Questions tagged with AWS Directory Service

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

FSx for NetApp ONTAP - Windows permission issues

Hi there, I managed to add FSx for NetApp ONTAP to our domain with FSxServiceAccount as described on the product page. However, I am running into issues when I am trying to attach it to my Windows instance. (It works fine on Linux). I see the following issues: - When I am running this command New-SmbGlobalMapping -Persistent $true -RemotePath \\<IO of my smb>\share -Credential $creds -LocalPath G:` I get the following error: `New-SmbGlobalMapping : Access is denied.` - I am using domain admin credentials - When I am running this command `net use Z: \\<dns address of the smb>\share` I got the following error: `System error 5 has occurred. Access is denied.` - Also with domain admin creds - I can successfully attach via File Explorer > This PC > Computer >Map network drive, however I can not read/write to it. If I check the FIle permission mode in Propertires I can see that only the owner (FSxServiceAccount?) is allowed to write, however Read should work, but I can not change the permissions as domain Admin. I am using Directory Service Standard Edition. Did you guys experience issues with this? What am I doing wrong? **Update:** I managed to attach the disk, but I can not write or read any file on the disk. It is in OU=Computers, and allowed Everyone Full Access, also allowed Everyone Read/Write the NFS filesystems attached to the AD, but still not working. I am suspecting this is something NetApp specific, but we will see. **Update #2** Based on CloudWreck's comment I found the following: I am using mixed style. I use the following code: ``` net use P: \\WINDOWS\vol1 $CurTgt = "P:" $CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $acl = Get-Acl $CurTgt $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurUsr,"FullControl","ContainerInherit,ObjectInherit","None","Allow") $acl.SetAccessRule($AccessRule) $acl | Set-Acl $CurTgt ``` Get-Acl returns ``` Path Owner Access ---- ----- ------ P:\ Everyone Everyone Allow -1 ``` Also using this one: ``` $CurTgt = "P:" $CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $acl = Get-Acl $CurTgt $usersid = New-Object System.Security.Principal.Ntaccount ($CurUsr) $acl.PurgeAccessRules($usersid) $acl | Set-Acl $CurTgt ``` Also tried this: ``` takeown /F * /R takeown : ERROR: File ownership cannot be applied on insecure file systems; ``` But I am still unable to write/read files or create folders. **Update#3** I ran the following commands and changed the permission from the ONTAP side ``` vserver security file-directory show -vserver windows -path /vol1 vserver security file-directory ntfs create -ntfs-sd sd1 -owner DomainName\Administrator vserver security file-directory ntfs sacl add -ntfs-sd sd1 -access-type success -account DomainName.COM\EVERYONE -rights full-control -apply-to this-folder,sub-folders,files vserver security file-directory ntfs dacl add -ntfs-sd sd1 -access-type allow -account DomainName.COM\EVERYONE -rights full-control -apply-to this-folder,sub-folders,files vserver security file-directory policy create -policy-name policy1 vserver security file-directory policy task add -policy-name policy1 -path /vol1 -ntfs-sd sd1 vserver security file-directory apply -policy-name policy1 vserver security file-directory show -path /vol1 -expand-mask true ``` It changed the file permissions (mode), however I am still unable to read/write files. These are the current settings: ``` File Path: /vol1 File Inode Number: 64 Security Style: mixed Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: 0x10 ...0 .... .... .... = Offline .... ..0. .... .... = Sparse .... .... 0... .... = Normal .... .... ..0. .... = Archive .... .... ...1 .... = Directory .... .... .... .0.. = System .... .... .... ..0. = Hidden .... .... .... ...0 = Read Only UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor ``` ``` ALLOW-Everyone-0x1f01ff-OI|CI 0... .... .... .... .... .... .... .... = Generic Read .0.. .... .... .... .... .... .... .... = Generic Write ..0. .... .... .... .... .... .... .... = Generic Execute ...0 .... .... .... .... .... .... .... = Generic All .... ...0 .... .... .... .... .... .... = System Security .... .... ...1 .... .... .... .... .... = Synchronize .... .... .... 1... .... .... .... .... = Write Owner .... .... .... .1.. .... .... .... .... = Write DAC .... .... .... ..1. .... .... .... .... = Read Control .... .... .... ...1 .... .... .... .... = Delete .... .... .... .... .... ...1 .... .... = Write Attributes .... .... .... .... .... .... 1... .... = Read Attributes .... .... .... .... .... .... .1.. .... = Delete Child .... .... .... .... .... .... ..1. .... = Execute .... .... .... .... .... .... ...1 .... = Write EA .... .... .... .... .... .... .... 1... = Read EA .... .... .... .... .... .... .... .1.. = Append .... .... .... .... .... .... .... ..1. = Write .... .... .... .... .... .... .... ...1 = Read ```
1
answers
0
votes
443
views
asked a year ago
2
answers
0
votes
236
views
asked a year ago