Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

dzjaypee

2 Posts

1251

September 2nd, 2011 00:00

Same file system in 3 different domains

Hello,

A colleague asked me for a solution to his problem.

He wants to have a set of data (file system) to be available in 3 different AD domains and be able to set permissions on the file share (CIFS) and files in each of these domains.  There is no trust between either of the domains.  Some users have accounts in each of the 3 domains, others just have an acocunt in 1 specific domain.  He wants to be able to move some data between the domains and have other data (images, etc) just available to the 3 domains.

I could make a file system and mount it to 3 different CIFS servers in 3 different VDM's, but I cannot see how the permisisons could ever work properly.

Is there any way I could achieve his goal with a Celerra ?  Or do I need another solution ?

I'm just a storage guy and don't know all the ins and outs of Windows...

Thank you.

urle

48 Posts

September 5th, 2011 04:00

The only platform to achieve this I found is with Celerra. We have the same situation (an forever ongoing merger between to institutions, two old and one new AD domain with no trusts in between and persons with accounts in only one, two or all three ADs).

You have to care for an unique UID for every person - that means every account for the person in the different domain shares the same UID. You have a CIFS server in every domain exporting the same filesystems. The owner of an object in domain A has no rights on it in the other domains, but with an account in domain B with the same UID Windows treats him as the owner of this obejct so he can resume the ownership in that domain too and set the appropriate rights in domain B. The existing ACLs of domain A will coexist but shown only as hex-strings because all domain B servers can't resolve the account name out from domain A.

Until now I couldn't find another NAS platform where I can do the same thing.

Hope this helps, urle

Rainer_EMC

6 Operator

 • 

8.6K Posts

September 5th, 2011 06:00

I think if its CIFS only with NATIVE access policy then you don’t have to have the same UID for every user.

You would of course have to make sure that the ACL’s permit access to all users - .i.e. Allow Everyone

AFAIK Everyone is a special SID that is not domain specific

Rainer

dzjaypee

2 Posts

September 5th, 2011 23:00

Urle, Rainer,

Thank you.

I'm going to try and implement a solution based on your suggestions.

To be continued...

Kind regards,

Jan

Was this post helpful?

View All

0 events found

No Events found!

Top