What version of omnios are you using? I'm using R151022. -----Original Message----- From: Jens Bauernfeind [mailto:bauernfe...@ipk-gatersleben.de] Sent: Dienstag, 27. Juni 2017 14:47 To: Oliver Weinmann <oliver.weinm...@telespazio-vega.de> Cc: omnios-discuss <omnios-discuss@lists.omniti.com> Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional (owner:group:other) Unix permissions
Hm, maybe I should share my ldap config. ldapclient -v manual \ -a credentialLevel=proxy \ -a authenticationMethod=simple \ -a proxyDN="cn=XXX" \ -a proxyPassword=SECRET \ -a defaultSearchBase=dc=ipk=de \ -a domainName=DOMAINNAME \ -a defaultServerList=<IPs of DCs> \ -a attributeMap=group:userpassword=userPassword \ -a attributeMap=group:uniqueMember=member \ -a attributeMap=group:gidnumber=gidNumber \ -a attributeMap=passwd:gecos=cn \ -a attributeMap=passwd:gidnumber=gidNumber \ -a attributeMap=passwd:uidnumber=uidNumber \ -a attributeMap=passwd:uid=sAMAccountName \ -a attributeMap=passwd:homedirectory=unixHomeDirectory \ -a attributeMap=passwd:loginshell=loginShell \ -a attributeMap=shadow:shadowflag=shadowFlag \ -a attributeMap=shadow:userpassword=userPassword \ -a objectClassMap=group:posixGroup=group \ -a objectClassMap=passwd:posixAccount=user \ -a objectClassMap=shadow:shadowAccount=user \ -a serviceSearchDescriptor="passwd:<OUs of users I want to lookup>" \ -a serviceSearchDescriptor=group: <OUs of groups I want to lookup> \ -a followReferrals=true Maybe also a restart of the smb service? Jens > -----Original Message----- > From: Oliver Weinmann [mailto:oliver.weinm...@telespazio-vega.de] > Sent: Dienstag, 27. Juni 2017 14:40 > To: Jens Bauernfeind <bauernfe...@ipk-gatersleben.de> > Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional > (owner:group:other) Unix permissions > > Hi, > > > > Now I get cant access domain info in the smb log and users are prompted to > enter a password when accessing the shares. :( > > > > From: Jens Bauernfeind [mailto:bauernfe...@ipk-gatersleben.de] > Sent: Dienstag, 27. Juni 2017 09:37 > To: Oliver Weinmann <oliver.weinm...@telespazio-vega.de> > Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional > (owner:group:other) Unix permissions > > > > Hi, > > > > I fixed this problem after executing this: > > idmap add winname:"*@<DOMAINNAME>" unixuser:"*" > > idmap add wingroup:"*@ <DOMAINNAME>" unixgroup:"*" > > svcadm restart idmap > > All new created files has now the uid and gid from the IDMU > > > > Jens > > > > From: OmniOS-discuss [mailto:omnios-discuss-boun...@lists.omniti.com] > On Behalf Of Oliver Weinmann > Sent: Dienstag, 27. Juni 2017 08:25 > To: omnios-discuss <omnios-discuss@lists.omniti.com <mailto:omnios- > disc...@lists.omniti.com> > > Subject: [OmniOS-discuss] CIFS access to a folder with traditional > (owner:group:other) Unix permissions > > > > Hi, > > > > we are currently migrating all our data from a NetAPP system to an OmniOS > sytem. > > > > The OmniOS system is joined to AD and LDAP client is configured to pull LDAP > info from AD / IDMU. This works fine. > > > > However we cant manage to have access on folders where we have Unix > permissions from windows (CIFS). > > > > e.g. > > > > the user utest2 is member of the goup Up BCSIM De_Dt Da Lg: > > > > root@omnios01:/hgst4u60/ReferenceAC/BCSIM/Software# groups utest2 > > 10000 Up BCSIM De_Dt Da Lg > > > > The folder Unix has the following permissions set: > > > > root@omnios01:/hgst4u60/ReferenceAC/BCSIM/Software# ls -al > > total 47 > > d---------+ 4 root 2147483653 4 Apr 25 05:37 . > > d---------+ 4 root 2147483659 4 Apr 25 05:35 .. > > drwxrws--- 9 bcsim Up BCSIM De_Dt Da Lg 11 Mar 9 10:40 Unix > > d---------+ 6 root 2147483653 6 Apr 25 05:37 Windows > > > > so User bcsim and all members of group Up BCSIM De_Dt Da Lg can access > the folder just fine via NFS. > > > > If the user utest2 tries to access this folder from windows via CIFS he gets > access denied. > > > > If I change the permissions so that other have r-x he can access the folder > but then I have no control on who can access the folder. > > > > On our NetApp system this was working fine. I assume it has to do with the > IDMAP daemon using ephemeral mappings instead of pulling the uidnumber > and gidnumber from AD? > > > > I dont want to use extended ACLs on this folder. > > > > Any ideas? > > > > > > Oliver Weinmann > Senior Unix VMWare, Storage Engineer > > Telespazio VEGA Deutschland GmbH > Europaplatz 5 - 64293 Darmstadt - Germany > Ph: + 49 (0)6151 8257 744 | Fax: +49 (0)6151 8257 799 > oliver.weinm...@telespazio-vega.de <mailto:oliver.weinmann@telespazio- > vega.de> > http://www.telespazio-vega.de > > Registered office/Sitz: Darmstadt, Register court/Registergericht: Darmstadt, > HRB 89231; Managing Director/Geschäftsführer: Sigmar Keller
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss