What I've done is: 1. Installed OpenSolaris 2008.05 with enabled smb server service. 2. Joined Opensolaris system to the AD domain. 3. Created zpool and zfs with sharesmb option turned on for zfs.
This far everything is fine. I can seen OpenSolaris server using Windows XP for example and I can see previosly (3. step) shared zfs partition. It's clear, that it is possible to set ACL using chmod in OpenSolaris and find SID <-> UID/GID mapping between Windows SID and OpenSolaris UID/GID using idmap dump command. But, the question is - is it possible to to set the same ACL on shared ZFS filesystem from Windows XP system using Property->Security tab. Cause if I try to do it pressing Add button in order to add user/group and the trying to choose Location, the only thing I see is my OpenSolaris server, no way to choose AD as as source for user/group info. As far as I understand based on your answer the is no way to accomplish this, because OpenSolaris currently is only file system and know nothing about AD users/groups. On Thu, 2008-08-14 at 11:45 -0700, Afshin Salek wrote: > I'm not sure what exactly you are doing and what you are > referring to as AD objects but here are two pieces of information: > > 1. We don't support shares' ACL yet > > 2. Generally, we only server file system objects not AD objects. > We publish CIFS shares in AD if a container is specified in share > definition. This is all as far as our AD object support goes. > > Afshin > > Jeff Cheeney wrote: > > On 08/14/08 08:55, Juris Krumins wrote: > >> Currently setup CIFS service in domain mode for Windows AD Domain. Idmapd > >> is running in Ephemeral Mappings mode. > >> Running SunOS 5.11 snv_86 i86pc i386 i86pc > >> Everything running smoothly, except for settings share ACL from Windows > >> XP Pro using AD objects. > >> I've found couple threads in forum, saying that there is no way to > >> enumerate AD objects and set ACL from Windows XP Security tab, using > >> standard idmapd daemon. Is it true, or maybe misunderstand something. > >> > >> Thanks in advance. > >> > >> > > > > The guys on cifs-discuss should be able to help with your query. > > > > --jc > > > > --- > > Jeff Cheeney | OpenSolaris Storage Community | > > http://opensolaris.org/os/storage | http://blogs.sun.com/icedawn > > _______________________________________________ > > cifs-discuss mailing list > > [EMAIL PROTECTED] > > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
