CIFS Illumos Kernel Server and Permissions on Windows

[cperalt1]

I am using latest SmartOS release and created a smartos zone and configured it to use the kernel based cifs server. I am able to connect to the server and write to it but am unable to make any permissions changes on the share, folder, or files. I joined the zone to Active Directory and that part is working. I am a Domain Admin on our University network so that shouldn't be a problem. I even see the zone as a machine account in my managed OU. Is there anything I might be missing in the config below. (I have anonymized the config below)

SunOS isos 5.11 joyent_20160707T032945Z i86pc i386 i86pc Solaris

Not Global Zone
Configuring SMB in SmartOS - SmartOS Documentation - SmartOS Wiki
Joining SmartOS to an Active Directory domain - SmartOS Documentation - SmartOS Wiki

[root@isos /]# getent passwd domainuser@host.tld.edu
domainuser@host.tld.edu:x:0:2147483650:lastname, firstname::

[root@isos /isos]# sharemgr show -vp

default nfs=()
smb smb=()
          isos=/isos    "ISO Repo"
zfs


[root@isos /isos]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/isos.host.tld.edu@HOST.TLD.EDU

Valid starting                Expires                Service principal
07/14/16 18:31:54  07/15/16 04:31:54  krbtgt/HOST.TLD.EDU@HOST.TLD.EDU
07/14/16 18:31:55  07/15/16 04:31:54  ldap/dc06.host.tld.edu@
07/14/16 18:31:55  07/15/16 04:31:54  ldap/dc06.host.tld.edu@HOST.TLD.EDU
07/14/16 19:04:30  07/15/16 04:31:54  ldap/dc03.host.tld.edu@
07/14/16 19:04:30  07/15/16 04:31:54  ldap/dc03.host.tld.edu@HOST.TLD.EDU
07/14/16 19:20:49  07/15/16 04:31:54  ldap/dc05.host.tld.edu@
07/14/16 19:20:49  07/15/16 04:31:54  ldap/dc05.host.tld.edu@HOST.TLD.EDU
07/14/16 19:53:44  07/15/16 04:31:54  ldap/dc01.host.tld.edu@
07/14/16 19:53:44  07/15/16 04:31:54  ldap/dc01.host.tld.edu@HOST.TLD.EDU

[root@isos /]# /usr/bin/ls -dV isos
drwxrwxrwx   6 admin    staff          6 Jul 14 18:15 isos
                 owner@:rwxp-DaARWcCos:-------:allow
                 group@:rwxp-Da-R-c--s:-------:allow
              everyone@:rwxp-Da-R-c--s:-------:allow

[root@isos /]# smbadm show -m
administrators (Members can fully administer the computer/domain)
        SID: S-1-5-32-544
        Members:
                DomainAdmin@HOST.TLD.EDU
                Domain_Group@HOST.TLD.EDU
                CAMPUS\admin
backup operators (Members can bypass file security to back up files)
        SID: S-1-5-32-551
        No members
power users (Members can share directories)
        SID: S-1-5-32-547
        Members:
                DomainUsers@HOST.TLD.EDU

       
[root@isos /]# idmap list
add     winuser:DomainAdmin@host.tld.edu  unixuser:root
add     "wingroup:Domain_Group@host.tld.edu"   unixgroup:root

 

[natkin]

The article "Joining SmartOS to an Active Directory domain", Joining SmartOS to an Active Directory domain - SmartOS Documentation - SmartOS Wiki, reads that "only the [Global Zone] can be joined to a domain." (I'm not sure if that might be out of date, seeing as you were seemingly able to join your zone).

Anyway, the article does have a quite comprehensive set of instructions, which hopefully can help you.

 

[cperalt1]

Thanks for that I did follow this instructions there and I was able to get the zone to join the domain. Those instructions are about 3 years old when only the global zone could join the domain at that time.

 

[manxam]

I'm new to the world of Solar"ish" but it sound as though you haven't configured an idmap (identity map) for a local admin user and the root user in SmartOS.

In OmniOS one has to join the domain then:

idmap add 'winuser:administrator@ad.yourdomain.com' 'unixuser:root'
idmap add 'wingroup:administrators@ad.yourdomain.com' 'unixgroup:root'

In order to be able to manage via RSAT

EDIT: Didn't click the "spoiler" link to read that you had already performed this step. My bad.