Hi,
we are migrating CIFS users files( profiles, homefolders etc) from Windows 2003 Clusters to Netapp Vfilers. Robocopy is one of the tools used for migration.
Robocopy options used:
robocopy Z:\files\ \\NetappVfiler\Users\files\ /E /SEC /COPYALL /ZB /R:0 /W:0/mir /np /xd "RECYCLER" "System Volume Information" "Thumbs.db" /log:robocopy1.log
The first copy runs fine. All catalogs/files and their security settings are the same on destination as the source.
Also on files that is not owned by the admin user logged in when we use Robocopy. Everything is just fine.
But when we try to run Robocopy the second time we got access denied on files that is not owned by the admin user.
robocopy Z:\files\ \\NetappVfiler\Users\fles\ /E /SEC /COPYALL /ZB /R:0 /W:0 /mir /np /xd "RECYCLER" "System Volume Information" "Thumbs.db" /log:robocopy1.log
Newer 10 New Text Document.txt
2011/11/16 13:13:02 ERROR 5 (0x00000005) Copying File Z:\files\New Text Document.txt
Access is denied.
Running a sectrace shows:
/files/New Text Document.txt
Wed Nov 16 13:13:03 CET [NetappVfiler@NetApp-V3240: sectrace.filter.allowed:info]: [vfiler: NetappVfiler: 3] Access allowed because the file is being opened for backup - Status: 1:142671872:0:0 - 172.17.12.24 - NT user name: \administrator - UNIX user name: pcuser(65534) - Qtree security style is NTFS and NT ACL is set on file/directory - Path: /vol/qt1/files/New Text Document.txt
Wed Nov 16 13:13:03 CET [NetappVfiler@NetApp-V3240: sectrace.filter.denied:info]: [vfiler: NetappVfiler sectrace index: 2] Access denied because 'Write' permission (0x2) is not granted on file or directory (Access denied because the requested permissions are not granted by the access control entries) - Status: 1:239075332:32:61 - 172.17.12.24 - NT user name: \administrator - UNIX user name: pcuser(65534) - Qtree security style is NTFS and NT ACL is set on file/directory - Path: /vol/qt1
NetApp-V3240> vfiler run NetappVfiler sectrace print-status 1:239075332:32:61
=====NetappVfiler
Access denied because requested permission is not granted on file or directory.
- Access allowed by share-level ACL.
- Access denied because the requested permissions are not granted by the access control entries.
NetApp-V3240>
Yes we know that we do not have the access to the file. The user we are using is an administrator in the windows domain and on the Vfiler. And is a member of the local Backup Operator on the Netapp Vfiler.
If we do a robocopy between two windows servers the job is run's fine on the same files, no access denied.
Do we have a problem with the backup opertator modus on Netapp. Is there a CIFS "Superuser" on Netapp we should be using?