The potential risk is running out of ephemeral IDs if somebody
launches a DoS attack against your Solaris system (which I don't
know if that would be even possible in your environemt) but I don't
think you have much choice here if you want this user to have
access to the system.
Afshin
Liebster, Daniel wrote:
Are there any security implications to this change?
On 7/22/09 5:06 PM, "Afshin Salek" <[email protected]> wrote:
Maybe this user had something in her SID history that idmap couldn't
validate and resolve in the current domain. What this setting does
is that, idmap will map any SID that has a valid format whether or not
it can validate in the current domain.
Afshin
Liebster, Daniel wrote:
Thank you very much, this worked. (I wonder why none of the other users had
this problem? It is being actively used)
On 7/22/09 3:56 PM, "Afshin Salek" <[email protected]> wrote:
Is she having problem even logging in to the box or just browsing?
What's the username? since I see some "idmap failed" messages in the
log for CSHL\nakasone
If this is the user who has problem you might want to do the following
and ask her to try again:
# svccfg -s idmap setprop config/unresolvable_sid_mapping = boolean: true
# svcadm refresh idmap
If this doesn't resolve the problem a network trace from her login
and access attempt would be useful.
Afshin
Daniel Liebster wrote:
I have a CIFS server in AD mode(117b) that denies access to a single user.
She cannot browse the volume even though "everyone" has access. This from
either xp(joined to domain) or from a Mac using "Connect to server" with
smb://server . No one else in the domain has this problem. The server only
serves up CIFS, not NFS. She can access windows CIFS servers, and her
account
looks "normal" in the AD control panel. Any pointers on how to
troubleshoot?
------------------------------------------------------------------------
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
