This might be related to CR 6644025, which has been fixed in snv_85. As far as I remember, you shouldn't run into this problem if your Windows clients are also joined to that AD domain.
Regards, Natalie Andy Lubel wrote: > > On Mar 21, 2008, at 3:18 PM, Natalie Li wrote: > >> Andy Lubel wrote: >> >>> My goal is to put a few SQL server backup devices on a zfs based >>> CIFS share and allowing only 3 specific domain users to access the >>> share. I then plan on sharing the parent pool out via NFS >>> (version 3) for spooling to tape backup system. >>> >>> I have joined our b84 solaris x86 cifs to our AD domain with: >>> #svcadm enable -r smb/server >>> #smbadm join -u domadm corp.addom.local >>> #svcadm restart smb/server >>> >>> then I created a CIFS share on my zpool: >>> #zfs create -o casesensitivity=mixed -o sharesmb=on zpool/winshare >>> >>> Now this is where I get confused as to how to accomplish my goal. >>> I need to allow write by these three users who are all in >>> different windows groups. I don't want to chmod 777 just to have >>> these users be able to all read/write because that would mean that >>> any domain user could read/write! Is the answer using IDMAP with >>> chmod ACL's? >>> >>> Could I somehow use SID's in the chmod command? >>> >> You can do that either from Windows or on your Solaris box using >> chmod. Based on your description, you need to add an ACE for each of >> those 3 domain users to the shared directory (i.e. zpool_winshare) >> to grant them the appropriate permissions. Other ACEs that are >> originally there should be removed from the shared directory's ACL >> to deny access for others. If you're trying to change the ACL from >> Windows make sure the connected user has enough permission to do so. >> >> If you plan to use chmod, please read the chmod man page to see how >> you can edit ZFS ACLs. > > > trying to add users (right click, properties -> security) from XP or > server 2003 workstation crashes explorer.exe.. does that indicate > that my domain integration is incomplete or is there some bug? > > >> >> >>> 'idmap dump' shows my SID after I connect to the share for the >>> first time with an entry in the log that says: >>> >> What idmap rules have you defined? > > > none! and i really want to keep it that way! > >> >> >>> Mar 21 14:04:27 beefeater smbsrv: [ID 138215 kern.notice] NOTICE: >>> smbd[ADDOM\andyl]: . access denied >>> >> I'd assume this is operator error. Based on your description, you >> have only defined zpool_winshare only. "." doesn't seem to be a >> valid share name. Thus, access denied. > > > I'm pretty sure that theres something wacky going on because no > matter what client connects to the share there is always that error > for whatever is called "." which doesnt show up when typing 'sharemgr > show -vp' > >> >> >>> Mar 21 14:04:29 beefeater smbsrv: [ID 138215 kern.notice] NOTICE: >>> smbd[ADDOM\andyl]: zpool_winshare rw access granted >>> >>> >> This indicates has successfully connect to zpool_winshare from a >> CIFS client. >> >> Natalie >> >>> Thanks in Advance, >>> >>> -Andy >>> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> storage-discuss mailing list >>> [email protected] >>> http://mail.opensolaris.org/mailman/listinfo/storage-discuss >>> >> > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
