Hello Gordon,
thanks! That seems to be the missing bit.
Is there any kind of documentation available on this topic?
Everything i have read always mentioned not to use idmap at all and delete all
mappings.
Therefore i did the last complete reinstall to have a virgin idmap. Now idmap
shows
no mapping for the designated user. In fact it show only half a dozen ephemeral
SIDs
but none of the local oi-useres.
Instead i looked up the designated user via 'smbadm lookup <user>' and got the
SID
S-1-5-21-.......-1101 which 'idmap show sid:S-1-5-21-.......-1101' resolved to
the correct
numerical posix uid 101, but not vice versa. I assume, that is the reason,
windows cannot
resolve the user even if i use S-1-5-21-.......-1101 to identify the user as
you suggested.
What, if even, should i add to the idmap? After reading the man page, i tried
to add a
winuser/unixuser mapping which didnt help. Numerical mappings based on uid and
sid
didnt work ("uid:101 is not a valid name").
We are coming closer - but...
Regards
Thomas
________________________________
From: Gordon Ross <[email protected]>
To: Discussion list for OpenIndiana <[email protected]>
Sent: Wednesday, May 30, 2012 5:50 PM
Subject: Re: [OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from
Windows
On Wed, May 30, 2012 at 6:00 AM, <[email protected]> wrote:
> Hello Gordon,
>
> thanks for your reply, but this isnt my problem. My users have the necessary
> rights. I have no
> Everyone ACL, but can create/delete files and folders and modify every single
> right in all existing
>
> ACLs. Since i have used inheritance, i even get a "new" ACL placed in front
> of all existing ACLs
>
> if i try to deny a right that is inherited. If i create a new file/folder and
> check the owner from
> windows (properties->security->extended security->owner), it show the "right"
> local oi-user.
>
> But - I cannot add a new ACL for a new user because the username didnt get
> resolved. Even the
>
> user that windows shows as ower cannot be found. Also users you get listed in
> the extended user
>
> selection dialog, cannot be used. If you select one and try to confirm it,
> you get "Object not found"
Oh, that. Yeah, the representation of users in workgroup mode is currently...
unfortunate. You have to figure out the machine SID for that user using:
idmap show uid:U
where U is the numeric user ID.
Then use that SID in the ACL editor.
Or on the server, use chmod A+... and that UID.
This is an area that could use improvement.
We plan to work on this, but it will be a while.
--
Gordon Ross <[email protected]>
Nexenta Systems, Inc. www.nexenta.com
Enterprise class storage for everyone
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
