Discussion:
Solaris 11 and Samba and change ACL do not work
Andrew Watkins
2011-12-09 16:05:10 UTC
Permalink
Hi,

I will try here as my first port of call.

I am using Samba to server files to our Windows users and I want them to
change permissions of files so they can give access to other users.

Before any says anything I am doing this in a ZONE so CIFS server is not
available in Solaris zones.

Well, it does not seem to work and I have followed a few blog entries
but they all give the same result:

- Edit file properties
- Add user to Windows Security Tab and select Apply:
"Unable to save permission changes on MyFile.txt"
"Access is denied"

Should this be a problem?

The blog entries I have followed (why are they never 100% complete!)

http://blog.mc-thias.org/?title=registering-a-samba-solaris-10-server-as-a-ms-ad-member&more=1&c=1&tb=1&pb=1

http://blog.allanglesit.com/2011/03/solaris-11-join-ad-domain-for-samba/

Any pointers?

Cheers,
--
Andrew Watkins * Birkbeck College
http://notallmicrosoft.blogspot.com/
Chris Ridd
2011-12-10 17:05:41 UTC
Permalink
Post by Andrew Watkins
Hi,
I will try here as my first port of call.
I am using Samba to server files to our Windows users and I want them to change permissions of files so they can give access to other users.
Before any says anything I am doing this in a ZONE so CIFS server is not available in Solaris zones.
- Edit file properties
"Unable to save permission changes on MyFile.txt"
"Access is denied"
Should this be a problem?
The blog entries I have followed (why are they never 100% complete!)
http://blog.mc-thias.org/?title=registering-a-samba-solaris-10-server-as-a-ms-ad-member&more=1&c=1&tb=1&pb=1
http://blog.allanglesit.com/2011/03/solaris-11-join-ad-domain-for-samba/
Any pointers?
Are you using "vfs objects = zfsacl" ?

This <http://nineproductions.com/technology/14-sun-solaris/65-solaris-11-samba-zfs-configuration.html> looks useful...

Chris
Andrew Watkins
2011-12-13 11:54:06 UTC
Permalink
Thanks Chris that solved it.

I had followed that before but I missed the "vfs objects = zfsacl" part.
Teach me to skip information.

I also used the "idmap config" whiched help with my mapping of AD and
LDAP. ref:
http://blogs.oracle.com/jurasek/entry/even_more_simple_configuration

Cheers,

Andrew
Post by Chris Ridd
Post by Andrew Watkins
Hi,
I will try here as my first port of call.
I am using Samba to server files to our Windows users and I want them to change permissions of files so they can give access to other users.
Before any says anything I am doing this in a ZONE so CIFS server is not available in Solaris zones.
- Edit file properties
"Unable to save permission changes on MyFile.txt"
"Access is denied"
Should this be a problem?
The blog entries I have followed (why are they never 100% complete!)
http://blog.mc-thias.org/?title=registering-a-samba-solaris-10-server-as-a-ms-ad-member&more=1&c=1&tb=1&pb=1
http://blog.allanglesit.com/2011/03/solaris-11-join-ad-domain-for-samba/
Any pointers?
Are you using "vfs objects = zfsacl" ?
This<http://nineproductions.com/technology/14-sun-solaris/65-solaris-11-samba-zfs-configuration.html> looks useful...
Chris
--
Andrew Watkins * Birkbeck College
http://notallmicrosoft.blogspot.com/
Chris Ridd
2011-12-13 14:36:13 UTC
Permalink
Post by Andrew Watkins
Thanks Chris that solved it.
I had followed that before but I missed the "vfs objects = zfsacl" part. Teach me to skip information.
Cool. Have you managed to make your ZFS time-slider snapshots visible using the vfs shadow_copy2 (?) facility?
Post by Andrew Watkins
I also used the "idmap config" whiched help with my mapping of AD and LDAP. ref: http://blogs.oracle.com/jurasek/entry/even_more_simple_configuration
Chris

Loading...