[cifs-discuss] OpenSolaris 2008.05 / using AD domain user to assign ACLS on ZFS/CIFS share
Afshin Salek
Afshin.Ardakani at Sun.COM
Fri May 16 09:41:27 PDT 2008
Identity mapping in Nevada/OpenSolaris is done by idmap service.
winbind is a Samba service, and yes you cannot run Samba and Solaris
CIFS server at the same time on the same machine because they're using
the same ports.
Look at idmap man pages and/or Identity Mapping chapter of Solairs
CIFS Administration Guide here:
http://opensolaris.org/os/project/cifs-server/docs/
Afshin
Dave Koelmeyer wrote:
> Hi All,
>
> Noddy question(s) here. I've successfully joined an OpenSolaris CIFS server to a Windows AD, and have a share available to all authenticated users with full control on created files/folders.
>
> Now I want to be able to play around with ACLs (to get used to doing this on the command line!), but want to be able to assign permissions to users as they exist in the domain I have joined to.
>
> I found the following Solaris 10-related howto, which looks really good:
>
> http://nineproductions.com/content/view/20/40/
>
> "Setup PAM and nsswitch
>
> Here we are going to enable the use of winbind through PAM. This will give us the capability of using active directory users and groups when assigning permissions on files and directories.......If everything worked you should see all of your local users and groups plus all the users and groups from Active Directory. Winbind downloads this list from active directory maintaining a local cache in tdb files on your system..."
>
> And there is also reference to editing smb.conf with reference to winbind, and what looks like mapping to UID/GIDs ("winbind separator = +, idmap uid = 11000-19000 idmap gid = 11000-19000" etc).
>
> Can any guru give me a pointer for how to do the equivalent on Opensolaris? I'm not sure how creating /etc/smb.conf interacts with the Solaris CIFS service (Samba/WINS and CIFS are mutually exclusive services, yes?), also I cannot find the pam.conf.winbind template referred to.
>
> Sorry for the questions, I'm a bit of a n00b at this. Any clues would be great!
> --
> This messages posted from opensolaris.org
> _______________________________________________
> cifs-discuss mailing list
> cifs-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
More information about the cifs-discuss
mailing list