OMV Authenticated in AD still showing private folders public

  • Hello Team,


    I have been trying to read all available resources from the forum and the internet which could possible help me with my concern.
    Unfortunately, I have been unable to work things out on my OMV Server. I hope someone could enlighten me on my case.


    OMV Setup: ESXi 5.5
    Authentication: Active Directory (more than 300 users)


    Basically, what I wanted to achieve is:


    1. Have 1 main Shared Folder (PRIVATE) authenticated via AD with 500GB Space allocated.
    2. Create 5 Subfolders (HR, ACCOUNTING, SUPPORT, FRONTDESK, ADMIN) authenticated via AD User (note: I have already created groups on AD corresponding to the subfolder labels)
    NOTE: I want to have HR Users to access HR-Vault and so goes with the rest of the folders.
    3. Get a Thin Provision for the Disk Storage so the ESXi Server can still have a dynamic storage space.


    So, I have accomplish #1 but stuck on #2 and #3.


    Hope this images gives you more information (see attachments).


    PROBLEM:
    Even though the permission set for that sample user is correctly applied, when browsing through windows explorer it still allows the user to view the restricted folders. Also, is there any way we can setup Thin Provision on OMV?


    Hope someone can help me with my issues.


    Thanks,
    Neil H.

  • So, I have accomplish #1 but stuck on #2 and #3.


    Did you consider to create individual shares instead of subfolders? I highly suggest you try to configure it the other way around ;)


    Also, do not use ACLs, just use permissions. ;)


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Thanks for the quick response davidh2k :thumbsup:


    However, the reason behind the setup (only having one big HUGE Folder) is to escape multiple mounts on physical disks in the ESXi Server.
    Also, we wont restrict users from this department to upload large files (specially documents and other paper works). So, rather placing one disk for one department and in the long run -- edit disks one by one.
    I prefer to have only huge disk where everything is stored. Another advantage for having one disk is -- easy management of data from ESXi and OMV. That is also a relation to my question about Thin Provisioning of disk (ESXi)


    Is there anyway I can accomplish it?

  • But the shared folder is one disk, isnt it?


    You can have multiple shared folders on one disk.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Yes.. here is the folder tree.


    INTERNAL FOLDER (Shared | requires AD Auth)
    ---------- HR-VAULT (Shared among HR Users | requires AD Auth)
    ---------- Tier2-VAULT (Shared among Tier2 Users | requires AD Auth)
    ---------- ADMIN-VAULT (Shared among ADMIN Users | requires AD Auth)


    Question is, how can i restrict HR-VAULT for HR only if I won't use ACL? I remember that subfolder should be controlled using ACL, right?

  • You can just do that with samba permissions.


    Just make it 5 shared folders and set the permissions accordingly. Samba will respect them. ;)


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • What you see on the lower part is the FILESYSTEM permission.


    The above is the permission (that samba uses). Samba works ontop of the filesystem permissions and can be more restrictive than the filesystem permissions, but not more open. So just setup your permissions in the above menu and you'll be fine.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!