Help w/ ACL editing on Windows

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

altano

Active Member
Sep 3, 2011
280
159
43
Los Angeles, CA
I setup a OmniOS/napp-it VM (using the napp-in-one ESXi image) and I'm trying to wrap my head around ACLs but I am experiencing what I *think* is a bug.

When I try to edit the ACLs from a Windows machine the Windows Object Picker dialog will NOT let me type a user's name in. I tried 'name', 'hostname\name', and 'HOSTNAME\name' but none of those work.





If I instead click "Advanced" and "Find now" I can enumerate all the users and select the user from the list. This adds that user to the Object Picker dialog as 'HOSTNAME\name' and I can then edit ACLs for that user.



What am I doing wrong here? :( This must be something specific to OmniOS that I am not typing correctly as this is how Windows permissions usually work: you can either type 'name' with the location set to the domain or you can type DOMAIN\name manually.
 

gea

Well-Known Member
Dec 31, 2010
3,141
1,184
113
DE
Can you please add your Windows and OmniOS release and if you are in AD or workgroup mode

What I have seen with Windows 10 Pro 1709 german and OmniOS 151024r in workgroup mode
when I connect a SMB share via \\ip as user root and want then add permissions to a file via

properties > security > edit > add then
advanced > search now I got a list of all users and groups

When I select a user ex paul on 192.168.1.2 and confirm I get a
Windows security prompt: Error on searching for usernames to display

upload_2018-3-16_10-35-32.png


SMB Settings
netbios_enable=true

User guest created and activated
User root with SMB password


When I do the same with a hostname ex \\nas01 instead of \\ip it works
(required a manual dns entry in my case)

In AD domain mode it works with the ip

I am not sure if this a bug, as intended or a Windows problem?
(and I have only not seen yet as I use AD). I have placed a question at the Illumos list and hope for an answer

If it does not work with your Windows (Home has problems and I have heard of enterprise with problems) you can try my acl extension to set permissions via napp-it
 

altano

Active Member
Sep 3, 2011
280
159
43
Los Angeles, CA
> Can you please add your Windows and OmniOS release and if you are in AD or workgroup mode

Info:
* Windows = Windows 10 Pro Version 1709
* OmniOS = v11 r151024j
* netbios_enable=true
* I'm in workgroup mode

> When I do the same with a hostname ex \\nas01 instead of \\ip it works
Darn, I'm already doing it by hostname =\

I also tried doing it as both root and as my user (connecting manually via `net use`) and I tried it via the normal Explorer security dialog AND via the Network Shares admin snap-in.

> I am not sure if this a bug, as intended or a Windows problem?
*shrug*. I've never seen this behavior before but who knows!

> (and I have only not seen yet as I use AD).
I've been procrastinating setting up a domain controller for my house. My main gripe is that you have to use the domain controller for DNS on all your machines and I don't have anything in the house that has good enough uptime for that. *shrug*

Can I by any chance use Azure Active Directory and have napp-it just use Active Directory for the usernames/passwords and NOT anything else (such as DNS)?

> I have placed a question at the Illumos list and hope for an answer
Thank you so much!