I have non-domain computers VPN in and mount domain shares. These are users that work for us, but are never in our head office. Because of this, their laptops are not (can not) be part of the domain.
The users themselves ARE part of the domain, they have full domain access as per in-house users.
Once a user is VPN’d in, there are three drive shares they need to map. Two of the shares map based on group permissions. Essentially, if the user is part of a specific AD group, they can mount the share.
One of the shares map based on the user permissions. Think home drive shares, but I create them manually instead of using the Univention home drive (I use Domain → Shares). So, I create a share called Bob and give user Bob full permissions and Domain Admins full permissions.
User Bob gets a Permission Denied error from Windows 10 when trying to mount the share.
If I create a group and put bob in it, and change the Group on the share to the new group, Bob can mount the share.
It looks like shares with proper Group permission can be mapped, but shares with proper User permissions cannot.
This is a recent thing. This system has been running for years with no issue, but recently users have been complaining about not being able to mount their home directories. Not all users, but the number is getting higher. I’ve tried turning of NT ACL support on the share (and removing them from the file system using setfacl), but the mapping still fails.
I hope this makes sense, and someone can help me figure out what is going on.
Univention 5.0-1