[OmniOS-discuss] ZFS ACL Solaris CIFS and Windows client

Yavor Tomov yavoritomov at gmail.com
Fri May 1 16:42:29 UTC 2015 

This is an old guide I made long time ago should help you connect and set
permissions.

On Thu, Apr 30, 2015 at 1:56 AM, Sebastian Gabler <sequoiamobil at gmx.net>
wrote:

> Am 29.04.2015 um 20:07 schrieb omnios-discuss-request at lists.omniti.com:
>
>> Message: 3
>> Date: Tue, 28 Apr 2015 19:22:34 +0200
>> From: G?nther Alka <alka at hfg-gmuend.de>
>> To: omnios-discuss <omnios-discuss at lists.omniti.com>
>> Subject: Re: [OmniOS-discuss] ZFS ACL Solaris CIFS and Windows client
>> Message-ID: <9D064AA0-0C34-444F-9FF0-900F32EFF5B9 at hfg-gmuend.de>
>> Content-Type: text/plain; charset=utf-8
>>
>> Lets?s begin with ZFS properties
>> - aclinhert: passthrough
>>
> Thanks. It was on "restricted". I applied the change, but that makes no
> difference to my original problem.
>
>> - aclmode: does not matter for CIFS
>>
> Thanks. Do you have any sources for that for futher studies?
>
>>
>> Next, set idmappings
>> - in Workgroup mode: do not set any user mappings (only group mappings)
>> - in Domain mode: set domainadmins => root
>>
> That's already the case. On that occasion: how would one delegate operator
> permissions for ACL assignment to other users. i.e. if I want certain
> Domain Users to change ACLs, permissions, and privileges, on shares of the
> illumos machine, who are not member of the domain admin group?
>
>>
>> Next: join AD Domain (for domain mode)
>>
>> Next: SMB connect
>> - use root (requires a passwd root to generate s SMB password) or
>> - use an Domain Admin account (requires the idmapping to root)
>>
> I am using the domain admin account. Note: what specifically is not
> working is to set ownership on behalf of a different domain user.
>
>>
>> Windows version:
>> - you need Windows Pro or Windows server (no home edition)
>>
> Known.
>
>>
>> Now you should be able to set ownership and ACL on files and folders.
>>
>> If you want to set ACL on shares, you must
>> - SMB connect as a user that is a member of the Administrators group
>> - use Computer Management on Windows and connect OmniOS
>>
> Trying the latter ends up in "access denied".
> Maybe there is something broken with the user mapping. (i.e., the domain
> admin >root mapping was done, but how do I check if it is in effect, how do
> I check if root (who is in my understanding the provider of the permissions
> to domain admin, right?) has the required privs?
>
>>
>>
>> Gea
>>
>>
>>  Am 28.04.2015 um 14:09 schrieb Sebastian Gabler <sequoiamobil at gmx.net>:
>>>
>>> Hi,
>>>
>>> I am a bit stuck in getting my ACL management straight for the CIFS
>>> shares I run. What I would like to do is to set all the ACLs from Windows.
>>> What does not work right now is to assign ownership to a sharepoint or an
>>> object below it to a different user, i.e. to set ownership as the Domain
>>> Administrator to a specific user. I get an error message that a "Restore"
>>> privilege would be missing, but the error message is unclear if that
>>> applies to the current context (Domain Administrator), or the prospective
>>> owner. I can set full control for that user, however.
>>> Specifically,
>>> 1. I am wondering how to get, from my illumos machine, the privileges
>>> applicable on an object for a certain user.
>>> 2. finding out what is required to take/provide ownership, specifically
>>> of a sharepoint, from Windows, (ACLs, idmap, ZFS acl modes and inhertiance
>>> modes, etc), and in what hierarchy things apply.
>>> I am aware that this may be a FAQ, but I didn't find comprehensive
>>> documentation on the matter. The Oracle docs are focussed to explain how
>>> things work from the Solaris side, most HowTos that include the Windows
>>> side are not deep enough.
>>>
>>> Thanks for any hints.
>>>
>>> With best regards,
>>>
>>> Sebastian
>>> _______________________________________________
>>> OmniOS-discuss mailing list
>>> OmniOS-discuss at lists.omniti.com
>>> http://lists.omniti.com/mailman/listinfo/omnios-discuss
>>>
>>
>>
> _______________________________________________
> OmniOS-discuss mailing list
> OmniOS-discuss at lists.omniti.com
> http://lists.omniti.com/mailman/listinfo/omnios-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20150501/6c157a1f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenIndiana Windows 2008 R2 AD.pdf
Type: application/pdf
Size: 526095 bytes
Desc: not available
URL: <https://omniosce.org/ml-archive/attachments/20150501/6c157a1f/attachment-0001.pdf>

More information about the OmniOS-discuss mailing list