First, my setup:
FreeNAS-9.3-STABLE-201602031011
Each share is its own dataset.
Each of these datasets have their share type set to "Windows"
I left the Enable atime: Inherit (On) alone.
I've checked both the share and ntfs permissions on each share using compmgmt.msc and made certain that they mirror that of the server I'm migrating away from.
SHARE permissions is Everyone, with full control.
NTFS has Domain Admins, SYSTEM, and Authenticated Users set with Full Permissions.
from a shell on the FreeNas, "net rpc rights list -U DOMAIN\User" shows:
However, when issuing this command using the same DOMAIN\User account in an "Run as administrator" cmd.exe shell, I get errors:
robocopy \\windows\deploy \\freenas\deploy /MT /COPYALL /Z /B /R:0 /mir /fft
(/MT means multi-threaded)
(/COPYALL copies all file data, including ACL and owner)
(/Z means restart if network interrupt)
(/B means use "backup" mode, which I assume invokes the SeBackupPrivilege and SeRestorePrivilege user rights)
(/R:0 means don't retry on error)
(/mir means make the destination mirror that of the source)
(/fft means work around the DOS time stamp accuracy issue (nix time stamps are more accurate)
like this:
I take this to mean that robocopy is having trouble changing the owner of that CoreLib folder, since:
Checking the owner of the folder on the windows server shows "DOMAIN\Administrators" as the owner.
Checking the owner of the folder on the freenas server shows "DOMAIN\User" as the owner.
If I right click on the folder on the freenas share and attempt to change the owner to "Administrators" I'm given the error: "Unable to set new owner on CoreLib. You do not have the Restore privilege required to set this user/group as owner"
This is getfacl's output for CoreLib:
ls -la shows this:
What am I doing wrong?
FreeNAS-9.3-STABLE-201602031011
Each share is its own dataset.
Each of these datasets have their share type set to "Windows"
I left the Enable atime: Inherit (On) alone.
I've checked both the share and ntfs permissions on each share using compmgmt.msc and made certain that they mirror that of the server I'm migrating away from.
SHARE permissions is Everyone, with full control.
NTFS has Domain Admins, SYSTEM, and Authenticated Users set with Full Permissions.
from a shell on the FreeNas, "net rpc rights list -U DOMAIN\User" shows:
Code:
SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security
However, when issuing this command using the same DOMAIN\User account in an "Run as administrator" cmd.exe shell, I get errors:
robocopy \\windows\deploy \\freenas\deploy /MT /COPYALL /Z /B /R:0 /mir /fft
(/MT means multi-threaded)
(/COPYALL copies all file data, including ACL and owner)
(/Z means restart if network interrupt)
(/B means use "backup" mode, which I assume invokes the SeBackupPrivilege and SeRestorePrivilege user rights)
(/R:0 means don't retry on error)
(/mir means make the destination mirror that of the source)
(/fft means work around the DOS time stamp accuracy issue (nix time stamps are more accurate)
like this:
Code:
2016/02/16 10:05:48 ERROR 1307 (0x0000051B) Copying NTFS Security to Destination Directory \\windows\deploy\CoreLib\ This security ID may not be assigned as the owner of this object.
I take this to mean that robocopy is having trouble changing the owner of that CoreLib folder, since:
Checking the owner of the folder on the windows server shows "DOMAIN\Administrators" as the owner.
Checking the owner of the folder on the freenas server shows "DOMAIN\User" as the owner.
If I right click on the folder on the freenas share and attempt to change the owner to "Administrators" I'm given the error: "Unable to set new owner on CoreLib. You do not have the Restore privilege required to set this user/group as owner"
This is getfacl's output for CoreLib:
Code:
getfacl CoreLib # file: CoreLib # owner: DOMAIN\User # group: DOMAIN\domain users group:90000005:r-x---a-R-c---:fd----:allow group:DOMAIN\domain admins:rwxpDdaARWcCo-:fd----:allow group:90000006:rwxpDdaARWcCo-:fd----:allow
ls -la shows this:
Code:
d---------+ 2 DOMAIN\User DOMAIN\domain users 5 Dec 8 11:59 CoreLib/
What am I doing wrong?