The Windows client is one of the domain controllers. We have also tried this on a Windows Server 2008 node, a Vista node, and an XP node, all members of the domain. Again, we can browse and assign permissions for *any* other domain member server and/or CIFS integrated storage array. This occurs only from shares on the b84 node, regardless of the domain member system that we use. Best Regards, Nick Ross
________________________________ From: Natalie Li [mailto:[EMAIL PROTECTED] Sent: Tue 3/18/2008 6:00 PM To: Nick Ross Cc: [email protected]; linda kateley; [EMAIL PROTECTED]; Josh Wells; [EMAIL PROTECTED] Subject: Re: [storage-discuss] [b84] can not browse domain security principles Nick Ross wrote: > We are unable to browse domain security principles for applying > resource permissions. > > When we go to add either a user or group to a folder or file security > DACL, the 'Locations' option is set to the solaris box (in this case > 'sjm-b84'). Usually on another Windows servers, storage arrays (e.g. > NetApp), solaris 10 or linux based file server we can change the > location to include the domain so that we can add permissions for > users or groups in the domain to the share on the file server. > However, thus far the only location that can be selected has been the > Solaris b84 node. Is your Windows client joined to the same domain as well? If not, it explains why you only see users/groups that is local to your Solaris b84 node. Try by joining your client to the same domain to see if it resolves your problem. > > The multi-domain controller environment is configured to best > practices, we can browse and search the directory from both Windows > and non-Windows operating systems, and the SAMBA server in Solaris 10 > can actually search against the domain. In other words, we've > isolated the only variable to the b84 instance in regards to this problem. > > The b84 node was able to join the domain successfully without issue. > In trying to configure the CIFS client, "sharectl set -p > ads_domain=<domain>" fails with "ads_domain: not defined". The ads_domain property along with many other ADS related properties are obsolete as of snv_79. Thus, you don't need to manage them via sharectl CLI. Regards, Natalie > > Domain consists of three Windows 2003 Servers; member servers have > various operating systems: Windows 2008, Windows Vista, Windows XP, > Solaris 10, Solaris 9, SuSE 10, RHEL4, RHEL5, Ubuntu 7. > > # sharectl get smb > system_comment= > max_workers=64 > netbios_scope= > lmauth_level=4 > keep_alive=5400 > wins_server_1= > wins_server_2= > wins_exclude= > signing_enabled=false > signing_required=false > restrict_anonymous=false > pdc= > ads_site= > ddns_enable=false > autohome_map=/etc > # smbadm list > security mode: domain > domain name: hb.acsportal.com > /etc/resolv.conf and /etc/krb5/krb5.conf is attached. > > Suggestions and assitance is appreciated! > > Best Regards, > Nick Ross > >------------------------------------------------------------------------ > >_______________________________________________ >storage-discuss mailing list >[email protected] >http://mail.opensolaris.org/mailman/listinfo/storage-discuss > >
_______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
