SMB help with groups

Status
Not open for further replies.
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
kyp said:
Thanks, that makes sense.

Hmm, how do you then explain the Windows confusion?
e.g. when attempting to add group "blah" to the share from Windows, it reverts to user "blah".
Click to expand...
When you add an ACL, you need to select "advanced", then select the appropriate "Location" (i.e. DOMAIN or local system), then click "Find Now" to display a full list of all Users and Groups. You should have two "Blahs".
 
K

kyp

Explorer
Joined
Jan 24, 2016
Messages
58
anodos said:
One further comment regarding (2). I just created a group "Users" on my freenas server, and it appears as an available group. Unfortunately, there are two "Users" entries without an easy way to differentiate between them. You probably selected the first entry, which is BUILTIN\Users, rather than FREENAS\Users. Since windows looks primarily at SIDs, you're probably okay to use "users", but I still wouldn't trust it.
Click to expand...
Hmm, interesting. I only had a single "users" entry - just tested again by creating a group "users".
 
K

kyp

Explorer
Joined
Jan 24, 2016
Messages
58
anodos said:
When you add an ACL, you need to select "advanced", then select the appropriate "Location" (i.e. DOMAIN or local system), then click "Find Now" to display a full list of all Users and Groups. You should have two "Blahs".
Click to expand...
Correct, I did. But when I selected the group "Blah", after applying, it then reverted to the user "Blah" .... a resolving issue?
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
kyp said:
Correct, I did. But when I selected the group "Blah", after applying, it then reverted to the user "Blah" .... a resolving issue?
Click to expand...
Hmm... I guess so. I recall jhixson writing in a git commit that there was some sort of problem with using groups and users with same name.

For reference the code is:
Code:
def smb4_map_groups(client):
  groupmap = client.call('notifier.groupmap_list')
  groups = get_groups(client)
  for g in groups:
	if not (smb4_group_mapped(groupmap, g) or smb4_groupname_is_username(g)):
	  client.call('notifier.groupmap_add', g, g)


The initial git commit regarding it is recorded here, but the code has changed since then. https://github.com/freenas/freenas/commit/6b706ca593199d9fc05ac36a74d4f5a2038570f4
 
Last edited:
K

kyp

Explorer
Joined
Jan 24, 2016
Messages
58
I suppose the "or smb4_groupname_is_username(g)" means there's nothing stopping a nt/unix groupmap to be created where group_name = user_name.
But that doesn't mean Windows will handle it well?

UPDATE: Blah, I'm getting inconclusive results now ... I can't reproduce the issue I was having now :)
 
Last edited:
Status
Not open for further replies.

Similar threads

B
  • Locked
Group names don't resolve in SMB share
Replies
2
Views
1K
bmh.01
B
Basil Hendroff
SOLVED Group SID resolution to friendly name fails
Replies
7
Views
7K
fletchowns
fletchowns
K
Changing or deleting group name not changing/deleting SID entry
Replies
1
Views
982
dlavigne
D
C
Users/Groups not synced between Windows and FreeNas
Replies
1
Views
959
dlavigne
D
cronsloth
  • Locked
Unable to Add or Remove Users from Groups
Replies
2
Views
2K
Ericloewe
Ericloewe
Top