Change User Permissions from windows to a shared folder by OpenIndiana

[luisascoobydoo]

Hello There

I have my napp-it installed and running but, when I go to my Windows Sever, I connect the shared folder like a disk, and I try to change the user permissions, but instead of see the 2 users like in my OI old version with Napp-it (Root and mxcam) I see (Current Owner and everyone). Or, I see numbers like
(S-1-5-21-285024196-2039105400-3618605989-1101)


In both cases when I try to change the permissions the Explorer.exe close automatically

Thank you for any help

 

[gea]

The numbers are Windows SID numbers.
You see them when you delete the user or group that was associated to that number.
In this case, delete the ACL with the number.

 

[luisascoobydoo]

Hello Gea

I got a match like you said with the user mxcam, I have this on my OI:

root@openindiana:~# idmap list
add -d "wingroupower Users@BUILTIN" unixgroup:staff
add winuser:Administrator@openindiana unixuser:root
add wingroup:Administrators@BUILTIN unixgroup:root
root@openindiana:~# smbadm show
administrators (Members can fully administer the computer/domain)
SID: S-1-5-32-544
backup operators (Members can bypass file security to back up files)
SID: S-1-5-32-551
power users (Members can share directories)
SID: S-1-5-32-547
root@openindiana:~# smbadm list
[*] [WORKGROUP]
root@openindiana:~# idmap dump -n
winuser:Guest@openindiana == uid:2147483649
winuser:Administrator@openindiana == unixuser:root
wingroup:Administrators@BUILTIN == unixgroup:root
wingroup:Network == gid:2147483650
wingroup:Authenticated Users == gid:2147483651
gsid:S-1-5-21-3756660059-3189793318-3713724854-2147483651 == unixgroup:sys
usid:S-1-5-21-3756660059-3189793318-3713724854-1101 == unixuser:mxcam
root@openindiana:~#

 

[gea]

Idmapping is a mechanism to map Non-Unix user and group accounts
to Unix user and groups. This is the case it your Solarish box is a member
of a Windows Active Directory.

In Workgroup mode you can map local Solarish SMB groups to local Unix groups
as Solarish has an additional Windows compatible SMB group management.
This is unique on Unix. Samba, another SMB server for example can use Unix groups only.

But it is complete useless to map a local user to a local user as a Unix user is also
used as a Windows user (the user has a uid and a Windows SID)

So remove settings in a workgroup like
add winuser:Administrator@openindiana unixuser:root

If you have then Windows SID numbers instead of a real user
- on owner settings: set owner to another user
- permission settings: remove entry and assignn permissions to a current user.

 

[luisascoobydoo]

Hi Gea

I did that you said, and I get as result only 2 sid numbers, but same close explorer when i click tab security.
I compare the config after that and I look changes:

My functional server is the 114, I attach the 2 images 114 1 mean the configuration idmap, 114 n the napp-it configure.

The 133 images are the same comands but diferent result.

 

[gea]

You must use /usr/bin/ls and /usr/bin/chmod (the Solaris not the GNU versions)
for ACL at console. Historicaly the second are the defaults by path settings.