[cifs-discuss] CIFS/idmap Implementation Questions
HUGE | Rob Terhaar
rterhaar at hugeinc.com
Tue May 20 10:01:58 PDT 2008
On 5/20/08 12:45 PM, "Nicolas Williams" <Nicolas.Williams at sun.com> wrote:
>> Not extremely intuitive for the uninitiated, but i was able to figure it out:
>> idmap add winuser:'*@example.com' unixuser:'*'
>> idmap add wingroup:'*@example.com' unixgroup:'*'
>
> Hmmm, perhaps we need more meat in the manpage? Or a more helpful usage
> message?
>
I referenced this document when planning the cifs/AD integration:
http://docs.sun.com/app/docs/doc/820-2429/configuredirbasedmapping?a=view
It would be helpful to have a notice about how the idmap command actually
impacts UIDs/GIDs for cifs. I assumed that the svccfg setprop example in
this document maps the uid/gid attribute to the necessary ldap resource.
Again, this may be obvious to the seasoned solaris admin, but I had no idea
about the relationship :)
>>> Once that's done, and if one uses ZFS and SMB/NFSv4, why should one care
>>> if a given UID or GID is ephemeral or not? (I know there are reasons,
>>> but I'd like to hear yours.)
>>
>> We run 50% os x, %50 winxp desktops- and 90% linux servers. Our AD is
>> only for DNS/DHCP/Authentication. We need to keep UID/GID uniform
>> across the environment so that we can keep security under control
>> useing any combination of protocols: NFSv3/SCP/SMB.
>
> SMB doesn't require that we have uniform non-ephemeral UIDs/GIDs.
>
> NFSv4 doesn't either.
>
> NFSv3 requires that on the wire. SCP and some other transfer
> programs/archive formats do too.
Ok, I'm glad that I'm on the right track with keeping UID/GIDs uniform.
Thank you very much for your advice!
More information about the cifs-discuss
mailing list