This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I get FILR to use the built-in AD groups?

We have tried to give access to users via the Built-In groups in AD like "Users" and "Authenticated Users". IE like the ones listed here

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers

I can not import these groups into FILR, if I try, FILR will just spin on the LDAP import forever and never resolve.

But if I go to a folder and say "Users" has Read, Read/Execute on it. Users can see the file but they can not view it. Looking in the logs, I see FILR sees the rights. Users ObjectSid is S-1-5-32-545, and the FAMT logs shows the ObjectSid and the correct rights. But it then says "Rights for user <MyUser> is NONE"

2023-08-21T12:03:09.296118-07:00 SVGCMDMFILR2 famtd[2063]: DEBUG:[LWP:2258]Trustees::PopulateTrusteeList:objname: S-1-5-32-545, rights: 0/16/0x001200a9

2023-08-21T12:03:09.296159-07:00 SVGCMDMFILR2 famtd[2063]: DEBUG:[LWP:2258]CIFSOperations::FAMT_GetUserRights:[sid - h0RwkLmM4zD2xJX8cbpHDw==] Rights for user ***** is NONE  granular_rights: 0

Any ideas?

Also, the filr admin to browse, it can view the file, even though the filr proxy account is also getting rights via the Built-In group "Users".

Thanks

Parents Reply Children
No Data