AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:mail.onstor.net
NSV:
SSH:
R:<sandrine.boulanger@onstor.com>,<richard.lareau@onstor.com>,<John.Keiffer@onstor.com>,<dl-LeopardCoreTeam@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@exch1.onstor.net/INBOX	0	102AB4F33EBBDB4C91915B145C8E9FB31284FEF8AA@exch1.onstor.net
X-Sylpheed-End-Special-Headers: 1
Date: Tue, 21 Apr 2009 13:35:29 -0700
From: Andrew Sharp <andy.sharp@onstor.com>
To: Sandrine Boulanger <sandrine.boulanger@onstor.com>
Cc: Rich LaReau <richard.lareau@onstor.com>, John Keiffer
 <John.Keiffer@onstor.com>, dl-Leopard Core Team
 <dl-LeopardCoreTeam@onstor.com>
Subject: Re: AD only access
Message-ID: <20090421133529.08664b8b@ripper.onstor.net>
In-Reply-To: <102AB4F33EBBDB4C91915B145C8E9FB31284FEF8AA@exch1.onstor.net>
References: <102AB4F33EBBDB4C91915B145C8E9FB31284F9B7BB@exch1.onstor.net>
	<102AB4F33EBBDB4C91915B145C8E9FB31284FEF8AA@exch1.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Tue, 21 Apr 2009 13:23:45 -0700 Sandrine Boulanger
<sandrine.boulanger@onstor.com> wrote:

> We also confirmed that if we are logged in a non-admin user of
> that domain (like qacifs7077), we can map the share but we cannot take
> ownership of it, so we cannot write. The only user that can take ownership
> is the one that is used when joining the AD domain from the PanteraLS.

I realize I'm a bit of a noob here, but can we not also gently offer the
workaround of turning on LDAP on the ADC?  I get the impression that we
only have these issues when not using LDAP?

> ________________________________
> From: Rich LaReau
> Sent: Tuesday, April 21, 2009 1:16 PM
> To: John Keiffer; Sandrine Boulanger; dl-Leopard Core Team
> Subject: RE: AD only access
> 
> Yes, the QS guide should have this. Sandrine showed me the workflow, so I'll update the doc.
> 
> Rich
> 
> 
> ________________________________
> From: John Keiffer
> Sent: Tuesday, April 21, 2009 12:37 PM
> To: Sandrine Boulanger; dl-Leopard Core Team
> Subject: RE: AD only access
> John Rogers also said that once a user has taken ownership, they can then grant other users specific permissions. So enguser was able to grant write access to "Domain Users@matrix.lab<mailto:Users@matrix.lab>". So now any user should be able to use the shares with their specified permissions.
> 
> ________________________________
> From: Sandrine Boulanger
> Sent: Tuesday, April 21, 2009 12:32 PM
> To: John Keiffer; dl-Leopard Core Team
> Subject: AD only access
> 
> After configuring the ops system with the 1.1.7-1 ISO, using matrix.lab as domain name for the appliance, joining to AD domain using enguser, I'm able to connect to the cifs share when logged in as enguser to a windows client. When trying to write a file, I get access denied. I then apply the change that JohnK suggested which is to open Properties on that share, go to Security tab, Advanced, Owner, and select enguser as the owner (current owner was an SID that does not seem to resolve). After that, I can write to the share.
> I don't know why we need to do this. Is this acceptable? Should we update the QS guide with those extra steps?
> 
> 
> 
