On Mar 21, 2008, at 3:18 PM, Natalie Li wrote: > Andy Lubel wrote: > >> My goal is to put a few SQL server backup devices on a zfs based >> CIFS share and allowing only 3 specific domain users to access the >> share. I then plan on sharing the parent pool out via NFS >> (version 3) for spooling to tape backup system. >> >> I have joined our b84 solaris x86 cifs to our AD domain with: >> #svcadm enable -r smb/server >> #smbadm join -u domadm corp.addom.local >> #svcadm restart smb/server >> >> then I created a CIFS share on my zpool: >> #zfs create -o casesensitivity=mixed -o sharesmb=on zpool/winshare >> >> Now this is where I get confused as to how to accomplish my goal. >> I need to allow write by these three users who are all in >> different windows groups. I don't want to chmod 777 just to have >> these users be able to all read/write because that would mean that >> any domain user could read/write! Is the answer using IDMAP with >> chmod ACL's? >> >> Could I somehow use SID's in the chmod command? >> > You can do that either from Windows or on your Solaris box using > chmod. Based on your description, you need to add an ACE for each of > those 3 domain users to the shared directory (i.e. zpool_winshare) > to grant them the appropriate permissions. Other ACEs that are > originally there should be removed from the shared directory's ACL > to deny access for others. If you're trying to change the ACL from > Windows make sure the connected user has enough permission to do so. > > If you plan to use chmod, please read the chmod man page to see how > you can edit ZFS ACLs.
trying to add users (right click, properties -> security) from XP or server 2003 workstation crashes explorer.exe.. does that indicate that my domain integration is incomplete or is there some bug? > > >> 'idmap dump' shows my SID after I connect to the share for the >> first time with an entry in the log that says: >> > What idmap rules have you defined? none! and i really want to keep it that way! > > >> Mar 21 14:04:27 beefeater smbsrv: [ID 138215 kern.notice] NOTICE: >> smbd[ADDOM\andyl]: . access denied >> > I'd assume this is operator error. Based on your description, you > have only defined zpool_winshare only. "." doesn't seem to be a > valid share name. Thus, access denied. I'm pretty sure that theres something wacky going on because no matter what client connects to the share there is always that error for whatever is called "." which doesnt show up when typing 'sharemgr show -vp' > > >> Mar 21 14:04:29 beefeater smbsrv: [ID 138215 kern.notice] NOTICE: >> smbd[ADDOM\andyl]: zpool_winshare rw access granted >> >> > This indicates has successfully connect to zpool_winshare from a > CIFS client. > > Natalie > >> Thanks in Advance, >> >> -Andy >> >> >> >> >> >> >> >> >> _______________________________________________ >> storage-discuss mailing list >> [email protected] >> http://mail.opensolaris.org/mailman/listinfo/storage-discuss >> > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
