On 1/17/11 6:32 AM, Florian Manschwetus wrote:
Am 03.12.2010 10:42, schrieb Alan Wright:
On 12/3/10 1:05 AM, Florian Manschwetus wrote:
Is it possible to have a local User that is allowed to login via CIFS
when using the solaris cifs-server joined to a 2008 AD?
Yes. Local users are always
On 01/13/11 08:43 AM, Florian Manschwetus wrote:
I have read in your documents that idmu is now supported by
(open?)solaris/ solaris 11? (since which build?), so could you give me
details on howto configure this, especially to have the users available
for logon via ssh and such?
It looks like
On 01/11/11 10:31 AM, keegam wrote:
Do you remember what you did to resolve it? I am still having this issue.
It would probably be a CR filed under idmap but I don't recall
a specific fix. It may have been resolved as a consequence of
something else.
Also, here is the version of solaris i'm
On 01/ 7/11 12:58 PM, keegam wrote:
Currently we have a sun server with a zfs pool, and our windows team manages
permissions and access to said pool via cifs.
Recently, and for an unknown reason, idmap is failing. No one has logged in to the
solaris server since well before the problems
On 12/22/10 12:00 AM, Veit Rüd wrote:
Hello,
I searched the archives and the web, but didn't find any hint ...
We are in the process of migrating our windows fileserver to cifs (open
solaris SunOS 5.11 snv_130), but every now and then one of our test
users can' t login to the AD domain
You are connected as an authenticated user called owner.
The smbuid is runtime assigned. If you see it in subsequent
script output, it confirms that the exchange is based on
this authenticated session.
Alan
On 12/15/10 3:04 AM, Brett wrote:
ok so first to establish if the user is owner or
On 12/15/10 02:43 PM, Brett wrote:
ok so i :-
solarishost# chown -R owner /incoming
solarishost# chmod -R 700 /incoming
Using 7 will not grant all permissions on ZFS. The owner does
get some privileges but if the intent is to grant all permissions
to the owner:
/bin/chmod -R
Add a line of the following form to /etc/syslog.conf and
restart syslog to enable debug logging.
*.debug /var/adm/messages
svcadm restart svc:/system/system-log:default
You can also use dtrace. The cifs.d script might be a
good place to start, which should be available
On 12/7/10 5:30 PM, Harry Putnam wrote:
Alan Wrightalan.wri...@oracle.com
writes:
[...]
It seems way over complicated for a home lan user. And I suppose that
isn't where it is targetted either.
Have you tried using something based on the example on that page:
idmap add
On 12/7/10 5:49 PM, Harry Putnam wrote:
The man pages on my system are completely useless and seem to have
lots of unusual characters from non-english language or something in
lots of key places rendering them unusable... at least for me.
Are you using the man command to look at the man pages
This is 6564083:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6564083
You may find that enabling CATIA support helps in some cases,
otherwise you may need to rename the files. The CATIA character
mapping table is shown in 6582159. You can enable CATIA character
translation by
.
Please help me out to get the latest release.
Your options are 134 or Oracle Solaris 11 Express.
Alan
-Original Message-
From: Alan Wright [mailto:alan.wri...@oracle.com]
Sent: Monday, November 29, 2010 2:17 PM
To: Chidambaram Muthu
Cc: cifs-discuss@opensolaris.org
Subject: Re: [cifs
On 12/3/10 1:05 AM, Florian Manschwetus wrote:
Is it possible to have a local User that is allowed to login via CIFS
when using the solaris cifs-server joined to a 2008 AD?
Yes. Local users are always supported.
It doesn't matter whether the system is a domain member
or in a workgroup.
Alan
On 12/2/10 9:17 AM, Gordon Ross wrote:
Hi everyone,
I'd like to try out the (relatively new) ZFS quota support, as
presented via the SMB server.
I set some ZFS quotas on a share (i.e. zfs set userqu...@test=1m
dataset...) but the quotas tab never shows up in Windows when I
right click on a file
I don't want to make a specific statement regarding corruption
but I can explain how nbmand works and let you decide on what
to do.
The locking facility exists centrally within the OS and all
access (local, NFS or SMB) always goes through it regardless
of whether it is on or off. The only
On 12/2/10 3:24 PM, Harry Putnam wrote:
In opensolaris we used to be able to disable the root role in
/etc/user_attr and then be able to login to root or ssh to root with
appropriate /etc/ssh/sshd_config.
That seems to cause unexpected problems in openindiana.
Is there a proceedure for this
On 12/2/10 2:15 PM, Gordon Ross wrote:
It should be automatic. What ON build are you based on?
I'm on 147.
It looks like support for the Windows Quotas tab went into
snv_118 and the Windows remote management support went into
snv_137. No configuration is required - the tab should
just be
On 12/2/10 11:09 AM, Andreas wrote:
Again, accessing the shares within Windows 7 with user andreas
works like a charm. However, when trying to login with user
share Windows states: Access denied.
Is there an entry in /var/smb/smbpasswd for user share?
Does running 'passwd share' help?
If
On 11/27/10 5:11 PM, Andreas wrote:
Hi,
I am trying to access my opensolaris CIFS share from my windows
machine. I get the following error in /var/adm/messages:
sun smbsrv: [ID 138215 kern.notice] NOTICE: smbd[SUN\user]: share bad
path: /export/home/share
How was this path shared?
I set
In order to help, it would be useful to see the complete commands
being used and full details of your configuration. Abbreviations
such as zfs set sharesmb=name=... are not helpful in diagnosing
problems.
Perhaps start here:
http://blogs.sun.com/amw/entry/troubleshooting_and_diagnostics
If
This looks like a recent build. What Solaris software are you using?
Alan
On 11/17/10 05:46 PM, Thomas Goldthorpe wrote:
Amusing situation: 2008r2, lmauth == 2, (also patched so that 4 works).
Connection to any server succeeds, lookups work, etc then blammo,
it gets an ACCESS_DENIED and
This doesn't look like anything related to the CIFS Service.
The CIFS Service is essentially a conduit between the network
interface and the file system; it has no cognizance of data
rates. My suspicion would be a network problem and it would
probably be better to pursue that on
Try these URLs
Solaris CIFS Administration Guide
http://docs.sun.com/app/docs/doc/820-2429
Project documentation page
http://hub.opensolaris.org/bin/view/Project+cifs-server/docs
Some useful blogs:
http://blogs.sun.com/amw/
http://blogs.sun.com/afshinsa/
http://blogs.sun.com/marks/
On 10/ 4/10 07:38 PM, Greg Terkanian wrote:
I'm getting tired of responding to myself. Can anyone please assist me
with this issue? I'm delirious from spending so much time on this. It
looks like the kerberos part is passing and the sasl bind is succeeding.
I think my error is hidden
On 09/23/10 09:12 PM, Dan Anderson wrote:
Suggestion: I know Solaris CIFS is NOT responsible for this problem, but
in your documentation, please add a suggestion to check your firewall
settings. Usually you want HOME or WORK network settings, not INTERNET
or PUBLIC network (unless, of
Joeri Vanthienen wrote:
What is the best way to audit file deletion on a
cifs share? BSM auditing? Should I get the uid
of the user (client) that deletes the file ?
I'm not sure if anyone on the auditing team hangs out
here. It might be worth asking on audit-discuss.
Another question: Is
System error 53 has occurred - this typically indicates a network
configuration problem.
Are you sure your DNS configuration on both client and server
is correct?
Can you ping jefferson from your client and vice versa?
Try setting the LMCompatibilityLevel on your client to 2 and set
the same
On 09/17/10 12:41 AM, Geoff wrote:
Whoops, here's another file. I think I saved it right this time.
There are no errors and no permission problems in the network capture.
I suspect the 'operation not supported' problem may be something local
on your client.
Alan
System error 53 has occurred - this typically indicates a network
configuration problem.
Are you sure your DNS configuration on both client and server
is correct?
Can you ping jefferson from your client and vice versa?
Try setting the LMCompatibilityLevel on your client to 2 and set
the same
On 09/16/10 08:48 AM, Peter Taps wrote:
As you know, when we set a zfs property, it overrides the previous
value. Let's say, I do the following:
# zfs sharesmb=on mypool/cifs1
# zfs sharesmb=name=cifs1 mypool/cifs1
This seems to work. Does it mean that sharesmb=name=cifs1
automatically
Hi Alan. I've attached a .cvs file exported from wireshark.
It was captured as Picard attempted to move a single .flac file.
Thanks but I need the binary (cap/pcap) version of the data.
Alan
___
cifs-discuss mailing list
On 09/14/10 11:22 AM, Peter Taps wrote:
Folks,
When a mount a Windows share within OpenSolaris, only root account is able to
access it. I would appreciate it if someone can tell me what I am doing wrong.
Here is what I did:
$ su
# mkdir /GeneralShare
# chmod 777 /GeneralShare
Don't use
Florian Manschwetus wrote:
Does ABE also work for shares?, read as is there a way to have the user
see only those shares listed, he could access?
Not at this time. ABE is a per share property that is applied
when the user connects to the share. At this point, the user
has already had the
Florian Manschwetus wrote:
Could some one explain me in detail the differences between manual, auto
and vdo. And what is best set for Offline Folders.
Those are all Microsoft definitions. There's some information
on my blog:
http://blogs.sun.com/amw/entry/client_side_caching_for_offline
For
That's good news on the permissions front.
For the move operation, a network capture might help identify
what's going wrong.
Does Musicbrainz Picard exhibit the same problem if you run
it on a Windows client?
Alan
Original Message
Subject: Re: [cifs-discuss] Prevent write
Geoff wrote:
I've noticed that my access to the share from Ubuntu is spotty
to say the least
Error: DBus error org.freedesktop.DBus.Error.NoReply: ...
I'm not sure if this is a problem with the server or my client.
Accessing the share from Windows clients is much more reliable.
I
Also: Chapter 8 Using ACLs to Protect ZFS Files
http://docs.sun.com/app/docs/doc/819-5461/ftyxi?a=view
Jordan Brown wrote:
[ Jumping in so we can maybe get in another exchange over the weekend ]
Geoff wrote:
I can't seem to dig up any info on chmod A do you have any resources
on this?
See
If the account with which you are logged into your client
is valid on the server (or domain) your connection will be
based on that account rather than guest. Windows clients
always send your desktop login credentials unless you tell
the client to map the share as a different user, and guest
The SMB service fully supports trusts in snv_134 but due to
an idmap limitation only two-way trusts will work on that build.
You would need snv_142 to use a one-way trust, which I suspect
is what you are describing below.
Alan
Original Message
Subject: [cifs-discuss] Are
This looks familiar and that listener issue should be resolved
by 6962953, which was pushed to snv_148.
The logs below are ripple effects from the original problem.
Do you have any core files from the original problem?
Alan
Original Message
Subject: [cifs-discuss] snv_145 smb
Peter Taps wrote:
Folks,
sharesmb property can be used for three different purposes:
# zfs sharesmb=on mypool/cifs1 - Just share
# zfs sharesmb=name=cifs1 mypool/cifs1 - Set a friendly alias
# zfs sharesmb=abe=true mypool/cifs1 - Turn abe on
The problem is, there
Can you provide before and after examples for a home directory.
Specifically, 'ls -lVd homedir' when things are working and also
when it is not working (before you reapply ACL).
Thanks,
Alan
ACL On 08/12/10 03:10 AM, MichaelHoy wrote:
I have an OpenSolaris server (snv_134) offering network
What OS version are you running? If you are running snv_134,
it should be okay to use owner@, which would make this appear as:
drwx--+ 64 root root 131 Aug 12 14:52 /pstaff/home/inmh3
owner@:rwxpdDaARWcCos:fd-:allow
Erkan Zeki wrote:
My issue is that I can not move or delete any files or
folders (Win7 explorer crashes and restarts)
This is may be
http://defect.opensolaris.org/bz/show_bug.cgi?id=15485
That's been resolved for Nevada but, if you don't build
OpenSolaris yourself, the workaround is to ensure
That depends on how datasets or directories were shared:
- libshare will provide information regardless of how datasets
or directories were shared.
- libzfs will only tell you if something was shared using zfs sharesmb
Alan
On 08/ 3/10 09:21 PM, Peter Taps wrote:
Folks,
In my application, I
On 08/ 2/10 11:21 AM, R. Nippes wrote:
I'm still looking for an answer to this problem.
Also with snv_134 it's the problem.
smbd[458]: [ID 413393 daemon.error] dyndns: failed to get domai
Depending on the mode of your smb/server, this message is
due to /etc/resolv.conf (perhaps a missing
ABE does not affect access control; it is just a filter
on what's returned in directory listings.
There are some links from here that might help:
http://blogs.sun.com/amw/entry/access_based_enumeration
Alan
On 08/ 2/10 01:39 PM, Peter Taps wrote:
Folks,
As can be seen here, abe is off on
The setting is persistent.
Alan
On 08/ 2/10 01:42 PM, Peter Taps wrote:
Folks,
I am pretty sure I had set ABE to true on one of my shares. The box was
rebooted this morning. Now, ABE setting is shown as false on the share. Are
these settings not persistent or is it just my mistake?
Thank
/etc/sfw/smb.conf is used by samba. It's not relevant for the
native smb/server service.
If you share a dataset using sharesmb=on, the share name is derived
from the path. The derived share name for /rpool/homes/oslo would
be rpool_homes_oslo.
If you use sharesmb=name=homes, the share name is
There are a couple of things to look into:
Only member of Power Users or Administrators on the local system
can add shares. If you are connecting as the domain administrator,
try adding that account to the local administrators group (see
smbadm).
The path (http://keeganm.com/tmp/3.JPG) must be
A lot of changes were made between snv_111 and snv_134: that
spread represents an elapsed year of development.
'net view' on Windows should list share names, not paths.
Perhaps your Mac is using data from showmount rather than the
Server Service.
What do you see if you use a Windows client
A single system can only join one AD domain but you can share
file systems to specific domains via trust relationships and
ACLs. If you base the ACLs on domain groups, this should be
really straightforward.
Alan
Original Message
Subject: [cifs-discuss] Possible to join
This may be due to your Windows client, which restricts
you to a single user for all shares mapped from a server.
If that's the case, you could add a second NIC or second IP
address on the server. Then map one share via each IP address.
Windows will treat each IP address as a different server.
Don't use 777. Both Windows and ZFS are ACL based and using 777
only sets the rwx bits, which is not the same as FullControl.
Use:
chmod A=everyone@:full_set:fd:allow path
Where path is the file/directory/path you want to modify.
Note:
The OpenSolaris team opted to make the gnu
The '' isn't a problem: it's an SMB wildcard (equivalent to '*').
Looking at the mixed and upper case names being used by MATLAB,
I suspect this is probably:
6939430 queryfileinfo should only use vnodetopath for directory nodes
If that's the case, the problem is actually due to negative
Enable guest access, create a local user account called SYSTEM on
your 7110 or...
Dependent on what purpose those SYSTEM owned processes serve, you
may be able to change them on Windows to run under a domain
account, in which case you don't need to do anything on the 7110.
This is a common
zfs is only ever visible at the root of a dataset.
We can't reproduce the nested directory Previous Versions problem.
Can you provide a network capture (wireshark) for the nested
directory scenario?
If you provide a capture, please also include the smbautohome file,
'ls -lVd' output of the
On 06/16/10 01:26 AM, Florian Manschwetus wrote:
Am 16.06.2010 10:04, schrieb Alan Wright:
Florian Manschwetus wrote:
Am 11.06.2010 16:49, schrieb MichaelHoy:
We have a zpool with a volume and in that volume we have a number of
directories which are dynamically shared via smbautohome.
e.g
I don't think this has been discussed before.
Can you provide a network capture (wireshark) for this scenario?
Alan
On 06/11/10 02:48 AM, Daniel Uvehag wrote:
Hi
Forgive me if this has already been asked, but I've been searching for some
time now without any success.
I've setup an
Initial tests would seem to indicate that Previous Versions
is working on smbautohome shares.
Alan
On 06/11/10 07:49 AM, MichaelHoy wrote:
We have a zpool with a volume and in that volume we have a number of
directories which are dynamically shared via smbautohome.
e.g. zpool pstuds, volume a
On 05/11/10 08:34 AM, sundeep dhall wrote:
All,
Intent is to demonstrate OpenSolaris2009.06 authentication with AD on
Win2008r2 and UID, GID access based on user creation in AD
For use with Windows, it would be better to upgrade to something
more recent than OpenSolaris 2009.06. The SMB
We've done a lot of work in this area in recent builds.
I think there were 6 or 7 CRs in total but some important
ones to look for are:
6899409 Preserve owner@/group@ across SMB
PSARC 2009/683 Reserved uid/gid for distinguishing unmappable
users/groups in NFSv4 ACLs
6261858 ls(1) -l,
Is this a curiosity question or are you trying to implement
support for Previous Versions?
Have you looked at the spec and/or what Windows clients do
when you view Previous Versions?
Alan
On 05/ 4/10 06:02 AM, Edward Ned Harvey wrote:
This may be a simple question, or it may be hugely
This morning this server has become completely unresponsive to
anything other than pings – no ssh or console access.
This doesn't seem like anything that would be related to smbd.
I’ve needed to switch off the server to get it back.
That's unfortunate. Are there any core files in /, /root
On 04/13/10 06:39 AM, charles wrote:
Is there SMB2 or 2.1 on the horizon as this is meant to be much better than SMB?
It only has 19 commands rather than over 100 in SMB
Yes, it is on the horizon.
Better is a relative thing. Unless you are encountering a limit
or experiencing a problem
Rob Logan wrote:
a quick bug search didn't find anything I'll file a bug if
no one sees it as a dup.
I've never seen this before. Do you have the coredump?
Alan
debugging crash dump vmcore.0 (64-bit) from backup
operating system: 5.11 snv_131 (i86pc)
soren wrote:
This weekend after upgrading to snv_131 I tried to add
a third user the same way I added the previous ones.
Please describe the steps that you took.
Is this an AD domain user or a local user on the
OpenSolaris system?
Also, please run cifs-gendiag, which is available for
soren wrote:
soren wrote:
This weekend after upgrading to snv_131 I tried to add
a third user the same way I added the previous ones.
Please describe the steps that you took.
I added this user with the same 'useradd' command that I've added other users:
pfexec useradd -m -d
soren wrote:
Aha! In answering your followup questions I've stumbled onto a solution to my
problem. The bug in question was actually this one:
6832178: /etc/passwd and /var/smb/smbpasswd can get out of sync
Some time ago I'd added Amy's account, then I deleted and re-added it. OpenSolaris did
2009.6 was DOA for SMB/CIFS. I'd recommend upgrading
to the latest development release:
http://pkg.opensolaris.org/dev/en/index.shtml
Alan
___
cifs-discuss mailing list
cifs-discuss@opensolaris.org
What is command line that you entered?
Alan
Thomas Burgess wrote:
I'm going nutsi know this worked before
i'm trying to change the name of a CIFS share
when i try i get this error:
cannot set property for 'tank/nas/Wonslung':'sharesmb' cannot be set to invalid
options
I've tried to
Chris Gerhard wrote:
Alan Wright wrote:
If the engine has been restarted, the socket should get closed
or return an error on the read. A zero length read isn't
necessarily a problem, and the vscan code is retrying the read
because it is expecting more data.
While vscand is expecting more
Peter Lutong wrote:
Just a suggestion since the next stable release is now February,
so users won't get stung by this CIFS problem in 2009.06 like I
did - can you put a note about this issue on the Download page
(http://hub.opensolaris.org/bin/view/Main/downloads) so Solaris
newbies like me
Peter Lutong wrote:
Just a suggestion since the next stable release is now February,
so users won't get stung by this CIFS problem in 2009.06 like I
did - can you put a note about this issue on the Download page
(http://hub.opensolaris.org/bin/view/Main/downloads) so Solaris
newbies like me
Possibly because her UNIX\USER name or password is different from
her WINDOMAIN\USER name and password.
Try explicitly mapping a share as UNIX\USER and tell the client to
remember the mapping or reconnect automatically.
Please note that we advise against using build snv_111b for SMB/CIFS
Thanassis Tsiodras wrote:
Perfect, thanks - that puts my mind at ease :-)
A relevant question, for backups of the file server:
Besides zfs send | ssh ... , are there any other backup mechanisms
that store these special smb-generated ACLs?
There are no special smb-generated ACLs. ZFS has
Chris Gerhard wrote:
How can I map what appears to be the default the SYSTEM group on
windows XP to a group on Solaris? I always end up with an ephemeral
group for that?
I've mapped my user cjg - cg13442 and put it in the default group
smbstaff which I have also mapped. However every object
The Solaris CIFS Service is not restricted by MAX_NGROUPS.
We have successfully authenticated AD user accounts that are
members of more than 1000 AD groups.
LDAP is not affected by group membership but note that users
are not authenticated by LDAP when using SMB/CIFS.
Alan
David Bond wrote:
Garen wrote:
I used domainjoin-cli from Likewise to join the domain previously, not smbadm
as I'm trying to use now.
I'm joining as a regular domain user.
If the computer trust account has been pre-created on
the DC, this will probably be okay. Otherwise, you need
to have enough rights to
Miles Benson wrote:
Hi,
Did this fix your problem? I'm experiencing a rocky cifs server too and this
thread is the closest I can find.
Can you give me a pointer to how you upgraded to 118? (Please?). This is not
an aspect of opensolaris I'm familiar with.
Thanks
Miles
See the pfexec
80 matches
Mail list logo