Data ONTAP Discussions

Highlighted

Listing of ACL failed with setacl tool

Hi all,

 

We migrated our nas datas from EMC to Netapp (9.2P4), and now we are in the process of Active Directory migration.

 

For that reason, we would like to list all ACL present on the datas, then we could know which datas have old AD groups, in order to replace them with new AD Groups.

For this purpose, we use the tool setacl (https://helgeklein.com/setacl/)

 

We have a strange issue regarding these cifs datas:

- when we want to list ACL on a netapp folder, in which there is the "NT Authority\system" account, we have the error: ACL listing failed.

 

Steps done to try to troubleshoot this:

- when removing this account, listing is ok. Opposite test: adding this user on a folder where it works before makes it unable to read ACL. So this user is the problem

- listing the permission on Netapp side: everything is ok we see the account in the ACL

- trying to use other way to list. Works ok with powershell / icalcs / subinacl

- listing is ok for folder which still are on the EMC controller (same folder which were migrated, and whose listing doesn't work)

- check security of the volume, all are in ntfs security mode

 

A lot of work has already been done on scripting using that setacl tool, so we are not ready to use another tool. so that would be great if everyone already experienced this kind of problem.

 

Thanks in advance!

Forums