Forums

Home / Forums

You need to log in to create posts and topics. Login · Register

Can not add ACL ACL Owner CIFS

Hi admin,

I Join to the AD in CIFS setting.
However, in the CIFS Share section, I cannot allow users to access ACL Owner.

You can share user manuals with AD and sharing models

From PetaSAN CIFS Shares page, you specify the ACL owner. Only the owner will have access to the share after creation. Then the owner, from Windows ui, grants other users /groups read/write on his share, just like a regular share he/she owns. From Windows right click on the share directory, properties, security...all in Windows.

In the near future we will also add snapshots support, browsing , time warp, restore will all be done through Windows.

just to confirm, you are saying that you can only assign an ACL to a AD user. Why not be able to assign to a AD Group, that way, every user in that group can be included.

We have AD groups in our organization that are specific to Technical, Sales, Customer service, Billing, etc ...

 

You assign 1 owner, the owner can then allow/deny other groups/users to read/write.  This is the same on Windows and Linux for shares and files, the owner of the file can allow other groups/user if he wishes.

In your case you can simply make the ACL ( Access Control List) owner the Domain Administrator for all shares,  he is the owner, he can then go to a Windows box and use the regular share permission tab in Windows to grant the Sales group read/write on 1 share and the Billing group access to the other share...etc. Windows ACL is much more flexible than simply giving 1 group per share.

 

From the page CIFS Share, I can not find Owner ACL.

Can you see image at the link below

View post on imgur.com

Hi admin

My system is divided into 3 parts as follows
1. Management network range: 192.168.1.0/24
2 . backend network range: 192.168.10.0/24
3. CIFS network range: 192.168.20.0/24.

So when I connect to AD via the CIFS array array it will be quite difficult,
Do you have any optimal way to connect to AD?

For your first issue: if you do not see any domain users when adding a protected share, most probably the join did not work or it is currently not working. I recommend you unjoin and re-join.

For second issue: yes you do need an accessible IP address to be member of the domain, AD is not just security but plays a role in DNS for domain machines. It should be an IP in 1 of the 3 networks you specified, i am less sure if you can specify an external routable IP, if so then the AD DNS should be ping-able from the CIFS nodes and vice versa but i am not sure.