Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/10/10 07:00 AM, Harry Putnam wrote: I'm not sure what kind of output would illuminate... I didn't learn much but don't now what to expect or look for: env |grep LC_ env |grep LANG I see the same output with term set to vt100, sun-color, linux or xterm. $term won't affect these results. What terminal program are you using? Here's what I think is happening: "man" is for some reason using one of the Unicode "fancy" dashes, the ones that aren't from vanilla ASCII. They are all pretty similar character codes; I don't think it matters which it's using. Suppose for the moment that it's using HYPHEN, U+2010. That encodes into UTF-8 as E2, 80, 90. If you view those bytes as ISO 8859-1 data, they are â, DCS, XXX. There's the â that you're seeing, and I wouldn't be surprised to find that DCS messes your terminal program up for a while and that's why some text is missing. So: Man is generating UTF-8 data, and my bet is that your terminal program is interpreting it as ISO 8859-1 data. The simplest workaround is to change LANG to en_US.ISO8859-1, either with setenv LANG en_US.ISO8859-1 (for csh) or LANG=en_US.ISO8859-1; export LANG (for most other shells) Alternatively, you may be able to change the settings on your terminal program so that it interprets UTF-8 data. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Jordan Brown writes: > On 12/08/10 11:08 AM, Harry Putnam wrote: >> What I see logged in remotely with TERM set to xterm >> [...] >> idmap setâaauthenticationMethod] [âDbindDN] >>[âjpasswdfile] name1 name2 >> >> [...] >> >> AFter using the suggested command I see this... (exactly the same): >> >> idmap setâaauthenticationMethod] [âDbindDN] >>[âjpasswdfile] name1 name2 > > My bet is that your login shell and your terminal do not agree on what > character set you are using. > > $ env | grep LC_ > $ env | grep LANG > > may be illuminating. You would then want to look at the configuration > of your terminal program to see what character set it is expecting. I'm not sure what kind of output would illuminate... I didn't learn much but don't now what to expect or look for: env |grep LC_ env |grep LANG I see the same output with term set to vt100, sun-color, linux or xterm. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/08/10 11:08 AM, Harry Putnam wrote: What I see logged in remotely with TERM set to xterm [...] idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 [...] AFter using the suggested command I see this... (exactly the same): idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 My bet is that your login shell and your terminal do not agree on what character set you are using. $ env | grep LC_ $ env | grep LANG may be illuminating. You would then want to look at the configuration of your terminal program to see what character set it is expecting. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Perhaps try: stty istrip Alan On 12/ 8/10 11:08 AM, Harry Putnam wrote: Alan Wright writes: On 12/7/10 5:49 PM, Harry Putnam wrote: The man pages on my system are completely useless and seem to have lots of unusual characters from non-english language or something in lots of key places rendering them unusable... at least for me. Are you using the man command to look at the man pages or trying to view them in an editor or document reader? If you are using a terminal with the man command, try typing the following lines at the command prompt: /bin/bash export DISPLAY=vt100 man idmap I was using man command at cmdline on a remote login. What I see logged in remotely with TERM set to xterm [...] idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 [...] AFter using the suggested command I see this... (exactly the same): idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 Even if I back out and set the TERM to vt100 on the local and ssh from the same shell to oi, so my TERM is set to vt100 at login, I still see the same thing. Some pages appear cleaner... for example `man iostat' shows much less of that. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
About your other question: # idmap add ... defines an idmap rule which is stored in a private database used by idmap service and it will be effective until it's explicitly removed using "idmap remove" Haa... again a nice clear presentation and again has helped my understanding quite a lot. So apparently then it persists thru reboot eh? The rules won't go anywhere until they're *explicitly* removed using idmap CLI. The definition/removal of the idmap rules is under admin's control. Afshin ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Alan Wright writes: > On 12/7/10 5:49 PM, Harry Putnam wrote: >> The man pages on my system are completely useless and seem to have >> lots of unusual characters from non-english language or something in >> lots of key places rendering them unusable... at least for me. > > Are you using the man command to look at the man pages > or trying to view them in an editor or document reader? > > If you are using a terminal with the man command, try > typing the following lines at the command prompt: > > /bin/bash > export DISPLAY=vt100 > man idmap I was using man command at cmdline on a remote login. What I see logged in remotely with TERM set to xterm [...] idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 [...] AFter using the suggested command I see this... (exactly the same): idmap setâaauthenticationMethod] [âDbindDN] [âjpasswdfile] name1 name2 Even if I back out and set the TERM to vt100 on the local and ssh from the same shell to oi, so my TERM is set to vt100 at login, I still see the same thing. Some pages appear cleaner... for example `man iostat' shows much less of that. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Afshin Salek writes: > "groups" refer to user groups (e.g. Domain Users) not workgroups. > > If you're operating in Workgroup mode, idmap rules are not particularly > useful. In Workgroup mode you MUST have local users on the Solaris > box and use those usernames/passwords to access the system over SMB. > Now, if you define the local Solaris users with the same names and > passwords of your Windows users then you should be good to go. Nicely clears up some things for me... thanks. I've run across the talk of windows domains and there usage but never went that way since my `domain' is fake `in house' one. But I've wondered if a few times if I could go that route anyway, and if it would make home lan networking any handier. > About your other question: > > # idmap add ... > > defines an idmap rule which is stored in a private database used > by idmap service and it will be effective until it's explicitly > removed using "idmap remove" Haa... again a nice clear presentation and again has helped my understanding quite a lot. So apparently then it persists thru reboot eh? ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Alan Wright writes: [...] Thanks for the good input >>> Some of the experts and semi-experts that have populated the newsgroup >> microsoft.public.windowsxp.* and its forrunners.. >> Have posted that as a solution to windows networking problems for yrs. > V> Semi-experts. I like that :-) Those are the people that Jay > Leno talks to when when he's jaywalking. Right?. Got it. Not sure what you mean... I guess you mean the posters are dunces or something like eh? And of course there are herds of those in the windows newsgroups. However there are a number of heavy hitters that can tell you a very lot about networking with windows machines. Probably not quite the level of expertise you may find in solaris groups but still not Dough Doughs either. Any way... thanks for the useful input... well appreciated here. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/7/10 5:49 PM, Harry Putnam wrote: The man pages on my system are completely useless and seem to have lots of unusual characters from non-english language or something in lots of key places rendering them unusable... at least for me. Are you using the man command to look at the man pages or trying to view them in an editor or document reader? If you are using a terminal with the man command, try typing the following lines at the command prompt: /bin/bash export DISPLAY=vt100 man idmap Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/7/10 5:30 PM, Harry Putnam wrote: Alan Wright writes: [...] It seems way over complicated for a home lan user. And I suppose that isn't where it is targetted either. Have you tried using something based on the example on that page: idmap add winuser:te...@example.com unixuser:terrym I wasn't much able to follow it as I said. Where does that bit go... does it get written somewhere, is it a cmd from the terminal prompt? You type it at the terminal prompt. Replace te...@example.com with your Windows username. If the Windows username is a local account, you don't need any @domain part. Replace terrym with your UNIX username. Page 8 in the PDF explains the typographic conventions. I get rejected sometimes on cifs shares... not at other times. See the comment on guest access below. My working windows uid is different than solaris uid but I do have a windows user on every windows machine with the same name as my solaris user. It used to be necessary to do that just to make windows networking work with other windows machines. That was never necessary (on Windows or Solaris). If the names don't match, you may have to provide an appropriate name (and password) that is valid on the server from which you are mapping the share. If an first authentication fails, you may be granted guest access, which will possibly result in being denied access to files based on the ACLs. It may not have been absolutely necessary on windows but many many user have found (I mean before the advent of windows 7) it necessary to have a like named user on all the windows machines involved in networking ... that is if you wanted to have smooth sailing and not have to diddle around too much. Some of the experts and semi-experts that have populated the newsgroup microsoft.public.windowsxp.* and its forrunners.. Have posted that as a solution to windows networking problems for yrs. Semi-experts. I like that :-) Those are the people that Jay Leno talks to when when he's jaywalking. Right?. Got it. Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
"groups" refer to user groups (e.g. Domain Users) not workgroups. If you're operating in Workgroup mode, idmap rules are not particularly useful. In Workgroup mode you MUST have local users on the Solaris box and use those usernames/passwords to access the system over SMB. Now, if you define the local Solaris users with the same names and passwords of your Windows users then you should be good to go. About your other question: # idmap add ... defines an idmap rule which is stored in a private database used by idmap service and it will be effective until it's explicitly removed using "idmap remove" Afshin On 12/ 7/10 05:49 PM, Harry Putnam wrote: Alan Wright writes: It seems way over complicated for a home lan user. And I suppose that isn't where it is targetted either. Have you tried using something based on the example on that page: idmap add winuser:te...@example.com unixuser:terrym Alan, it kind of sounds like something like this could be used to map a work group to a unix users name The author mentions "The mapping works on both a per-user and a per-group basis and for entire Windows domains" But he doesn't mention work groups, although he does say earlier that: Create bidirectional rule-based mappings for users and groups whose Windows names do not exactly match the Solaris names. What is meant by `groups' there? The author goes quite at length about using this to lock users out.. not something that would come up in my usage, but he doesn't explain so well... at least not to my feeble mind, how this works in much detail. It never seems to say where this stuff gets recorded or anything about editing specific control files These commands look like they might take care of things at a higher level: # idmap add 'winuser:*...@example.com' 'unixuser:*' # idmap add 'wingroup:*...@example.com' 'unixgroup:*' So do you just have to give that command before every usage or at a reboot or something or does it get recorded somewhere? As you see I'm plenty confused about it. The man pages on my system are completely useless and seem to have lots of unusual characters from non-english language or something in lots of key places rendering them unusable... at least for me. I have to look them up online and then its not always clear if they pertain to openindiana or what. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Alan Wright writes: >> It seems way over complicated for a home lan user. And I suppose that >> isn't where it is targetted either. > > Have you tried using something based on the example on that page: > > idmap add winuser:te...@example.com unixuser:terrym Alan, it kind of sounds like something like this could be used to map a work group to a unix users name The author mentions "The mapping works on both a per-user and a per-group basis and for entire Windows domains" But he doesn't mention work groups, although he does say earlier that: Create bidirectional rule-based mappings for users and groups whose Windows names do not exactly match the Solaris names. What is meant by `groups' there? The author goes quite at length about using this to lock users out.. not something that would come up in my usage, but he doesn't explain so well... at least not to my feeble mind, how this works in much detail. It never seems to say where this stuff gets recorded or anything about editing specific control files These commands look like they might take care of things at a higher level: # idmap add 'winuser:*...@example.com' 'unixuser:*' # idmap add 'wingroup:*...@example.com' 'unixgroup:*' So do you just have to give that command before every usage or at a reboot or something or does it get recorded somewhere? As you see I'm plenty confused about it. The man pages on my system are completely useless and seem to have lots of unusual characters from non-english language or something in lots of key places rendering them unusable... at least for me. I have to look them up online and then its not always clear if they pertain to openindiana or what. ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
Alan Wright writes: [...] >> It seems way over complicated for a home lan user. And I suppose that >> isn't where it is targetted either. > > Have you tried using something based on the example on that page: > > idmap add winuser:te...@example.com unixuser:terrym > I wasn't much able to follow it as I said. Where does that bit go... does it get written somewhere, is it a cmd from the terminal prompt? >> I get rejected sometimes on cifs shares... not at other times. > > See the comment on guest access below. >> My working windows uid is different than solaris uid but I do have a >> windows user on every windows machine with the same name as my solaris >> user. It used to be necessary to do that just to make windows >> networking work with other windows machines. > > That was never necessary (on Windows or Solaris). If the names don't > match, you may have to provide an appropriate name (and password) > that is valid on the server from which you are mapping the share. > If an first authentication fails, you may be granted guest access, > which will possibly result in being denied access to files based > on the ACLs. It may not have been absolutely necessary on windows but many many user have found (I mean before the advent of windows 7) it necessary to have a like named user on all the windows machines involved in networking ... that is if you wanted to have smooth sailing and not have to diddle around too much. Some of the experts and semi-experts that have populated the newsgroup microsoft.public.windowsxp.* and its forrunners.. Have posted that as a solution to windows networking problems for yrs. [...] > Making the names and passwords the same on both client and server > tends to simplify things but it is not a requirement. I could not tell from your input if the answer to my question was yes or what. Whatever that input was you posted: idmap add winuser: [...] Is that something that is found in a file used for mapping windows names to unix user names? ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
Re: [cifs-discuss] Mapping of windows user to unix users for cifs
On 12/6/10 5:59 PM, Harry Putnam wrote: I was trying to study this page... and was on the verge of dry heaving from straining my pea brain within a few minutes: http://docs.sun.com/app/docs/doc/820-2429/createidmappingstrategy?l=en&a=view It seems way over complicated for a home lan user. And I suppose that isn't where it is targetted either. Have you tried using something based on the example on that page: idmap add winuser:te...@example.com unixuser:terrym I get rejected sometimes on cifs shares... not at other times. See the comment on guest access below. My working windows uid is different than solaris uid but I do have a windows user on every windows machine with the same name as my solaris user. It used to be necessary to do that just to make windows networking work with other windows machines. That was never necessary (on Windows or Solaris). If the names don't match, you may have to provide an appropriate name (and password) that is valid on the server from which you are mapping the share. If an first authentication fails, you may be granted guest access, which will possibly result in being denied access to files based on the ACLs. To disable guest access: Create a local Solaris account named guest and use passwd to protected it. I wonder if it would help if the user attempting to use a share is the same name as a user with permissions for those files on the solaris machine. Making the names and passwords the same on both client and server tends to simplify things but it is not a requirement. Alan ___ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
