[OmniOS-discuss] CIFS access to a folder with traditional (owner:group:other) Unix permissions

Jens Bauernfeind bauernfeind at ipk-gatersleben.de
Tue Jun 27 07:37:07 UTC 2017 

Hi,

I fixed this problem after executing this:
idmap add winname:"*@<DOMAINNAME>" unixuser:"*"
idmap add wingroup:"*@ <DOMAINNAME>" unixgroup:"*"
svcadm restart idmap
All new created files has now the uid and gid from the IDMU

Jens

> -----Original Message-----
> From: OmniOS-discuss [mailto:omnios-discuss-bounces at lists.omniti.com]
> On Behalf Of Oliver Weinmann
> Sent: Dienstag, 27. Juni 2017 08:25
> To: omnios-discuss <omnios-discuss at lists.omniti.com>
> Subject: [OmniOS-discuss] CIFS access to a folder with traditional
> (owner:group:other) Unix permissions
> 
> Hi,
> 
> 
> 
> we are currently migrating all our data from a NetAPP system to an OmniOS
> sytem.
> 
> 
> 
> The OmniOS system is joined to AD and LDAP client is configured to pull
LDAP
> info from AD / IDMU. This works fine.
> 
> 
> 
> However we can’t manage to have access on folders where we have Unix
> permissions from windows (CIFS).
> 
> 
> 
> e.g.
> 
> 
> 
> the user utest2 is member of the goup “Up BCSIM De_Dt Da Lg”:
> 
> 
> 
> root at omnios01:/hgst4u60/ReferenceAC/BCSIM/Software# groups utest2
> 
> 10000 Up BCSIM De_Dt Da Lg
> 
> 
> 
> The folder Unix has the following permissions set:
> 
> 
> 
> root at omnios01:/hgst4u60/ReferenceAC/BCSIM/Software# ls -al
> 
> total 47
> 
> d---------+  4 root     2147483653       4 Apr 25 05:37 .
> 
> d---------+  4 root     2147483659       4 Apr 25 05:35 ..
> 
> drwxrws---   9 bcsim    Up BCSIM De_Dt Da Lg      11 Mar  9 10:40 Unix
> 
> d---------+  6 root     2147483653       6 Apr 25 05:37 Windows
> 
> 
> 
> so User bcsim and all members of group “Up BCSIM De_Dt Da Lg” can access
> the folder just fine via NFS.
> 
> 
> 
> If the user utest2 tries to access this folder from windows via CIFS he
gets
> access denied.
> 
> 
> 
> If I change the permissions so that other have r-x he can access the
folder
> but then I have no control on who can access the folder.
> 
> 
> 
> On our NetApp system this was working fine. I assume it has to do with the
> IDMAP daemon using ephemeral mappings instead of pulling the uidnumber
> and gidnumber from AD?
> 
> 
> 
> I don’t want to use extended ACLs on this folder.
> 
> 
> 
> Any ideas?
> 
> 
> 
> 
> 
> Oliver Weinmann
> Senior Unix VMWare, Storage Engineer
> 
> Telespazio VEGA Deutschland GmbH
> Europaplatz 5 - 64293 Darmstadt - Germany
> Ph: + 49 (0)6151 8257 744 | Fax: +49 (0)6151 8257 799
> oliver.weinmann at telespazio-vega.de <mailto:oliver.weinmann at telespazio-
> vega.de>
> http://www.telespazio-vega.de
> 
> Registered office/Sitz: Darmstadt, Register court/Registergericht:
Darmstadt,
> HRB 89231; Managing Director/Geschäftsführer: Sigmar Keller

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6023 bytes
Desc: not available
URL: <https://omniosce.org/ml-archive/attachments/20170627/e9454863/attachment.bin>

More information about the OmniOS-discuss mailing list