On Wed, Jun 18, 2008 at 04:39:52PM -0400, Kyle McDonald wrote: > Is SFU required to use only NFSv3 between Solaris Machines?
No. A Unix name service is strongly implied. That could be SFU. > >No interop with Linux with NFSv3. Try using CIFS. > > > But Linux SMB mounts are done as a single UserID right? I don't know. I haven't tried (and don't have a Linux system to try with). > If IT will allo me to run my own AD sub domain, can I run SFU only > there, and pass the parent domain User/Passord info through to Solaris > and Linux? We run an AD domain. So do others. I'm not sure what you mean by "pass the parent domain User/Passord info through to Solaris and Linux". In AD you don't use passwords -- you use NTLM and Kerberos V credentials. Yes, those are generally obtained via passwords (ignore PKINIT for now), but once acquired you don't use your password. > >idmapd supports just these ID mapping methods: > > > > - directory-based name mapping > > - rule-based name mapping > > - ephemeral ID mapping > > - local SID mapping > > > >The first one works by adding attributes to your AD or native LDAP > >schema to name an entity's equivalent entity on the other side. > > > > > That sounds the most striaght forward, but that's the one Linux doesn't > support yet right? Samba supports name-based mapping rules. I don't recall if it supports anything like directory-based name mapping. > >The second works by providing local rules that tell you how to map an > >entity on one side to one on the other. These rules also work with > >names. > > > Even that sounds good to me. It's easy! > >Ephemeral ID mapping dynamically allocates UIDs and GIDs to Windows > >entities on demand. The pool of UIDs and GIDs used for this is the 2^31 > >to 2^31-2 range of UID/GID values. We took pains to make sure that the > >system does not store these anywhere permanently, and we restart the > >allocations on reboot. ZFS stores SIDs now. > > > > > That sounds like it might be great in some situations, but I don't think > it'll ork for me... Than again after I read everything I might change my > mind. It's great if you're building file servers. If you're building clients then you need nss_ad (ongoing project) and even then that doesn't help you with NFSv3. > >Local SID mapping is used to map non-ephemeral UIDs/GIDs to RIDs > >relative to the local SID when there's no other way to map them. > > > By local, you mean local to the local machine? or can these mappings be Yes. > stored in NIS or NIS+? and shared beteen machines? No, they cannot. > For that matter can the Rule Mapping mentioned above be distributed in > NIS, NIS+, or someother (non-AD) LDAP? No. If you need to distribute your name mappings, use directory-based name mapping. > Either way I bet Linux doesn't have anything that matches up. Just rules. > I guess I need to go read up on SFU too. It looks like I've put this off > way too long. So, what are you trying to do? > Any chance any of this will be prted to linux anytime soon? By us? Not a chance. We're busy enough as it is! But the code *is* CDDLed, and mostly user-land code. The kernel parts you can write from scratch if you like -- it's not hard. You'd have to use an IPC other than doors, of course. Oh, one more thing: there's no range of UIDs/GIDs in Linux that can be stolen for ephemeral ID mapping, the way we did for Solaris, because Linux used unsigned ints for uid_t/gid_t from the get go. > Note to Sun: I'd be wiilling to install (and buy!) Sun Software on all > my linux machines, in order to make this all place nice together! Solaris is Sun SW... :) :) Nico -- _______________________________________________ opensolaris-discuss mailing list [email protected]
