion on something I overlooked.

Getting right to it...: I have a Pool called "BZ-Company" that is shared out via SMB, and a general user named "Test Testarossa" (BZ\test). Ms. Testarossa is also set as a member of the "BZ\AlphaTest" group.

On the FreeNAS, I have set the permissions for "BZ-Company" to have BZ\test as the owner, and "BZ\AlphaTest" as the group. However, Ms. Testarossa cannot access the Share. That user can only access the Share if I make Ms. Testarossa an administrator by adding that user to the "BZ\Domain Admins" group.

Screenshots attached. What am I neglecting to consider?

FreeNAS-Screen-Shot-2018-11-05-at-4.05.17-PM.png

FreeNAS-Screen-Shot-2018-11-05-at-4.06.31-PM.png

FreeNAS-Screen-Shot-2018-11-05-at-4.07.27-PM.png
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
If this is still a testing environment, try running the command winacl -a reset -O "BZ\test" -G "BZ\alphatest" -r -p /mnt/Aincrad/BZ/BZ-Company
I recently fixed an issue with how permissions were being applied via winacl. Let's see if manually applying the default permissions will get the expected behavior.
 
XStylus

XStylus

Dabbler
Joined
Nov 22, 2017
Messages
20
anodos said:
If this is still a testing environment, try running the command winacl -a reset -O "BZ\test" -G "BZ\alphatest" -r -p /mnt/Aincrad/BZ/BZ-Company
I recently fixed an issue with how permissions were being applied via winacl. Let's see if manually applying the default permissions will get the expected behavior.
Click to expand...

Yep, still a testing environment as a prelude to a much larger deployment.

I have just tried the command you suggested. Issue persists.

Also, just for sanity checking, I tested against a Share hosted on a bona-fide Windows machine, and with permissions set the same way they are on the FreeNAS box. Works as intended.

I'm prepared to go file a bug report but I want to make sure the problem isn't "defective user" first.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
XStylus said:
Yep, still a testing environment as a prelude to a much larger deployment.

I have just tried the command you suggested. Issue persists.

Also, just for sanity checking, I tested against a Share hosted on a bona-fide Windows machine, and with permissions set the same way they are on the FreeNAS box. Works as intended.

I'm prepared to go file a bug report but I want to make sure the problem isn't "defective user" first.
Click to expand...

Post your smb4.conf file and also output of sharesec --view-all

Also post output of id "BZ\test", and wbinfo --name-to-sid="BZ\test"
 
XStylus

XStylus

Dabbler
Joined
Nov 22, 2017
Messages
20
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Status
Not open for further replies.

Similar threads

R
  • Locked
CIFS ZFS ACL Active Directory not working
Replies
2
Views
4K
Decibel1000
D
T
  • Locked
Active Directory Sharing
Replies
1
Views
1K
dlavigne
D
M
  • Locked
Another Active Directory / SMB issue
Replies
2
Views
2K
Mike.Applecart
M
B
Non-Administrator AD Users Cannot Access SMB Shares
Replies
8
Views
2K
bttruman
B
B
  • Locked
Difference between CIFS permission set in Windows and how FreeNAS recognize them
Replies
7
Views
2K
BAlfredo
B
Top