Mine has ldap only for passwd and group. So on your system it really works with just having the traditional unix permissions set. There are no ACLs in place?
Do you have an Active Directory domain with IDMU? -----Original Message----- From: Jens Bauernfeind [mailto:bauernfe...@ipk-gatersleben.de] Sent: Dienstag, 27. Juni 2017 15:19 To: Oliver Weinmann <oliver.weinm...@telespazio-vega.de> Cc: omnios-discuss <omnios-discuss@lists.omniti.com> Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional (owner:group:other) Unix permissions also r151022 What is your /etc/nsswitch.conf saying? Mine has nearly everywhere "files ldap", except hosts and ipnodes. > -----Original Message----- > From: Oliver Weinmann [mailto:oliver.weinm...@telespazio-vega.de] > Sent: Dienstag, 27. Juni 2017 14:49 > To: Jens Bauernfeind <bauernfe...@ipk-gatersleben.de> > Cc: omnios-discuss <omnios-discuss@lists.omniti.com> > Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional > (owner:group:other) Unix permissions > > What version of omnios are you using? I'm using R151022. > > -----Original Message----- > From: Jens Bauernfeind [mailto:bauernfe...@ipk-gatersleben.de] > Sent: Dienstag, 27. Juni 2017 14:47 > To: Oliver Weinmann <oliver.weinm...@telespazio-vega.de> > Cc: omnios-discuss <omnios-discuss@lists.omniti.com> > Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional > (owner:group:other) Unix permissions > > Hm, > > maybe I should share my ldap config. > ldapclient -v manual \ > -a credentialLevel=proxy \ > -a authenticationMethod=simple \ > -a proxyDN="cn=XXX" \ > -a proxyPassword=SECRET \ > -a defaultSearchBase=dc=ipk=de \ > -a domainName=DOMAINNAME \ > -a defaultServerList=<IPs of DCs> \ > -a attributeMap=group:userpassword=userPassword \ > -a attributeMap=group:uniqueMember=member \ > -a attributeMap=group:gidnumber=gidNumber \ > -a attributeMap=passwd:gecos=cn \ > -a attributeMap=passwd:gidnumber=gidNumber \ > -a attributeMap=passwd:uidnumber=uidNumber \ > -a attributeMap=passwd:uid=sAMAccountName \ > -a attributeMap=passwd:homedirectory=unixHomeDirectory \ > -a attributeMap=passwd:loginshell=loginShell \ > -a attributeMap=shadow:shadowflag=shadowFlag \ > -a attributeMap=shadow:userpassword=userPassword \ > -a objectClassMap=group:posixGroup=group \ > -a objectClassMap=passwd:posixAccount=user \ > -a objectClassMap=shadow:shadowAccount=user \ > -a serviceSearchDescriptor="passwd:<OUs of users I want to lookup>" \ > -a serviceSearchDescriptor=group: <OUs of groups I want to lookup> \ > -a followReferrals=true > > Maybe also a restart of the smb service? > > Jens > > > -----Original Message----- > > From: Oliver Weinmann [mailto:oliver.weinm...@telespazio-vega.de] > > Sent: Dienstag, 27. Juni 2017 14:40 > > To: Jens Bauernfeind <bauernfe...@ipk-gatersleben.de> > > Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional > > (owner:group:other) Unix permissions > > > > Hi, > > > > > > > > Now I get cant access domain info in the smb log and users are prompted > to > > enter a password when accessing the shares. :( > > > > > > > > From: Jens Bauernfeind [mailto:bauernfe...@ipk-gatersleben.de] > > Sent: Dienstag, 27. Juni 2017 09:37 > > To: Oliver Weinmann <oliver.weinm...@telespazio-vega.de> > > Subject: RE: [OmniOS-discuss] CIFS access to a folder with traditional > > (owner:group:other) Unix permissions > > > > > > > > Hi, > > > > > > > > I fixed this problem after executing this: > > > > idmap add winname:"*@<DOMAINNAME>" unixuser:"*" > > > > idmap add wingroup:"*@ <DOMAINNAME>" unixgroup:"*" > > > > svcadm restart idmap > > > > All new created files has now the uid and gid from the IDMU > > > > > > > > Jens > > > > > > > > From: OmniOS-discuss [mailto:omnios-discuss-boun...@lists.omniti.com] > > On Behalf Of Oliver Weinmann > > Sent: Dienstag, 27. Juni 2017 08:25 > > To: omnios-discuss <omnios-discuss@lists.omniti.com <mailto:omnios- > > disc...@lists.omniti.com> > > > Subject: [OmniOS-discuss] CIFS access to a folder with traditional > > (owner:group:other) Unix permissions > > > > > > > > Hi, > > > > > > > > we are currently migrating all our data from a NetAPP system to an OmniOS > > sytem. > > > > > > > > The OmniOS system is joined to AD and LDAP client is configured to pull > LDAP > > info from AD / IDMU. This works fine. > > > > > > > > However we cant manage to have access on folders where we have Unix > > permissions from windows (CIFS). > > > > > > > > e.g. > > > > > > > > the user utest2 is member of the goup Up BCSIM De_Dt Da Lg: > > > > > > > > root@omnios01:/hgst4u60/ReferenceAC/BCSIM/Software# groups utest2 > > > > 10000 Up BCSIM De_Dt Da Lg > > > > > > > > The folder Unix has the following permissions set: > > > > > > > > root@omnios01:/hgst4u60/ReferenceAC/BCSIM/Software# ls -al > > > > total 47 > > > > d---------+ 4 root 2147483653 4 Apr 25 05:37 . > > > > d---------+ 4 root 2147483659 4 Apr 25 05:35 .. > > > > drwxrws--- 9 bcsim Up BCSIM De_Dt Da Lg 11 Mar 9 10:40 Unix > > > > d---------+ 6 root 2147483653 6 Apr 25 05:37 Windows > > > > > > > > so User bcsim and all members of group Up BCSIM De_Dt Da Lg can > access > > the folder just fine via NFS. > > > > > > > > If the user utest2 tries to access this folder from windows via CIFS he > gets > > access denied. > > > > > > > > If I change the permissions so that other have r-x he can access the > folder > > but then I have no control on who can access the folder. > > > > > > > > On our NetApp system this was working fine. I assume it has to do with the > > IDMAP daemon using ephemeral mappings instead of pulling the > uidnumber > > and gidnumber from AD? > > > > > > > > I dont want to use extended ACLs on this folder. > > > > > > > > Any ideas? > > > > > > > > > > > > Oliver Weinmann > > Senior Unix VMWare, Storage Engineer > > > > Telespazio VEGA Deutschland GmbH > > Europaplatz 5 - 64293 Darmstadt - Germany > > Ph: + 49 (0)6151 8257 744 | Fax: +49 (0)6151 8257 799 > > oliver.weinm...@telespazio-vega.de > <mailto:oliver.weinmann@telespazio- > > vega.de> > > http://www.telespazio-vega.de > > > > Registered office/Sitz: Darmstadt, Register court/Registergericht: > Darmstadt, > > HRB 89231; Managing Director/Geschäftsführer: Sigmar Keller
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com http://lists.omniti.com/mailman/listinfo/omnios-discuss
