Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-09 Thread Frank Lahm
2012/8/10 Gordon Ross : > On Tue, Aug 7, 2012 at 9:25 AM, James Relph wrote: >>> I've got a server hooked up to a 2003 AD and CIFS and netatalk are both >>> allowing AD users to login (netatalk 3 via PAM). One thing that's a bit >>> puzzling is that the afpd process correctly gets the correct u

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-09 Thread Frank Lahm
2012/8/10 Gordon Ross : > On Thu, Aug 9, 2012 at 11:56 PM, Frank Lahm wrote: >> 2012/8/10 Gordon Ross : > [...] >>> If you setup idmap to use IDMU, then you'll get the UID/GID values >>> provided by AD, which are presumably the same values your othe

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-12 Thread Frank Lahm
2012/8/11 Gea : > Frank Lahm gmail.com> writes: > >> >> 2012/8/10 Gordon Ross gmail.com>: >> > On Thu, Aug 9, 2012 at 11:56 PM, Frank Lahm gmail.com> >> > wrote: >> >> 2012/8/10 Gordon Ross gmail.com>: >> > [...] >

Re: [OpenIndiana-discuss] ActiveDirectory UID mapping (netatalk)

2012-08-13 Thread Frank Lahm
2012/8/13 Günther Alka : > with SAMBA and winbind you may loose: > > - snaps via Windows previous version > - Windows compatible ntfs4 ACL (only Posix ACL ?) > - SMB as a ZFS property > - interoperability with NFS4 > - movable pools that keep ACL intact > - performance, kernel based CIFS server is

Re: [OpenIndiana-discuss] Compile nss_ldap

2012-08-14 Thread Frank Lahm
2012/8/14 Ram Chander : > The Ldap server is hosted on linux and couldnt find any ldap client that is > compiled already for OI. Any other way to get client working is fine. Pls > advice. -f _

[OpenIndiana-discuss] Solaris privileges and seteuid()

2012-08-15 Thread Frank Lahm
Hi all, I'm having difficulties with Solaris privileges and seteuid(). I have a forking daemon process running as root. The process is afpd from the Netatalk (OS AFP fileserver). The main afpd process accepts network connections, authenticates users (through PAM) and, forks and runs seteuid(USER)

Re: [OpenIndiana-discuss] Solaris privileges and seteuid()

2012-08-16 Thread Frank Lahm
2012/8/16 Mohamed Khalfella : > First of all, I am not expert in Openindiana but if I were you I would try > using dtrace to show which function get called in response to fchown > syscall (I assume you are not running a highly loaded production system yet > so we can enable fbt safely) > > #!/u

Re: [OpenIndiana-discuss] Solaris privileges and seteuid()

2012-08-16 Thread Frank Lahm
Hi James, 2012/8/16 James Relph : >> ... >> To prevent aliasing problems, all file systems, archive and >> backup formats, and protocols must store SIDs or map all >> UIDs and GIDs in the 2^31 to 2^32 - 2 range to the nobody >> user and group. >> ... >> > > I guess my q

Re: [OpenIndiana-discuss] Solaris privileges and seteuid()

2012-08-17 Thread Frank Lahm
2012/8/17 James Relph : > Yes, ephemeral IDs are temporary representations of Security > Identifiers (SIDs). The idmapd(1m) daemon maintains these in a cache, > with time-to-live (TTL) based expiration. There's a library API for > turning an ephemeral ID back into a SID - see: idmap_get_sid

Re: [OpenIndiana-discuss] Solaris privileges and seteuid()

2012-08-21 Thread Frank Lahm
2012/8/21 Gordon Ross : > On Fri, Aug 17, 2012 at 5:44 AM, Frank Lahm wrote: >> 2012/8/17 James Relph : > [...] >>> >>> Thanks very much for that confirmation, really doesn't seem obvious in a >>> lot of the documentation! I don't have a system h

Re: [OpenIndiana-discuss] Illumos as a NAS

2012-09-05 Thread Frank Lahm
Hey James! 2012/9/4 James Relph : > >> AD issues are going to require someone tenacious, motivated, and a bit >> masochistic as it's historically been a bit of a moving target. > > AD seems reasonably stable these days, and in fact the current Illumos > strategy works 90% of the way, it's the idm

Re: [OpenIndiana-discuss] Illumos as a NAS

2012-09-05 Thread Frank Lahm
2012/9/5 James Relph : > >> what about using winbind? Works with Netatalk and I guess it will also >> work with Solaris CIFS. >> >> We haven't been able to get supplementary groups working, but I'm >> pretty sure that could be solved, possibly by installing an updated >> winbind from sources. > > W

Re: [OpenIndiana-discuss] Illumos as a NAS

2012-09-06 Thread Frank Lahm
2012/9/6 James Relph : >> You need to post and/or analyse the errorlog of the smb service. >> Assuming killed more cats than curiosity ;-) > > I know, but this had been a bit of a marathon getting to this point alone, > and all I needed at the time was AFP. I will have another look when I get >

Re: [OpenIndiana-discuss] Illumos as a NAS

2012-09-06 Thread Frank Lahm
2012/9/6 Frank Lahm : > 2012/9/6 James Relph : >>> You need to post and/or analyse the errorlog of the smb service. >>> Assuming killed more cats than curiosity ;-) >> >> I know, but this had been a bit of a marathon getting to this point alone, >> and al

Re: [OpenIndiana-discuss] Illumos as a NAS

2012-09-07 Thread Frank Lahm
2012/9/7 Gordon Ross : > I'd also be curious what are the exact circumstances where you saw > idmap change its mapping for some SID to a different ephemeral ID. > Note that TTL expiration does not cause a mapping to be destroyed. It > only causes it to be re-checked via name lookup rules, etc. Ja

Re: [OpenIndiana-discuss] Announcing mdbackup, perl scripts for zfs backup servers (was: Current ZFS Backup projects)

2012-09-13 Thread Frank Lahm
There's zrep for (remote) replication: -f 2012/9/13 Julius Roberts : > Hi all, I've created https://sourceforge.net/projects/mdbackup/, > please have a look if you're interested. I'm very keen on getting > feedback/suggestions/help so feel free to email me

Re: [OpenIndiana-discuss] HFS+ (Apple file system) read/write support on Illumos -- interest levels?

2012-09-15 Thread Frank Lahm
2012/9/15 Dave Pooser : > At $DAYJOB we have a need to get files from Mac-formatted (HFS+) volumes > from video record appliances onto ZFS-based storage towers (because when > you're talking about the only video recordings of a major corporate > meeting, "probably OK" filesystems aren't enough). Ri

Re: [OpenIndiana-discuss] OpenIndiana roadmap

2013-01-28 Thread Frank Lahm
2013/1/29 Martin Bochnig : > PayPal-Guthaben: -$378,99 USD Took care of $78,99 USD. Hth! --f ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss

Re: [OpenIndiana-discuss] Funding Martin, was Re: OpenIndiana roadmap

2013-01-29 Thread Frank Lahm
2013/1/29 Dave McGuire : > On 01/28/2013 08:18 PM, Reginald Beardsley wrote: >> I'd like to suggest funding Martin. He's committed and needs the >> money. Even as little as $50US per site would certainly help him a >> lot. I'd be happy to pay $100US/year to have him work on OI in a >> stable livi

Re: [OpenIndiana-discuss] Odd Samba/winbind issue

2013-06-22 Thread Frank Lahm
Hey James, Am 23.06.2013 um 02:10 schrieb James Relph : > Just been looking into this a bit and I wondered if the was any chance that > this group issue could be causing problems (users are in a lot of groups): > > https://bugzilla.samba.org/process_bug.cgi guess you're referring to

Re: [OpenIndiana-discuss] Problems with dbus / Orbit

2013-07-07 Thread Frank Lahm
Hi Am 07.07.2013 um 12:37 schrieb Udo Grabowski (IMK) : > Openindiana 157a8 hipster, fresh update from a7: > > I'm totally lost, after a premature Ctrl-C on a pfexec packagemanager, > I cannot start it anymore in pfexec mode (local machine, no NFS): > > ~: pfexec packagemanager > GConf Error:

Re: [OpenIndiana-discuss] [zfs-discuss] aclmode -> no zfs in heterogeneous networks anymore?

2011-04-26 Thread Frank Lahm
2011/4/26 Nikola M. : > I am forwarding this to openindiana-discuss@openindiana.org list, > with hope of wider audience  regarding question. > > Original Message > Message-ID:     <4db68e08.9040...@googlemail.com> > Date:     Tue, 26 Apr 2011 11:19:04 +0200 > From:     achim...@go

[OpenIndiana-discuss] realpath(3C)

2011-06-25 Thread Frank Lahm
Hi, on latest Opensolaris snv134b realpath doesn't take NULL as second arg. On Solaris 11 Express it does, giving the semantics described in `man realpath`: ... DESCRIPTION The realpath() function derives, from the pathname pointed to by file_name, an absolute pathname that resolves

Re: [OpenIndiana-discuss] realpath(3C)

2011-06-26 Thread Frank Lahm
2011/6/25 Alan Coopersmith : > On 06/25/11 04:33 AM, Frank Lahm wrote: >> Hi, >> >> on latest Opensolaris snv134b realpath doesn't take NULL as second >> arg. On Solaris 11 Express it does, giving the semantics described in >> `man realpath`: >>

Re: [OpenIndiana-discuss] AD Authentication and Samba 4 Active Directory

2014-09-17 Thread Frank Lahm
On 17 Sep 2014, at 16:37, Andrew Martin wrote: > - Original Message - >> From: "Marc Jakob" >> To: "Discussion list for OpenIndiana" >> Sent: Wednesday, September 17, 2014 6:10:01 AM >> Subject: Re: [OpenIndiana-discuss] AD Authentication and Samba 4 Active >> Directory >> >> Hi