CIFS Illumos Kernel Server and Permissions on Windows

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

cperalt1

Active Member
Feb 23, 2015
180
55
28
43
I am using latest SmartOS release and created a smartos zone and configured it to use the kernel based cifs server. I am able to connect to the server and write to it but am unable to make any permissions changes on the share, folder, or files. I joined the zone to Active Directory and that part is working. I am a Domain Admin on our University network so that shouldn't be a problem. I even see the zone as a machine account in my managed OU. Is there anything I might be missing in the config below. (I have anonymized the config below)

Code:
SunOS isos 5.11 joyent_20160707T032945Z i86pc i386 i86pc Solaris

Not Global Zone
Configuring SMB in SmartOS - SmartOS Documentation - SmartOS Wiki
Joining SmartOS to an Active Directory domain - SmartOS Documentation - SmartOS Wiki

[root@isos /]# getent passwd domainuser@host.tld.edu
domainuser@host.tld.edu:x:0:2147483650:lastname, firstname::

[root@isos /isos]# sharemgr show -vp

default nfs=()
smb smb=()
          isos=/isos    "ISO Repo"
zfs


[root@isos /isos]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/isos.host.tld.edu@HOST.TLD.EDU

Valid starting                Expires                Service principal
07/14/16 18:31:54  07/15/16 04:31:54  krbtgt/HOST.TLD.EDU@HOST.TLD.EDU
07/14/16 18:31:55  07/15/16 04:31:54  ldap/dc06.host.tld.edu@
07/14/16 18:31:55  07/15/16 04:31:54  ldap/dc06.host.tld.edu@HOST.TLD.EDU
07/14/16 19:04:30  07/15/16 04:31:54  ldap/dc03.host.tld.edu@
07/14/16 19:04:30  07/15/16 04:31:54  ldap/dc03.host.tld.edu@HOST.TLD.EDU
07/14/16 19:20:49  07/15/16 04:31:54  ldap/dc05.host.tld.edu@
07/14/16 19:20:49  07/15/16 04:31:54  ldap/dc05.host.tld.edu@HOST.TLD.EDU
07/14/16 19:53:44  07/15/16 04:31:54  ldap/dc01.host.tld.edu@
07/14/16 19:53:44  07/15/16 04:31:54  ldap/dc01.host.tld.edu@HOST.TLD.EDU

[root@isos /]# /usr/bin/ls -dV isos
drwxrwxrwx   6 admin    staff          6 Jul 14 18:15 isos
                 owner@:rwxp-DaARWcCos:-------:allow
                 group@:rwxp-Da-R-c--s:-------:allow
              everyone@:rwxp-Da-R-c--s:-------:allow

[root@isos /]# smbadm show -m
administrators (Members can fully administer the computer/domain)
        SID: S-1-5-32-544
        Members:
                DomainAdmin@HOST.TLD.EDU
                Domain_Group@HOST.TLD.EDU
                CAMPUS\admin
backup operators (Members can bypass file security to back up files)
        SID: S-1-5-32-551
        No members
power users (Members can share directories)
        SID: S-1-5-32-547
        Members:
                DomainUsers@HOST.TLD.EDU

       
[root@isos /]# idmap list
add     winuser:DomainAdmin@host.tld.edu  unixuser:root
add     "wingroup:Domain_Group@host.tld.edu"   unixgroup:root
7-14-2016 3-57-09 PM.png 7-14-2016 3-53-00 PM.png 7-14-2016 3-56-09 PM.png
 
Last edited:

cperalt1

Active Member
Feb 23, 2015
180
55
28
43
Thanks for that I did follow this instructions there and I was able to get the zone to join the domain. Those instructions are about 3 years old when only the global zone could join the domain at that time.
 

manxam

Active Member
Jul 25, 2015
234
50
28
I'm new to the world of Solar"ish" but it sound as though you haven't configured an idmap (identity map) for a local admin user and the root user in SmartOS.

In OmniOS one has to join the domain then:
Code:
idmap add 'winuser:administrator@ad.yourdomain.com' 'unixuser:root'
idmap add 'wingroup:administrators@ad.yourdomain.com' 'unixgroup:root'
In order to be able to manage via RSAT

EDIT: Didn't click the "spoiler" link to read that you had already performed this step. My bad.