Hi, everyone. I have successfully joined an Opensolaris box to our company's Win 2003 server domain.
The machine is custom-built; Intel Atom-based (for energy efficiency reasons) with 4GB ram, and 2x1.5TB drives set as a ZFS mirror. I also updated from 2009.06 to svn_126 (in preparation for joining the final, Windows Server 2008 domain ctrler - apparently I will need the updated smb server, hence the update). I have also successfully exported a ZFS samba share from the 1.5TB pool - and Windows machines from the domain can see it, and read/write files inside it. Permissions seem to be ok - i did not use idmap to set custom mappings, since the ephemeral ones seem to do the job just fine. I used "idmap show -c winuser:<account>" to look at the ephemerally mapped UID, and used /bin/chown and /bin/chmod to assign owners and ACLs. All is well... but I am afraid of something, and wanted to ask here in cifs-discuss before I actually start using this machine as a 'file server' in the domain. If I use the share from a Windows PC, where a domain user has logged in, the generated folders/files indeed seem to belong to the same user (when reviewed from another machine). The ACLs appear to survive reboots... Do they? i.e. is this guaranteed? The idmap documentation I read seems to suggest that even though idmap attempts to retain the same ephemeral UID for the same Windows SID, this is not guaranteed... the UID might change after a reboot of OpenSolaris. If that is the case, what will happen,permission wise? If ZFS is storing the ACLs using the (old) UID value prior to the reboot, and a new UID is generated for the same windows user, he will suddenly lose the ability to access his files, no? For the machine to play the role of a "Windows" file server, obviously it has to be able to survive reboots - but from what I could gather with Googling, after a reboot the files might end up as owned by 'nobody', since the ephemeral UID may no longer be the same. What am I missing? Do I have to maintain "manual" idmap mappings between Windows and the box, to guarantee "survival" of ACLs across reboots? P.S. I also tried "idmap add winuser:* unixuser:*", hoping that it would "magically" mirror the win users into opensolaris.... but /bin/ls -V continues to show the ephemeral UID as owner, not a "magically-made" local user... hence my fear that ZFS is storing these ephemeral UIDs, which might change after a reboot. Thanks in advance for any help, Thanasssis. -- What I gave, I have; what I spent, I had; what I kept, I lost. -Old Epitaph
_______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
