Project

General

Profile

Bug #4479

Unable to assign Windows system account to files or folders ZFS CIFS

Added by Levey Tim over 6 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I have installed 9.2.1.2 and found that a Windows specific account ie."Network Service" cannot be added to a file or folder on FreeNAS, this is a major problem for windows servers that must have access via some system account, specifically a fax server in this case. Freenas does not allow usernames containing a space so I cannot simply create the user in FreeNAS then assign it. When attempting to assign the Windows system account "Network Service" windows immediately throws an error "Unable to save permission changes. The Request is not supported."

History

#1 Updated by Jordan Hubbard over 6 years ago

  • Assignee changed from Levey Tim to John Hixson

BRB: Is the FreeNAS box joined to the same AD server that the windows box is? That should work. Where are you applying the permissions change? The windows side or the FreeNAS side? Sounds like you're saying the Windows side. Another theory is that you simply don't have permission (from the Windows side) to apply the requested ACL change and it has nothing to do with the username having spaces in it. Can you do a getfacl /path/to/sharepoint from the CLI on the FreeNAS box and attach the results?

#2 Updated by Levey Tim over 6 years ago

This is not an AD environment and I am attempting to assing the permissions from Windows. I can change ownership of any file or folder and have a good grasp on the permissions and how to manipulate them at this point. I have gone threw the freeBSD information on creating a user with spaces directly in freeBSD and it appears they just dont support it at this time. I have even attempted to create the user from the cli and its a no go. here is the getfacl response.

[root@freenas /mnt/CAPCISMAIN/STORAGE/SHARED]# getfacl /mnt/CAPCISMAIN/STORAGE/S
HARED/SMB
  1. file: /mnt/CAPCISMAIN/STORAGE/SHARED/SMB
  2. owner: Admin
  3. group: CAPCIS
    everyone@:------a-R-c---:------:allow
    group@:rwxpDdaARWcCo-:fd----:allow
    owner@:rwxpD-aARWcCo-:------:allow
    [root@freenas /mnt/CAPCISMAIN/STORAGE/SHARED]# ^C
    [root@freenas /mnt/CAPCISMAIN/STORAGE/SHARED]#

#3 Updated by John Hixson over 6 years ago

  • Status changed from Unscreened to Screened
  • Target version changed from 9.2.1.2-RELEASE to 49

Levey Tim wrote:

This is not an AD environment and I am attempting to assing the permissions from Windows. I can change ownership of any file or folder and have a good grasp on the permissions and how to manipulate them at this point. I have gone threw the freeBSD information on creating a user with spaces directly in freeBSD and it appears they just dont support it at this time. I have even attempted to create the user from the cli and its a no go. here is the getfacl response.

[root@freenas /mnt/CAPCISMAIN/STORAGE/SHARED]# getfacl /mnt/CAPCISMAIN/STORAGE/S
HARED/SMB
  1. file: /mnt/CAPCISMAIN/STORAGE/SHARED/SMB
  2. owner: Admin
  3. group: CAPCIS
    everyone@:------a-R-c---:------:allow
    group@:rwxpDdaARWcCo-:fd----:allow
    owner@:rwxpD-aARWcCo-:------:allow
    [root@freenas /mnt/CAPCISMAIN/STORAGE/SHARED]# ^C
    [root@freenas /mnt/CAPCISMAIN/STORAGE/SHARED]#

So I've experimented with what you are attempting to do. I created a fully open share on FreeNAS, accessed it from a windows 7 box, tried to add 'NETWORK SERVICE' to the ACL, and yeah, it doesn't allow it. It comes down to FreeBSD does not allow usernames with spaces in them. Is there any particular reason you can't just create another user for this particular purpose? or a group that has 'NETWORK SERVICE' in it without the spaces?

#4 Updated by Levey Tim over 6 years ago

I will attempt to create a new windows group and assign "Network Service" to it. Windows uses "Network Service" account to login to network services and perform some function ie read/write files to a network drive, if it does not have access then you cannot use the windows functionality that requires this.

#5 Updated by Levey Tim over 6 years ago

Ok, I cannot apply any user or group that is created or owned by windows. I can only create a group or user on FreeBSD and then apply that entity to any folder from within a windows client. If you look under security permissions on the windows client you will see the only location available when accessing a folder or file on FreeNAS is the netbios name that that folder or file resides on, in my case "NAS". There is no way to change that location under any advanced settings. I cannot even take ownership of the folder or file using a windows User or Group the option just is not available, the error message is "Unable to set new owner. You do not have the Restore privilege required to set this user/group as owner". I have tried this using both "Unix" and "Windows" permission settings in freeNAS

#6 Updated by Sean Fagan over 6 years ago

Is this anything related to the group issue that came up shortly after I started here?

#7 Updated by Jordan Hubbard over 4 years ago

  • Status changed from Screened to Closed

BRB: Timing out and closing

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Target version changed from 49 to N/A

Also available in: Atom PDF