Setting Permissions on Files

amitshah2003uk

I have created a

Active Directory server
Fileserver and
A windows xp machine using virtual server
All machines are part of a domain and I have managed to set up users and group etc. Which can succesfully login into any machine.


I am playing around with file permissions on the fileserver and wish to add a permissions to a folder I have created and shared.


The only problem is when selecting a user to add to the security of a folder, I cannot change the location to determine where to browse users from. I wish to select users created in my active directory however I can only see the local groups and users to the fileserver.

WHat am i missin

Not sure if I have explained the problem well

any ideas ??????

Thanks
Amit

SORRY NOT SURE WHICH FORUM TO CREATE THIS IN

Plantwiz

amitshah2003uk wrote:

SORRY NOT SURE WHICH FORUM TO CREATE THIS IN

You can start by giving your subject a meaningful description. Just putting 'HELP' as your subject keeps more people away then draws them in to read. I only stopped in because no one's responded.

royal

Sounds like you're not logging in through the domain, but rather logging in through the local account. At the login screen, make sure you choose the drop down and choose the domain. I suspect you set the passwords the same for your local logon and through the domain logon hence why you think you're logging into the domain.

Sie

I agree with Royal on this one.

Attempt to enter the usernames as domain\username when adding them if you have problems.

amitshah2003uk

Thanks for the response

I am login into the domain. I can create a share from the fileserver and see the share from the XP machine. I can use remote desktop from the XP machine to connect to the fileserver and the active directory server.

However I cannot select users from active directory to place into the Access Control List on my shared folder, Only locally created users on the fileserver can be added.

STRANGE

dynamik

On the security tab, clicking the "Add" button will bring up the "Select Users, Computers, or Groups" dialog box. Click the "Locations..." button to change from the local computer to your domain.

amitshah2003uk

Thats the thing thats baffled me if I click locations I cannot see the domain only the local PC.

dynamik wrote:

On the security tab, clicking the "Add" button will bring up the "Select Users, Computers, or Groups" dialog box. Click the "Locations..." button to change from the local computer to your domain.

Sie

Still sounds like your not logged into the domain.

- Do you have AD installed on that machine?
Can you see the Domain in Active Directory Users and Computer or the like?

- What does "set l" display when entered into command prompt?

- When checking Computer Name under Properties of System does it list the domain?

amitshah2003uk

If I run the set l command on each machine

it says loginserver =//ActiveDreictory on all the machines

ActiveDirectory is the name of my domanin controller.

Computer name is

ActiveDirectory.contoso.com
Fileserver.contoso.com
XP.contoso.com

All machines display the domain

contoso.com

Sie

What account are you logging into the file server with?

Local or domain account?

What happens when you enter the username in the format:

domain\username

(leave location as whatever you want)

Have you attempted to remove the server from the domain and re-add?

(I am assuming this share is located on a NTFS partition/volume)

amitshah2003uk

(I am assuming this share is located on a NTFS partition/volume)[/quote]

Sie wrote:

What happens when you enter the username in the format:

domain\username

(leave location as whatever you want)

It says location not found


I am login into each machine using a domain username who is a member of the

Domain admins
Domain users
Domian computers

I will try rejoin the machines to the domain

Sie

Rejoin the file server to the domain.
(What OS is this running by the way is it W2K3 or XP acting as a file server?)

How is your DNS? (Is DNS setup on the DC?)
Can you ping you domain controller via UNC rather than IP?

amitshah2003uk

ActiveDirectory is on server 2003
Filserver is on server 2003
XP is on XP


Ping is succesfully from any machine to each other via computer name

amitshah2003uk

Put the xp machine and filserver to a workgroup. Rebooted

Deleted the computers from active directory and then joined them back to the domain but no difference.

Sie

Will need to have a think about this, nothing else comes to mind right now.
(except possibly netbios not working correctly...Have you any experience of editting the LMHOSTS file?
Update this with the server IP and Hostname and save it. Then run nbtstat -R and then nbtstat -c from command prompt.)

Have you attempted to add these users on another folder?

What is the folder you sharing?

(IE: C:\Settings\Config)

How does this work with a file rather than the folder?
(Is Domain still not listed under location)

amitshah2003uk

Hi thanks for all your help

The domain is still not located under location. Same problem with files and I have also tried creating other folders as a test.

I have created a raid-5 on my fileserver which is mapped to drive s
Then just created a folder called FinanceDocuments on the s drive which is shared.
s:\FinaceDocuments



from the xp machine or the ActiveDirectory machine I can successfully access the share
\\Fileserver\FinaceDocuments
and even create new folders and files within the folder from the domain account I have set up.




No sorry I do not have experience ditting the LMHOSTS file

Sie

Check this KB Article on setting up LMHOST file:

http://support.microsoft.com/kb/314108

I have a few things to get done now, i will have a think and try and check back later.

blargoe

Try a different task that could include a domain user like adding a domain user to a group on that machine. Are the domain users availble for you select then?

Any clues in your Event logs that might would suggest a problem?

dynamik

Have you tried setting permissions on the other machines to see if the domain is available there? I would suggest trying that in order to try and isolate the problem.

If you can ping by name, I don't think you need to worry about netbios/lmhosts. If DNS is functioning correctly (which is necessary for AD), you can get by without netbios all together. It's only still around to maintain compatibility with older software and systems.

Also, if you ping a computer by just it's computer name, does the reply just list the computer name or does it list the FQDN, such as computername.domainname.com? It should do the latter if DNS is working correctly. If it's not, you may have problems with DNS.

Are you logging in under the domain administrator or just a regular user? Maybe you're not allowed to create permissions/shares for the domain.

sprkymrk

Is the XP machine using Simple File Sharing? If so, turn it off.

(Open My Computer)
Tools>Folder Options>View
Scroll all the way down and uncheck "Use simple file sharing".

Do you have DNS set up on the DC, or are you using an ISP DNS server?

Have you messed with any of the security settings on the servers or workstation such as SMB signing, Secure Channel Data signing, or NTLM authentication level, etc?

Sie

sprkymrk wrote:

Is the XP machine using Simple File Sharing? If so, turn it off.

I thought this last night when I hit the sack, just came on now to see how its going.

I wouldnt worry because if Sprkymrk & Dynamik cant fix it then its not broken!!

undomiel

It sounds like you've been logging in with cached credentials and the machine isn't actually communicating with the AD. I would check DNS doing an nslookup from all machines involved on both the ip and the name to make sure they are matching. Also scour your DNS server to make sure there isn't some clutter in the reverse lookup zone messing things up. I've seen that happen a few times. I would also recommend turning up userenv logging to the max and seeing if there are any clues in there.

amitshah2003uk

Hi guys thanks for all your response.
Sorry for not responding having problems with my broadband supplier.

Have you tried setting permissions on the other machines to see if the domain is available there? I would suggest trying that in order to try and isolate the problem.

Same problem


f you ping a computer by just it's computer name, does the reply just list the computer name or does it list the FQDN

It list the FQDN

Do you have DNS set up on the DC, or are you using an ISP DNS server?

I am using an ISP DSN which was provided by my broadband.

When I run nslookup it says DNS request time out.
timeout was 2 seconds
***cant find server name for address 192.168.4.100 Time out
DEfault ServerL Unknown
Adress: 192.168.4.100


+++The address 192.168.4.100 is my primary dns provided by my broadband suppliers++


Have you messed with any of the security settings on the servers or workstation such as SMB signing, Secure Channel Data signing, or NTLM authentication level, etc?

Never touched bit to advanced for me.


Is the XP machine using Simple File Sharing? If so, turn it off.
Yes it was but have turned it of using your guide?


[/b]

amitshah2003uk

I have seen this when the workstation or server has the wrong DNS setttings. i.e. it has your ISP's settings and as a result cannot contact AD to querie the user list

I think all these problems are maybe casued by my DNS set-up