ONTAP Discussions

listing of ACL failed with tool setacl

nicolasbegard
2,443 Views

Hi all,

 

We migrated our nas datas from EMC to Netapp (9.2P4), and now we are in the process of Active Directory migration.

 

For that reason, we would like to list all ACL present on the datas, then we could know which datas have old AD groups, in order to replace them with new AD Groups.

For this purpose, we use the tool setacl (https://helgeklein.com/setacl/)

 

We have a strange issue regarding these cifs datas:

- when we want to list ACL on a netapp folder, in which there is the "NT Authority\system" account, we have the error: ACL listing failed.

 

Steps done to try to troubleshoot this:

- when removing this account, listing is ok. Opposite test: adding this user on a folder where it works before makes it unable to read ACL. So this user is the problem

- listing the permission on Netapp side: everything is ok we see the account in the ACL

- trying to use other way to list. Works ok with powershell / icalcs / subinacl

- listing is ok for folder which still are on the EMC controller (same folder which were migrated, and whose listing doesn't work)

- check security of the volume, all are in ntfs security mode

 

A lot of work has already been done on scripting using that setacl tool, so we are not ready to use another tool. so that would be great if everyone already experienced this kind of problem.

 

Thanks in advance!

2 REPLIES 2

JGPSHNTAP
2,441 Views

Hmmm.. nt authority/system account is not really needed for netapp anyways.

 

FYI - I would have transitioned to ntfssecurity module with powershell

nicolasbegard
2,421 Views

Hi Jgpshntap,

 

Thanks for information. you're right I think we will go forward on either delete this ACL, or definitely goes with using another tool.

Public