This post is more than 5 years old
21 Posts
0
1600
October 10th, 2017 23:00
unable give share permission to external incoming domain
Hi Guys,
I have been facing problem to give share level permission to 1 particular userid, the user belongs to a domain which is mentioned as external incoming,Could some one help with that and is it something that requires modification at the domain level, I dont see the domain when I try to apply NTFS permissions also.
Below is the error I'm getting when I try to give share level permissions
Failed to create persona
PS: i tried from GUI interface as always, userid is listed but it doesn't take userid
0 events found
No Events found!
crklosterman
450 Posts
0
October 11th, 2017 10:00
PriyalP7
You're trying to give permissions to a user that belongs to an external AD domain that's in a different AD forest that's un-trusted? That'll likely never work. SMB requires authentication, and if the Isilon cluster can't talk to the domain controllers of that external non-trusted domain, it won't be able to authenticate that that person is who they say they are. You then also have to give access to that user not just to the share, but also filesystem permissions. Share permissions, like NFS client export lists just determine if you're let through the door, not what you can see or touch once you're through, that's filesystem permissions, which are totally separate.
How could you handle this differently? Well for starters you could create a trust between the AD domains, which would then let you assign access to resources in 1 domain to users and groups from the other. That's the simplest approach. You could also give that external user an account in your AD domain just for this specific access.
~Chris
priyal420
21 Posts
0
October 12th, 2017 00:00
Thanks for the reply Chris
I just checked the AD and I believe I need to setup two trust between the parent domain and the domain which is having problems