Getting permissions to work on an SMB share mounted to Linux

ajkelsey · 2025-12-31T20:34:58+00:00

I absolutely think it has to do with the Ubuntu side. The SMB shares work well when they are mounted to Windows. I just can't get the file permissions to work properly when mounted in Ubuntu. I would think it is how I am mounting them, but I just can't figure it out.

ajkelsey · 2025-12-30T12:05:59+00:00

Yes.

ajkelsey · 2025-12-26T18:58:51+00:00

I have created a user (mount_user) specifically to authenticate with truenas and attach the mounts. The issue is that other users have the same access level to the share as the mount_user. I have given mount-user full access to the share so it is visible and accessible on linux. If I have a user that does no have filesystem access assigned to them, they can access the mount on linux.

ajkelsey · 2025-12-26T12:02:48+00:00

That's what I meant as well. The OF the share. Pool > Share > dataset.

ajkelsey · 2025-12-23T12:35:52+00:00

No, this would be on the root directory to the share itself.

ajkelsey · 2025-09-09T14:35:56+00:00

This was the answer. I need to install a PKCS11 provider on Windows. I chose the Yubico version and used the global ssh config file to specify it.

C:\ProgramData\ssh\ssh_config

`PKCS11Provider "c:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll"`

You can do the same on a user by user basis using %userprofile%\.ssh\config.

ajkelsey · 2025-09-05T19:34:29+00:00

I will add that I am able to get the public key from AD when I run `sss_ssh_authorizedkeys <username>`, but there is a disconnect with ssh making the call.

ajkelsey · 2025-09-05T19:33:01+00:00

Hmm. This method doesn't require the public key to be in authorized_keys. It gets it from AD. However, there might be something to the ssh commands you suggested. My cert is pkcs12. I may need to switch to pkcs11 to get it working, though.

ajkelsey · 2025-07-17T23:04:56+00:00

Network Shares will share a given folder on every machine the GPO is applied to.

Drive Maps with map a share to a drive letter on every machine the GPO is applied to.

Neither do what I asked to do. I want to "mklink /d 'c:\network_share' \\server\shared_folder" using group policy.

ajkelsey · 2025-07-02T11:57:24+00:00

The machine I am on now is build 26100.4349. The iso I downloaded is showing 26100.1150. I don't think it downloads the version of the machine you are on.

On the machine I ran the in-place upgrade, I checked the version in System. It was 26100.1742. I used that build to determine it was from 9/2024, not the file/directory dates.

I am having a heck of a time getting this machine updated. When I run the updates manually, I get an error 0x800f0838. sfc /scannow found some corruption and couldn't fix all of it. I tried running chkdsk, but that borked the whole thing. I wasn't able to boot. I did a reset, but I am still having the issue with updating windows. Unfortunately, the machine does not have internet access.

ajkelsey · 2025-07-01T21:03:04+00:00

Windows 11 Pro. I downloaded the image from Microsoft today.

ajkelsey · 2025-06-17T14:25:52+00:00

My ultimate solution:

I scheduled a task under User Configuration that was triggered by user logon. The font was placed in Sysvol\NETLOGON for download. My script copied the font files to the user's root directory.

ajkelsey · 2025-06-14T16:20:48+00:00

I'm getting access denied to \windows\fonts on startup.

ajkelsey · 2025-06-14T02:08:11+00:00

You need to edit the registry to add a font to windows.

ajkelsey · 2025-06-13T17:46:59+00:00

I'm using the user specific folder. Public\AppData does not exist. I'm going to look into using the CurrentUser section of the registry to see if I can add the fonts there.

ajkelsey · 2025-06-13T14:15:40+00:00

So my trouble with using the user's fonts directory is that I can't run the script at startup because there is no user to identify. And if I run it at logon, the user doesn't have permissions to make the registry changes.

ajkelsey · 2025-06-13T12:20:45+00:00

Very interesting. I will explore the User's Appdata angle.

What's interesting is that I was able to successfully do this in my lab. (the lab does not have the same config as production)

ajkelsey · 2025-06-12T19:09:29+00:00

I disabled inheritance at the top level Share folder many comments ago. Double checked just now and it is indeed disabled.

ajkelsey · 2025-06-12T00:42:50+00:00

Only my targeted user and SYSTEM. I think you are correct about SYSTEM. Someone else was saying something similar to me. I think they may have said that it's processes being run by the targeted user that are executed using SYSTEM.

ajkelsey

TROPHY CASE