Hello Gordon, thanks! That seems to be the missing bit.
Is there any kind of documentation available on this topic? Everything i have read always mentioned not to use idmap at all and delete all mappings. Therefore i did the last complete reinstall to have a virgin idmap. Now idmap shows no mapping for the designated user. In fact it show only half a dozen ephemeral SIDs but none of the local oi-useres. Instead i looked up the designated user via 'smbadm lookup <user>' and got the SID S-1-5-21-.......-1101 which 'idmap show sid:S-1-5-21-.......-1101' resolved to the correct numerical posix uid 101, but not vice versa. I assume, that is the reason, windows cannot resolve the user even if i use S-1-5-21-.......-1101 to identify the user as you suggested. What, if even, should i add to the idmap? After reading the man page, i tried to add a winuser/unixuser mapping which didnt help. Numerical mappings based on uid and sid didnt work ("uid:101 is not a valid name"). We are coming closer - but... Regards Thomas ________________________________ From: Gordon Ross <gordon.w.r...@gmail.com> To: Discussion list for OpenIndiana <openindiana-discuss@openindiana.org> Sent: Wednesday, May 30, 2012 5:50 PM Subject: Re: [OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from Windows On Wed, May 30, 2012 at 6:00 AM, <ths.maila...@yahoo.com> wrote: > Hello Gordon, > > thanks for your reply, but this isnt my problem. My users have the necessary > rights. I have no > Everyone ACL, but can create/delete files and folders and modify every single > right in all existing > > ACLs. Since i have used inheritance, i even get a "new" ACL placed in front > of all existing ACLs > > if i try to deny a right that is inherited. If i create a new file/folder and > check the owner from > windows (properties->security->extended security->owner), it show the "right" > local oi-user. > > But - I cannot add a new ACL for a new user because the username didnt get > resolved. Even the > > user that windows shows as ower cannot be found. Also users you get listed in > the extended user > > selection dialog, cannot be used. If you select one and try to confirm it, > you get "Object not found" Oh, that. Yeah, the representation of users in workgroup mode is currently... unfortunate. You have to figure out the machine SID for that user using: idmap show uid:U where U is the numeric user ID. Then use that SID in the ACL editor. Or on the server, use chmod A+... and that UID. This is an area that could use improvement. We plan to work on this, but it will be a while. -- Gordon Ross <g...@nexenta.com> Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss