Version 5 Development > Active Directory (AD)

4.5-beta6 permissions issue

(1/2) > >>

Nyago123:
I have a AD setup.  On the unRAID Settings tab, my AD initial owner is set my account and the AD initial group is set to "DOMAIN\unRAID Users".

I set permissions in order on all folders where the owner is my account and the group is "DOMAIN\unRAID Users".  All directory permissions are set to 775 and all file permissions are set to 644.

When I use Explorer to browse to a file on the user share (e.g. \\tower\TV\Comedy\Saturday Night Live\s34e21), I can see the file I want to view (let say it's an .avi or .mkv file).  If I double click it to launch Media Player, Media Player cannot play the file and unRAID magically changes the permissions on the folders so that I can no longer view the folders or files under TV\Comedy.

Logging into the server, and doing an "ls -lR /mnt/user/TV/Comedy", I see the folder permissions on TV/Comedy, TV/Comedy/Saturday Night Live, and TV/Comedy/Saturday Night Live/s34e21 and are now 644 and the group is now "DOMAIN\domain users".  If I use chown and chmod to reset the permissions back to 775, I still cannot access those folders after that (even though they do not change again upon re-attempted access via Explorer at that time).

Accessing via disk shares (e.g. \\tower\disk1\TV\Comedy ... ) works fine.

Edit:
I did a chmod -R 775 on /mnt/user/* and rebooted the unRAID server and the problem seems to have cleared up.

Nyago123:
One other note... I did see the issue reoccur, so I know there's a problem here somewhere... it's just not trivially reproducible.

tevert:
I'm having a similar problem with Beta 6. I haven't troubleshot it as much as Nyago123, but I did the permissions thing. Got access to my files. Next day, access gone again.

I've had to turn Active Directory support off for the moment so that we can continue to access files.

Hope we have a solution soon--I really want AD!

Tony

Guzzi:
I'd like to push this thread up - because me too tried AD-security without success (wastn't able to join the domain) and went back to simple security for the time now.
I definately need only readaccess for common users, restricted access for some shares for the kids and full access for the admin.

Anybody with a successful config in use? Or do I need to wait for next beta?

Thanks, Guzzi

PS:
log shows:
Jul 22 21:28:04 XMS-GMI-02 emhttp: shcmd (214): /usr/bin/net ads join -U "Administrator"%"*****" 2>&1 | logger
Jul 22 21:28:04 XMS-GMI-02 logger: realm must be set in in /etc/samba/smb.conf for ADS join to succeed.
Jul 22 21:28:04 XMS-GMI-02 logger: Invalid configuration. Exiting....
Jul 22 21:28:04 XMS-GMI-02 logger: Failed to join domain: Invalid parameter
Jul 22 21:28:05 XMS-GMI-02 emhttp: shcmd (215): /usr/bin/net ads testjoin -P >/dev/null 2>&1
Jul 22 21:28:05 XMS-GMI-02 emhttp: _shcmd: shcmd (215): exit status: -1

Nyago123:
Hi Guzzi,

My AD works with caveats:
1. I created a domain admin login account with a password where neither contained any special characters or spaces which is exclusively for unRAID use.  Some of the early issues involving this may have been fixed but I'm sticking with this for now.
2. On the Shares page, I did set my own account and a group I created as the AD initial owner and the AD initial group.

I continue to see the aforementioned bug where security changes spontaneously when browsing on whole directory trees in /mnt/user.  What I notice is that the permissions go to 644 and the group becomes "domain users" instead of what I've specified as the AD initial group on the Shares page.  This tells me "domain users" is hard-coded in somewhere or is in some config file from prior use.  When this happens, I just go do a chmod -R 775 directory and a chown -R "<user>:<group>" directory to fix it in /mnt/user.

I do notice I have both a /mnt/user and a /mnt/user0.  I don't know what they are both for.

Navigation

[0] Message Index

[#] Next page