Turning on options cifs.trace_login if it's not already on may help detail why it's failing.
And Note: If you set the option wafl.nt_admin_priv_map_ to_root to On, all accounts in the Administrators group are considered root.
Hopefully that helps.
Cheers,
Justin Skinner http://www.180mph.com Powered by Electricty & NetBSD - http://www.netbsd.org
On Mon, 8 Aug 2005, Palmer, Jason wrote:
Sounds like the Qtree / Volume has a mixed security style from the text below ?
Have you installed SecureShare Admin which shows you an extra tab in Windows and allows you to manipulate the UNIX permissions ? You may be able to use this to change the permissions to allow you back and place a Windows ACL back on the directory and files.
I have recently had a similar experience - took a little playing from a Windows and Solaris Box to get me back in to access the files, but got there in the end.
Jason
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Shelton, Lewis Sent: 08 August 2005 17:12 To: toasters@mathworks.com Subject: CaseId : 1122669 Importance: High
Good Morning,
Since you folks are the guru's I thought I would bounce this off of you. I have spoken to NetApp, however the solution they gave is going to be really hard to get approved.
We are seeing issues on our NetApp filers where we cannot manipulate certain files. Here is an example of what we ran into last week.
Joe Smith leaves the company. He has a Windows home directory that is set up on a NTFS qtree. We go to backup his home directory (using a simple copy script) but a number of files won't copy because they are owned by "root" and we get the lovely "access denied" error. The files cannot be copied, or opened, nor can we change permissions or ownership. Files with this problem can however be deleted. Not much of a backup if they are deleted, but not much of a backup. Also interesting is that from within Windows Explorer if you right click on the properties of the file the "Security" tab that is normally present is not there.
I spent a bunch of time on the phone with NetApp this morning. We tried adding my user account to the usermap.cfg as root and a couple of other things but nothing worked. Their solution is that to resolve we must be OU admins at minimum.
I wanted to run it by you folks to see if you have seen situations like this and if so, what you did to fix it.
A couple of other notes:
- If you cd to the offending area and do an ls -l on the directory, problem
files appear like the one below.
-rwxrwxrwx 1 root root 694 Jan 22 1992 spcurins.ins
- If you try to chown the file nothing changes
Thank you,
Lewis Shelton
Lewis Shelton
System Administrator - Northeast
Mentor Graphics Corporation
Email: lewis_shelton@mentor.com mailto:lewis_shelton@mentor.com
Phone: 508-303-5237
Cell: 978-549-9071
Fax: 508-480-0882
From: Avs, Mohan [mailto:Mohan.Avs@netapp.com] Sent: Monday, August 08, 2005 10:43 AM To: Shelton, Lewis Subject: CaseId : 1122669 Importance: High
Hi Lewis
This has reference to the Case Id: 1122669 , here is the problem description
There are certain files which are created by other users and given specific permissions by those users. Qtree is an NTFS qtree. Customer wants to copy the file or edit the file using a different username which is not equivalent to administrator.
changed the option cifs.nfs_root_ignore_acl on .
changed the option wafl.default_unix_user root
After this disconnected the drive and tried accessing the file. Still access denied
You are unable to see the security tab on the file to change permission. Explained him that these files will have specific permissions and that is the reason he is not able to access the file
Only administrator of the Domain or administrator account of OU which was used to setup the file should be able to access the file. This is a windows issue and it working according the windows rules and permissions .In windows least restrictive permissions applies for the user. This is true for any windows users and even if they are created on the local machine.
The only user who can access the file and take ownership and change permissions of the file is "administrator"
Thank you for choosing Network Appliance
To View & Update your Case : : https://now.netapp.com/eservice/caseAction.do?moduleName=CASE https://now.netapp.com/eservice/caseAction.do?moduleName=CASE and key in your case Id
Mohan A.V.S NetApp Global Services Technical Support Engineer - Filer Network Appliance (r) Inc. Email : avs@netapp.com mailto:avs@netapp.com
Tech Support Hotline 1.888.4.NETAPP [1.888.463.8277] ____________________________________________________________
Office Hours Sun - Thu : 12.30AM - 10.30AM PST
Get answers NOW! @ http://now.netapp.com http://now.netapp.com/ or @ www.netapp.com http://www.netapp.com/
Everyone at Network Appliance is committed to the highest level of customer satisfaction.
If at any time you feel that you're less than very satisfied with our Support please contact my manager Jacob Thomas at jacobt@netapp.com
From: Shelton, Lewis [mailto:lewis_shelton@mentor.com] Sent: Monday, August 08, 2005 7:45 PM To: Shelton, Lewis; Avs, Mohan Subject: RE: Case 1122669
Mon Aug 8 10:14:32 EDT [auth.trace.authenticateUser.loginTrace:info]: AUTH: Login attempt by user millworth$ of domain MGC from client machine 134.86.78.194.
Mon Aug 8 10:14:32 EDT [auth.trace.spnegoAuthentication.statusMsg:info]: AUTH: SPNEGO- Attempting to map PC user to UNIX user millworth$.
Mon Aug 8 10:14:32 EDT [auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user millworth$ to Unix user root.
Mon Aug 8 10:14:32 EDT [auth.trace.authenticateUser.loginAccepted:info]: AUTH: Login by millworth$ from 134.86.78.194 accepted.
Thank you,
Lewis Shelton
Lewis Shelton
System Administrator - Northeast
Mentor Graphics Corporation
Email: lewis_shelton@mentor.com mailto:lewis_shelton@mentor.com
Phone: 508-303-5237
Cell: 978-549-9071
Fax: 508-480-0882
The information contained herein is confidential and is intended solely for the addressee. Access by any other party is unauthorised without the express written permission of the sender. If you are not the intended recipient, please contact the sender either via the company switchboard on +44 (0)20 7623 8000, or via e-mail return. If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. 3166