On 01/08/10 19:33, Frank Cusack wrote:
When using zfs/cifs, and the solaris cifs server is a domain member, can windows groups be used directly or do they have to be mediated by mapping to unix groups?
When setting the file owner or group, managing ACLs or creating idmap rules, you can use Windows domain groups directly. If that's not what you are asking, can you expand on what you mean and provide examples of what you'd like to achieve. The only time you need to a local UNIX group is when you want to create a local SMB group on the OpenSolaris box. smbadm will not let you create the SMB group unless a UNIX group already exists by the same name.
For idmap, why isn't simply using rfc2307 a strategy? Adding some wonky attribute such as unixUserName just doesn't make sense to me. My windows users already possess a complete rfc2307 attribute set and use that to get unix rights when logging in.
That sounds like you are referring to idmap directory based mapping, which is provided to allow you to define some schema extensions. What version of Windows AD are you using? If you are using IDMU on your Windows domain, you can tell idmap to use it. If you are using rfc2307 on your Windows domain you may be able to have idmap use it by telling it the rfc2307 names - I haven't tried this.
I understand the need to support additional and more arbitrary mappings but the standard one should be supported as well! Now I have to add (and maintain) more attributes to my user entries?
Have you tried using the rfc2307 names as the idmap directory mapping names? Alan _______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
