Andy Lubel wrote: >My goal is to put a few SQL server backup devices on a zfs based CIFS >share and allowing only 3 specific domain users to access the share. >I then plan on sharing the parent pool out via NFS (version 3) for >spooling to tape backup system. > >I have joined our b84 solaris x86 cifs to our AD domain with: > #svcadm enable -r smb/server > #smbadm join -u domadm corp.addom.local > #svcadm restart smb/server > >then I created a CIFS share on my zpool: > #zfs create -o casesensitivity=mixed -o sharesmb=on zpool/winshare > >Now this is where I get confused as to how to accomplish my goal. I >need to allow write by these three users who are all in different >windows groups. I don't want to chmod 777 just to have these users be >able to all read/write because that would mean that any domain user >could read/write! Is the answer using IDMAP with chmod ACL's? > >Could I somehow use SID's in the chmod command? > > You can do that either from Windows or on your Solaris box using chmod. Based on your description, you need to add an ACE for each of those 3 domain users to the shared directory (i.e. zpool_winshare) to grant them the appropriate permissions. Other ACEs that are originally there should be removed from the shared directory's ACL to deny access for others. If you're trying to change the ACL from Windows make sure the connected user has enough permission to do so.
If you plan to use chmod, please read the chmod man page to see how you can edit ZFS ACLs. >'idmap dump' shows my SID after I connect to the share for the first >time with an entry in the log that says: > > What idmap rules have you defined? >Mar 21 14:04:27 beefeater smbsrv: [ID 138215 kern.notice] NOTICE: >smbd[ADDOM\andyl]: . access denied > > I'd assume this is operator error. Based on your description, you have only defined zpool_winshare only. "." doesn't seem to be a valid share name. Thus, access denied. >Mar 21 14:04:29 beefeater smbsrv: [ID 138215 kern.notice] NOTICE: >smbd[ADDOM\andyl]: zpool_winshare rw access granted > > > This indicates has successfully connect to zpool_winshare from a CIFS client. Natalie >Thanks in Advance, > >-Andy > > > > > > > > >_______________________________________________ >storage-discuss mailing list >[email protected] >http://mail.opensolaris.org/mailman/listinfo/storage-discuss > > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
