Setting Permissions on Files

amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
I have created a

Active Directory server
Fileserver and
A windows xp machine using virtual server
All machines are part of a domain and I have managed to set up users and group etc. Which can succesfully login into any machine.


I am playing around with file permissions on the fileserver and wish to add a permissions to a folder I have created and shared.


The only problem is when selecting a user to add to the security of a folder, I cannot change the location to determine where to browse users from. I wish to select users created in my active directory however I can only see the local groups and users to the fileserver.

WHat am i missin

Not sure if I have explained the problem well

any ideas ??????

Thanks
Amit

SORRY NOT SURE WHICH FORUM TO CREATE THIS IN

Comments

  • PlantwizPlantwiz Mod Posts: 5,057 Mod
    SORRY NOT SURE WHICH FORUM TO CREATE THIS IN


    You can start by giving your subject a meaningful description. Just putting 'HELP' as your subject keeps more people away then draws them in to read. I only stopped in because no one's responded.
    Plantwiz
    _____
    "Grammar and spelling aren't everything, but this is a forum, not a chat room. You have plenty of time to spell out the word "you", and look just a little bit smarter." by Phaideaux

    ***I'll add you can Capitalize the word 'I' to show a little respect for yourself too.

    'i' before 'e' except after 'c'.... weird?
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Sounds like you're not logging in through the domain, but rather logging in through the local account. At the login screen, make sure you choose the drop down and choose the domain. I suspect you set the passwords the same for your local logon and through the domain logon hence why you think you're logging into the domain.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
  • SieSie Member Posts: 1,195
    I agree with Royal on this one.

    Attempt to enter the usernames as domain\username when adding them if you have problems.
    Foolproof systems don't take into account the ingenuity of fools
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    Thanks for the response

    I am login into the domain. I can create a share from the fileserver and see the share from the XP machine. I can use remote desktop from the XP machine to connect to the fileserver and the active directory server.

    However I cannot select users from active directory to place into the Access Control List on my shared folder, Only locally created users on the fileserver can be added.

    STRANGE
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    On the security tab, clicking the "Add" button will bring up the "Select Users, Computers, or Groups" dialog box. Click the "Locations..." button to change from the local computer to your domain.
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    Thats the thing thats baffled me if I click locations I cannot see the domain only the local PC.

    dynamik wrote:
    On the security tab, clicking the "Add" button will bring up the "Select Users, Computers, or Groups" dialog box. Click the "Locations..." button to change from the local computer to your domain.
  • SieSie Member Posts: 1,195
    Still sounds like your not logged into the domain.

    - Do you have AD installed on that machine?
    Can you see the Domain in Active Directory Users and Computer or the like?

    - What does "set l" display when entered into command prompt?

    - When checking Computer Name under Properties of System does it list the domain?
    Foolproof systems don't take into account the ingenuity of fools
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    If I run the set l command on each machine

    it says loginserver =//ActiveDreictory on all the machines

    ActiveDirectory is the name of my domanin controller.

    Computer name is

    ActiveDirectory.contoso.com
    Fileserver.contoso.com
    XP.contoso.com

    All machines display the domain

    contoso.com
  • SieSie Member Posts: 1,195
    What account are you logging into the file server with?

    Local or domain account?

    What happens when you enter the username in the format:

    domain\username

    (leave location as whatever you want)

    Have you attempted to remove the server from the domain and re-add?

    (I am assuming this share is located on a NTFS partition/volume)
    Foolproof systems don't take into account the ingenuity of fools
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    (I am assuming this share is located on a NTFS partition/volume)[/quote]
    Sie wrote:
    What happens when you enter the username in the format:

    domain\username

    (leave location as whatever you want)


    It says location not found


    I am login into each machine using a domain username who is a member of the

    Domain admins
    Domain users
    Domian computers

    I will try rejoin the machines to the domain
  • SieSie Member Posts: 1,195
    Rejoin the file server to the domain.
    (What OS is this running by the way is it W2K3 or XP acting as a file server?)

    How is your DNS? (Is DNS setup on the DC?)
    Can you ping you domain controller via UNC rather than IP?
    Foolproof systems don't take into account the ingenuity of fools
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    ActiveDirectory is on server 2003
    Filserver is on server 2003
    XP is on XP


    Ping is succesfully from any machine to each other via computer name
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    Put the xp machine and filserver to a workgroup. Rebooted

    Deleted the computers from active directory and then joined them back to the domain but no difference.
  • SieSie Member Posts: 1,195
    Will need to have a think about this, nothing else comes to mind right now.
    (except possibly netbios not working correctly...Have you any experience of editting the LMHOSTS file?
    Update this with the server IP and Hostname and save it. Then run nbtstat -R and then nbtstat -c from command prompt.)

    Have you attempted to add these users on another folder?

    What is the folder you sharing?

    (IE: C:\Settings\Config)

    How does this work with a file rather than the folder?
    (Is Domain still not listed under location)
    Foolproof systems don't take into account the ingenuity of fools
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    Hi thanks for all your help

    The domain is still not located under location. Same problem with files and I have also tried creating other folders as a test.

    I have created a raid-5 on my fileserver which is mapped to drive s
    Then just created a folder called FinanceDocuments on the s drive which is shared.
    s:\FinaceDocuments



    from the xp machine or the ActiveDirectory machine I can successfully access the share
    \\Fileserver\FinaceDocuments
    and even create new folders and files within the folder from the domain account I have set up.




    No sorry I do not have experience ditting the LMHOSTS file
  • SieSie Member Posts: 1,195
    Check this KB Article on setting up LMHOST file:

    http://support.microsoft.com/kb/314108

    I have a few things to get done now, i will have a think and try and check back later.
    Foolproof systems don't take into account the ingenuity of fools
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Try a different task that could include a domain user like adding a domain user to a group on that machine. Are the domain users availble for you select then?

    Any clues in your Event logs that might would suggest a problem?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Have you tried setting permissions on the other machines to see if the domain is available there? I would suggest trying that in order to try and isolate the problem.

    If you can ping by name, I don't think you need to worry about netbios/lmhosts. If DNS is functioning correctly (which is necessary for AD), you can get by without netbios all together. It's only still around to maintain compatibility with older software and systems.

    Also, if you ping a computer by just it's computer name, does the reply just list the computer name or does it list the FQDN, such as computername.domainname.com? It should do the latter if DNS is working correctly. If it's not, you may have problems with DNS.

    Are you logging in under the domain administrator or just a regular user? Maybe you're not allowed to create permissions/shares for the domain.
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Is the XP machine using Simple File Sharing? If so, turn it off.

    (Open My Computer)
    Tools>Folder Options>View
    Scroll all the way down and uncheck "Use simple file sharing".

    Do you have DNS set up on the DC, or are you using an ISP DNS server?

    Have you messed with any of the security settings on the servers or workstation such as SMB signing, Secure Channel Data signing, or NTLM authentication level, etc?
    All things are possible, only believe.
  • SieSie Member Posts: 1,195
    sprkymrk wrote:
    Is the XP machine using Simple File Sharing? If so, turn it off.

    I thought this last night when I hit the sack, just came on now to see how its going.

    I wouldnt worry because if Sprkymrk & Dynamik cant fix it then its not broken!! :D
    Foolproof systems don't take into account the ingenuity of fools
  • undomielundomiel Member Posts: 2,818
    It sounds like you've been logging in with cached credentials and the machine isn't actually communicating with the AD. I would check DNS doing an nslookup from all machines involved on both the ip and the name to make sure they are matching. Also scour your DNS server to make sure there isn't some clutter in the reverse lookup zone messing things up. I've seen that happen a few times. I would also recommend turning up userenv logging to the max and seeing if there are any clues in there.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    Hi guys thanks for all your response.
    Sorry for not responding having problems with my broadband supplier.

    Have you tried setting permissions on the other machines to see if the domain is available there? I would suggest trying that in order to try and isolate the problem.

    Same problem


    f you ping a computer by just it's computer name, does the reply just list the computer name or does it list the FQDN

    It list the FQDN

    Do you have DNS set up on the DC, or are you using an ISP DNS server?

    I am using an ISP DSN which was provided by my broadband.

    When I run nslookup it says DNS request time out.
    timeout was 2 seconds
    ***cant find server name for address 192.168.4.100 Time out
    DEfault ServerL Unknown
    Adress: 192.168.4.100


    +++The address 192.168.4.100 is my primary dns provided by my broadband suppliers++


    Have you messed with any of the security settings on the servers or workstation such as SMB signing, Secure Channel Data signing, or NTLM authentication level, etc?

    Never touched bit to advanced for me.


    Is the XP machine using Simple File Sharing? If so, turn it off.
    Yes it was but have turned it of using your guide?


    :D:D [/b]
  • amitshah2003ukamitshah2003uk Member Posts: 39 ■■□□□□□□□□
    I have seen this when the workstation or server has the wrong DNS setttings. i.e. it has your ISP's settings and as a result cannot contact AD to querie the user list


    I think all these problems are maybe casued by my DNS set-up
Sign In or Register to comment.