CIFS SHARE windows 2008 r2
Added by Anthony Glidic about 1 year ago
Hi, i have some issue with cifs sharing and active directory integration, i want to put acl on my folder but to do this i need uid or gid. And i have trouble because when i make an idmap dump -n, i have that: idmap dump -n wingroup:Domain Users@nexenta == gid:2147483652 winuser:Guest@nexenta == uid:2147483649 wingroup:Network == gid:2147483650 wingroup:Guests@BUILTIN == gid:2147483653 usid:S-1-5-21-2348984198-2993376343-2627791717-2001 == unixuser:agc gsid:S-1-5-21-2348984198-2993376343-2627791717-2147483658 == unixgroup:staff wingroup:Authenticated Users == gid:2147483651 usid:S-1-5-21-2348984198-2993376343-2627791717-1000 == unixuser:root gsid:S-1-5-21-2348984198-2993376343-2627791717-2147483651 == unixgroup:sys gsid:S-1-5-21-2348984198-2993376343-2627791717-2147483648 == unixgroup:root
So first i don't see all my users, and second i don't know what group is gsid:S-1-5-21-2348984198-2993376343-2627791717-2147483648 for example.
Do you know if a plugin exists or if it's just a ban configuration of my cifs server? I use a server 2008r2 for my DC and a nexentastor 3.1.2.
P.S i know i can make the mapping manually but he will just too much time. Thanks
Replies
RE: CIFS SHARE windows 2008 r2 - Added by Linda Kateley about 1 year ago
I asked one of our idmap experts and his reply was
Manage acls from windows security tab. No need to add acls from zfs.
RE: CIFS SHARE windows 2008 r2 - Added by Anthony Glidic about 1 year ago
Ok, it's a little bit disapointing. I mean in that case why not just make an iscsi target to a windows server and make a dfs on the windows server?
Have you an idea if you will improve this part on the next release of nexenta?
thanks by advance
RE: CIFS SHARE windows 2008 r2 - Added by Jeff Gibson about 1 year ago
I think Linda was saying to manage the permissions from the windows server (or any other windows machine) initially.
RE: CIFS SHARE windows 2008 r2 - Added by Anthony Glidic about 1 year ago
Yeah i can understand that but i mean if i have to manage the quota from the nexenta box and the permissions from the windows server.
It's most simple to just make a scsi target to a windows server ,make a DFS and manage everything directly in the windows server.
That's why i ask if they manage to improve the integration between the cifs server (propably samba) and active directory for managing all things from the nexenta box
RE: CIFS SHARE windows 2008 r2 - Added by David Bond about 1 year ago
Why do you need to know the SID? you can just use username@domain, you could anyway in opensolaris / solaris using CIFS (its not SAMBA). I haven used CIFS with nexentastor.
In opensolaris /solaris (express) there were 2 versions of chmod and ls, probably removed the old one now, the one for the new ACLs (for CIFS) was in /usr/bin/chmod You would do something like the following:
/usr/bin/chmod -R A=everyone@:rwxpdDaARWcCos:fileinherit/dirinherit:allow /storage/ or chmod -R A=user:username@domain:rwxpdDaARWcCos:fileinherit/dirinherit:allow /storage/
Thats from what I remember anyway, its been a while since i have used it with AD (was testing a few years back with it).
For more info in mappings which probably will be usable with nexentastor look at: http://docs.oracle.com/cd/E19082-01/820-2429/820-2429.pdf
Also isnt the idmap dump only for users that have connected via CIFS share which are then assigned an ephemeral id for legacy permissions?
RE: CIFS SHARE windows 2008 r2 - Added by David Bond about 1 year ago
that command line should be
/usr/bin/chmod -R A=everyone@:rwxpdDaARWcCos:file_inherit/dir_inherit:allow /storage/
hope it shows it correctly now :)