Hi all,
in the Ontapp Doc and in the Filerview Doc,
I can read that Windows Group are not supported in cifs access
command.
I.e. You can't restrict or grant access right for Group SID but only
to User SID :
cifs access <share> [-g] <user|group> <rights>
cifs access MYSHARE MYDOM\MYGROUP "Full control"
should be impossible if the MYDOM\MYGROUP is a Windows Group.
Althought of all I read and was said, an Administer of mine was able
to add ACL for Winbdows Groups with Filerview on several shares. He
was able to verify that the restrictions were working fine (i.e.:
anyone in this group is able to access files in this shares,
anyonewhic his not part of this group have no access to those files).
He was able to do so with Global Groups. So first question : is it
normal ? Did Netapp forget to advertise about this new functionality ?
Does Netapp support this function ? Is there a trick the costumer find
without knowing it ?
He was able to do so for global groups but not for local groups. In
order to be able to deal with local groups, I advise him to use the
"useradmin" command. Also to check the lclgroups.cfg file which is
responsible for local groups (he would know where local groups can be
recorded in order to save this SAM-like file). But :
- useradmin can add users but not groups, can't it ?
- normally User manager Windows tool should permit to create local
users and groups but where the resultant file is located ? (in order
to save it in case of disaster and not redo all the config) ?
The Filer is in 6.1.2R1 in a WinNT/2K domain.
Here is all, thank you much in advance.
in the Ontapp Doc and in the Filerview Doc,
I can read that Windows Group are not supported in cifs access
command.
I.e. You can't restrict or grant access right for Group SID but only
to User SID :
cifs access <share> [-g] <user|group> <rights>
cifs access MYSHARE MYDOM\MYGROUP "Full control"
should be impossible if the MYDOM\MYGROUP is a Windows Group.
Althought of all I read and was said, an Administer of mine was able
to add ACL for Winbdows Groups with Filerview on several shares. He
was able to verify that the restrictions were working fine (i.e.:
anyone in this group is able to access files in this shares,
anyonewhic his not part of this group have no access to those files).
He was able to do so with Global Groups. So first question : is it
normal ? Did Netapp forget to advertise about this new functionality ?
Does Netapp support this function ? Is there a trick the costumer find
without knowing it ?
He was able to do so for global groups but not for local groups. In
order to be able to deal with local groups, I advise him to use the
"useradmin" command. Also to check the lclgroups.cfg file which is
responsible for local groups (he would know where local groups can be
recorded in order to save this SAM-like file). But :
- useradmin can add users but not groups, can't it ?
- normally User manager Windows tool should permit to create local
users and groups but where the resultant file is located ? (in order
to save it in case of disaster and not redo all the config) ?
The Filer is in 6.1.2R1 in a WinNT/2K domain.
Here is all, thank you much in advance.