0

Is it anything related to changes that have gone to the NAS volumes . I am getting the error "security id structure invalid" when I try to add users to Home folder on NAS volumes I have tried to add the permissions from the domain controllers it is giving me the same error.

there was a upgrade of NAS servers for EMC ( EMC celerra with gateway clariion ) but it didn't take place due to control station failure. Is this error related upgrade??

server is windows 2003

When i go to \nas6\usr7$ share and right click the folder ,Under security when i try to give permission it states- "unable to save permission changes on Ze175"(folder name) " security id structure invalid" . The same thing happenes when trying from domain controllers.

Could you tell me is this error related to upgrade.Please advice

It's only usin CIFS

wildchild
  • 179
  • 4
  • 20

2 Answers2

1

A lot of inexpensive NAS-type devices based on stripped down versions of samba frequently have issues when it comes to permissions. You're not exactly running into anything new.

Although implementing roaming profiles on a NAS is very possible when samba is properly configured & has a supporting file system that is able to work with samba, it appears as though your particular appliance is falls into that "inexpensive NAS" category.

Unfortunately, it is quite unlikely that you'll be able to implement any form of NTFS permissions. Creating roaming user profiles does require being able to modify NTFS permissions for the new profile. It's equally unlikely that the manufacturer of that device will be able to simply "add" that functionality with a simple firmware update.

Your best bet is to invest into a new NAS that is capable of integrating with active directory & understands NTFS permissions. They cost significantly more in most cases unfortunately.

TheCompWiz
  • 7,349
  • 16
  • 23
  • 1
    Some of the Celerra\Clariion units aren't exactly large scale enterprise grade but I'd hardly call them inexpensive NAS devices - we're talking about a fairly hefty EMC Clariion with dual hot swappable controllers in a Fiber Channel Storage array at the back end and a decent redundant blade head unit. They have solid AD integration that works pretty well, although it has its quirks, it will definitely do what wildchild wants it to do if its properly configured and not broken. – Helvick Sep 01 '10 at 20:37
  • 1
    Fiber Channel Storage is hardly a NAS. Not even similar. I would expect enterprise grade stuff to work well in enterprise environments. I've never dealt with EMC equipment... so I am unfamiliar with their product lines. I *perhaps naively* assumed it's a common-place linux-based embedded platform with a stripped down minimally configurable samba platform which I've run into too many times to count. – TheCompWiz Sep 01 '10 at 20:44
  • I agree that FC and NAS are different things, the point I was making is that this isn't a cheap sub $1k NAS appliance type effort - probably more like $20-$50k and maybe a lot more depending on spec. I'm not all that familiar with Celerra's but the Clariion's they are built on are solid mid range SAN components provided you need less than a Petabyte or so of storage. – Helvick Sep 01 '10 at 20:49
  • Oh and I agree 100% with your point about lousy embedded linux NAS appliances, they bug me too. – Helvick Sep 01 '10 at 20:50
  • I just poked at their site... and found they have an "entry level" NAS (VG2)... that is very sketchy on the details... No mention of Active-Directory integration & such... sounds exactly like the typical lousy embedded linux NAS. I would dig around their forums for more info... but I can't find any "forums" on their site. Not trying to sound inflammatory... or biased against EMC... but I just have 0 experience with them. – TheCompWiz Sep 01 '10 at 21:04
  • EMC Home Page -> Support and Training -> Powerlink . Plenty of information there. – Helvick Sep 04 '10 at 09:23
1

As you say you had an upgrade failure and this is a Celerra unit you need to get EMC support involved. The problem may be a consequence of the upgrade failure or it may indicate a pre-existing error although my guess is that it is related to the failure. They will be able to sort you out - if you've let your support contract lapse then sort that out, you should never run one a system like a Celerra without vendor support.

Edited to add - Celerra's CIFS implementation fully supports AD integration, assigning permissions to files at the NTFS level and to the CIFS shares themselves. The Celerra support tools include a number of MMC plugins to help with administering CIFS shares. At the NTFS level you can just use Explorer or any other tool that understands how to manipulate NTFS permissions so there is nothing wrong with what you are trying to do. It can get a bit more complex, especially if you want to support both AD and Unix users accessing the same data but if you are simply using the Celerra defaults then it works pretty smoothly.

Helvick
  • 19,579
  • 4
  • 37
  • 55