Cluster Permissions

[scotty139]

Hi folks newbie here, been volunteered to look after the SAN, think i put up my hand when someone asked who can walk, talk and chew bubblegum at the same time.

Anyway here is the problem, i have all my shares set correctly and permissions set correctly on my SAN drives and cluster resourses. The crunch comes when I fail them over to the other server. All my NTFS file permissions remain unchanged but the actual shares lose the specific users share level access permissions and revert to everyone having full access. I'm using windows 2003 advanced server cluster manager.

This is my only stumbling block so far as I have even managed quorum drives and backup exec clustering, can someone please assist.

Thanks in advance

 

[WhoKilledKenny]

Ran into this problem as well.
1. Make sure Local (not domain) admin has full share permissions. Depending on which node owns the resource you will see node1\Administrator or node2\Administrator with full rights. You only have to set up the local admin once, you don't have to fail over and add it again - It will know.
This comes from Microsoft Support....

2. If you are sharing all subdirctories using the advanced feature on the Cluster resource, it can have only one sharename. If the folder has two sharenames, one gets lost during a fail-over - Don't know why this happens....

 

[fbacchin]

You will have to set specific users share permissions on the cluster resource properties, not on the folder properties at explorer .

 

[scotty139]

Thanks but i cannot add a local user when in a cluster the only administrator i can add to file share permissions is BACCL1/administrator which is the cluster virtual server admin. the message i get back is

"Access to cluster fileshare can be granted/denied only to domain users and groups please remove any local users or groups from the permisions dialog box"

Would access based enumeration help ??

the drive is shared thus

g:\ (default share as normal)
g:\users (cluster share, setup via cluster manager with share subdirectories ticked and with everyone set for full access to share)

g:\users\joe bloggs\ (share permissions set automatically by cluster manager = everyone full access) NTFS permissions are, domain root/admin = full access, local admin = full access, joe bloggs = full access, owner creator = full access

Now anyone can browse thru joes files no problem, this I dont want so changed joes share permisions to reflect that everyone is removed and only joe has access. on move of resourses to other node or failover lo and behold everone has full rights to joes share again ??? dont figure ???

HEEEELLLLP

 

[WhoKilledKenny]

Two Permmission.
1. Share Permission - Must be set on the File Resource in Cluster Administrator. Example Local\Administrator - Full and Everyone - Full.

2. NTFS Permission set on the Folder and Files located on the shared disk.

Permissions are most restrictive - so if the share permission is Everyone - Full and NTFS is Everyone -Read the affective permission for the Everyone Group is Read.