I have implemented Truenas SCALE to replace an aging Windows File Server, but I have run into a permissions problem. On the Windows File Server, another specific Windows Server had full access to the File Share in the form of an Active Directory Computer Object. Without that, I have had to add modify permissions to the Domain Users group where it was only needed to have Read permissions previously.
How can I add an AD Computer Object, or otherwise allow this server full access to the share?
I found this old post on the old forums:
And have tried a few things relating to using the SID of the computer, but to no avail.
Are you trying to apply to the share ACL or to the filesystem ACL? Filesystem ACL at least you should be able to just type in the computer account name: <DOMAIN>\computername$ and it will work.
Yes, Filesystem ACL. Share ACL is set to Everyone with full access, and I am using the Filesystem ACL to specify access.
I had entered in the computer name as you have written, \computername$, but it didn’t seem have the same effect as on the Windows File Share. If that is just a difference in how Linux handles SMB file sharing, I guess I can work with it.
No. Group works due to how idmap backends are implemented. Basically every AD object could be a user or group (required in order for SID history to work properly).
In general if you just need to allow domain computers access to a share, then you can simply grant “domain computers” access. Every computer account is a member of that group.