Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Jordan Brown jordan.br...@oracle.com writes: On 12/08/10 11:08 AM, Harry Putnam wrote: What I see logged in remotely with TERM set to xterm [...] idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 [...] AFter using the suggested command I see this... (exactly the same): idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 My bet is that your login shell and your terminal do not agree on what character set you are using. $ env | grep LC_ $ env | grep LANG may be illuminating. You would then want to look at the configuration of your terminal program to see what character set it is expecting. I'm not sure what kind of output would illuminate... I didn't learn much but don't now what to expect or look for: env |grep LC_ nothing env |grep LANG LANG=en_US.UTF-8 I see the same output with term set to vt100, sun-color, linux or xterm. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Alan Wright alan.wri...@oracle.com writes: [...] Thanks for the good input Some of the experts and semi-experts that have populated the newsgroup microsoft.public.windowsxp.* and its forrunners.. Have posted that as a solution to windows networking problems for yrs. V Semi-experts. I like that :-) Those are the people that Jay Leno talks to when when he's jaywalking. Right?. Got it. Not sure what you mean... I guess you mean the posters are dunces or something like eh? And of course there are herds of those in the windows newsgroups. However there are a number of heavy hitters that can tell you a very lot about networking with windows machines. Probably not quite the level of expertise you may find in solaris groups but still not Dough Doughs either. Any way... thanks for the useful input... well appreciated here. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Afshin Salek afshin.sa...@oracle.com writes: groups refer to user groups (e.g. Domain Users) not workgroups. If you're operating in Workgroup mode, idmap rules are not particularly useful. In Workgroup mode you MUST have local users on the Solaris box and use those usernames/passwords to access the system over SMB. Now, if you define the local Solaris users with the same names and passwords of your Windows users then you should be good to go. Nicely clears up some things for me... thanks. I've run across the talk of windows domains and there usage but never went that way since my `domain' is fake `in house' one. But I've wondered if a few times if I could go that route anyway, and if it would make home lan networking any handier. About your other question: # idmap add ... defines an idmap rule which is stored in a private database used by idmap service and it will be effective until it's explicitly removed using idmap remove Haa... again a nice clear presentation and again has helped my understanding quite a lot. So apparently then it persists thru reboot eh? ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/08/10 11:08 AM, Harry Putnam wrote: What I see logged in remotely with TERM set to xterm [...] idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 [...] AFter using the suggested command I see this... (exactly the same): idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 My bet is that your login shell and your terminal do not agree on what character set you are using. $ env | grep LC_ $ env | grep LANG may be illuminating. You would then want to look at the configuration of your terminal program to see what character set it is expecting. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Alan Wright alan.wri...@oracle.com writes: [...] It seems way over complicated for a home lan user. And I suppose that isn't where it is targetted either. Have you tried using something based on the example on that page: idmap add winuser:te...@example.com unixuser:terrym I wasn't much able to follow it as I said. Where does that bit go... does it get written somewhere, is it a cmd from the terminal prompt? I get rejected sometimes on cifs shares... not at other times. See the comment on guest access below. My working windows uid is different than solaris uid but I do have a windows user on every windows machine with the same name as my solaris user. It used to be necessary to do that just to make windows networking work with other windows machines. That was never necessary (on Windows or Solaris). If the names don't match, you may have to provide an appropriate name (and password) that is valid on the server from which you are mapping the share. If an first authentication fails, you may be granted guest access, which will possibly result in being denied access to files based on the ACLs. It may not have been absolutely necessary on windows but many many user have found (I mean before the advent of windows 7) it necessary to have a like named user on all the windows machines involved in networking ... that is if you wanted to have smooth sailing and not have to diddle around too much. Some of the experts and semi-experts that have populated the newsgroup microsoft.public.windowsxp.* and its forrunners.. Have posted that as a solution to windows networking problems for yrs. [...] Making the names and passwords the same on both client and server tends to simplify things but it is not a requirement. I could not tell from your input if the answer to my question was yes or what. Whatever that input was you posted: idmap add winuser: [...] Is that something that is found in a file used for mapping windows names to unix user names? ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
groups refer to user groups (e.g. Domain Users) not workgroups. If you're operating in Workgroup mode, idmap rules are not particularly useful. In Workgroup mode you MUST have local users on the Solaris box and use those usernames/passwords to access the system over SMB. Now, if you define the local Solaris users with the same names and passwords of your Windows users then you should be good to go. About your other question: # idmap add ... defines an idmap rule which is stored in a private database used by idmap service and it will be effective until it's explicitly removed using idmap remove Afshin On 12/ 7/10 05:49 PM, Harry Putnam wrote: Alan Wrightalan.wri...@oracle.com writes: It seems way over complicated for a home lan user. And I suppose that isn't where it is targetted either. Have you tried using something based on the example on that page: idmap add winuser:te...@example.com unixuser:terrym Alan, it kind of sounds like something like this could be used to map a work group to a unix users name The author mentions The mapping works on both a per-user and a per-group basis and for entire Windows domains But he doesn't mention work groups, although he does say earlier that: Create bidirectional rule-based mappings for users and groups whose Windows names do not exactly match the Solaris names. What is meant by `groups' there? The author goes quite at length about using this to lock users out.. not something that would come up in my usage, but he doesn't explain so well... at least not to my feeble mind, how this works in much detail. It never seems to say where this stuff gets recorded or anything about editing specific control files These commands look like they might take care of things at a higher level: # idmap add 'winuser:*...@example.com' 'unixuser:*' # idmap add 'wingroup:*...@example.com' 'unixgroup:*' So do you just have to give that command before every usage or at a reboot or something or does it get recorded somewhere? As you see I'm plenty confused about it. The man pages on my system are completely useless and seem to have lots of unusual characters from non-english language or something in lots of key places rendering them unusable... at least for me. I have to look them up online and then its not always clear if they pertain to openindiana or what. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/7/10 5:30 PM, Harry Putnam wrote: Alan Wrightalan.wri...@oracle.com writes: [...] It seems way over complicated for a home lan user. And I suppose that isn't where it is targetted either. Have you tried using something based on the example on that page: idmap add winuser:te...@example.com unixuser:terrym I wasn't much able to follow it as I said. Where does that bit go... does it get written somewhere, is it a cmd from the terminal prompt? You type it at the terminal prompt. Replace te...@example.com with your Windows username. If the Windows username is a local account, you don't need any @domain part. Replace terrym with your UNIX username. Page 8 in the PDF explains the typographic conventions. I get rejected sometimes on cifs shares... not at other times. See the comment on guest access below. My working windows uid is different than solaris uid but I do have a windows user on every windows machine with the same name as my solaris user. It used to be necessary to do that just to make windows networking work with other windows machines. That was never necessary (on Windows or Solaris). If the names don't match, you may have to provide an appropriate name (and password) that is valid on the server from which you are mapping the share. If an first authentication fails, you may be granted guest access, which will possibly result in being denied access to files based on the ACLs. It may not have been absolutely necessary on windows but many many user have found (I mean before the advent of windows 7) it necessary to have a like named user on all the windows machines involved in networking ... that is if you wanted to have smooth sailing and not have to diddle around too much. Some of the experts and semi-experts that have populated the newsgroup microsoft.public.windowsxp.* and its forrunners.. Have posted that as a solution to windows networking problems for yrs. Semi-experts. I like that :-) Those are the people that Jay Leno talks to when when he's jaywalking. Right?. Got it. Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/7/10 5:49 PM, Harry Putnam wrote: The man pages on my system are completely useless and seem to have lots of unusual characters from non-english language or something in lots of key places rendering them unusable... at least for me. Are you using the man command to look at the man pages or trying to view them in an editor or document reader? If you are using a terminal with the man command, try typing the following lines at the command prompt: /bin/bash export DISPLAY=vt100 man idmap Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss