OmniOS / Napp-IT -SMB users lookup/add not working from Windows

Discussion in 'Solaris, Nexenta, OpenIndiana, and napp-it' started by ssherwood, Jun 9, 2018.

  1. ssherwood

    ssherwood New Member

    Joined:
    Oct 7, 2011
    Messages:
    14
    Likes Received:
    0
    Hello all,

    Sorry for the length of this - I've done a lot of searching, and research, but am still stuck. Any assistance would be welcome!

    I've been working on a SMB issue with my system which is running OmniOS (v11 r151026e) & Napp-IT (18.01 free Apr.02.2018). This is an AIO setup running in ESXi 5.1, if that is material.

    In a nutshell, I've got SMB working, but would like to be able to edit permissions from Windows, which isn't working completely.

    Existing ACLs are working for named Windows users on restricted shares (no file permissions for everybody@), and I can edit (eg. add/remove 'full control', modify, write permissions etc.) and remove an existing ACL (created from OmniOS CLI) from Windows but cannot add new users (which exist in Napp-IT/OmniOS). Windows complains:

    "An object named "<username>" cannot be found. Check the selected object types and location for accuracy and ensure that you typed the object name correctly, or remove this object from the selection."

    Now - this is more a matter of convenience as I'm able to add permissions from the OmniOS CLI like:

    chmod A+user:<username>:rwxpdDaARWcCos:fd-----:allow /pool/sharename

    And subsequently edit the ACLs from Windows, but I suspect a faulty setting/permission somewhere.

    I've also tried to use MMC with the Shared Folders snap-in pointed to my OmniOS VM, and I'm able to see the shares, but when I try to add a user, I'm not able to most of the time. I've found some inconsistencies from one Windows machine to another. Either way, I can't just add a user by typing it into the 'enter object names to select' box.

    Windows 7 Professional MMC sees the object types:
    - Built-in security principals
    - Groups
    - Users
    ... but if I filter to users or groups and try a find (with no terms defined) via Advanced > Find Now, I get no results. Strangely, it does render results for the Built-in security principals. The shares work from Windows 7, and I'm able to change existing permissions, including deleting them, but as the system cannot see the Users objects, I'm unable to add users.

    Windows 10 Enterprise MMC sees the object types:
    - Other objects

    - Built-in security principals
    - Groups
    - Users
    ... here I can do a bit more as in Advanced > Find Now, I'm able to see the users. But as above, I cannot simply key in the username into the 'enter object names to select' box, I have to use Advanced, then Find Now. If I select the user from the search results, it brings over a resolved (GUI shows an underline under the object name) name into the 'enter object names to select' box, and clicking OK does result in the user being added.

    That said, if I manually key in exactly the same information into that box and perform a lookup, I get the "An object named "<username>" cannot be found..." error.

    In Windows 10, I'm also able to do the same thing (Advanced > Find Now) to lookup existing users on OmniOS in the respective share's (right click on share then Properties > Security > Edit > Add > Advanced > Find Now)

    I've tried this on existing and new/test folders/shares with the same results.

    So to recap, both Windows 7 & 10 seem to be able to edit existing ACLs, but only Windows 10 seems to manage adding a new ACL, and then, you have to jump through some hoops in order to get it done.

    I've been running ZFS via Nexenta and now Napp-IT for years, and have in the past been able to manage ACLs from inside Windows. At some point though, this stopped working, so I stopped using granular ACLs (personal/home environment) and just used everyone@ full_set permissions. I have a new need to restrict access, and so I'd like to start applying some ACLs, and managing this from Windows is a must day-to-day changes.

    Thanks in advance if you have made it to the end - I'd appreciate any tips/suggestions.

    -SS
     
    #1
  2. gea

    gea Well-Known Member

    Joined:
    Dec 31, 2010
    Messages:
    1,885
    Likes Received:
    626
    I have seen similar problems recently with Windows 10 on OmniOS in workgroup mode when accessing the NAS via ip (AD mode is ok).

    I would try
    - add the NAS to your DNS server or add an entry to the Windows hosts file (edit with notepad started as admin)
    the Windows hostfile is in %windir%\system32\divers\etc

    add an entry with your ip ex
    92.168.1.20 nas

    Then connect your nas from Windows via \\nas as user root (or a user in the OmniOS SMB group admins)
    and open the permission tab from Windows 10

    Add users via properties > add > advanced > search user and select one from the list
    Adding a user directly per name ex nas\paul gives the error

    other option to care
    Services > properties: set netbios_enable to true

    btw
    I have asked this in Illumos developper maillist but no info so far
    Topicbox

    If you like you can add your insights there
     
    #2
  3. ssherwood

    ssherwood New Member

    Joined:
    Oct 7, 2011
    Messages:
    14
    Likes Received:
    0
    Thanks @gea - do you have any suggestions for the Windows 7 clients? I'm in Workgroup mode - sorry if I didn't state that earlier.

    I'm already using the hostname to access the SMB shares from the Windows computers, and there is no domain name. (ie. its all host.localdomain)

    Re: other option to care
    Services > properties: set netbios_enable to true

    I found this under SMB, and it is already set to true.

    I'll try to add a static mapping on the Windows machines to see if it helps - thanks for the suggestion!
     
    #3
    Last edited: Jun 9, 2018
Similar Threads: OmniOS Napp-IT
Forum Title Date
Solaris, Nexenta, OpenIndiana, and napp-it Looking to update OmniOS/NAPP-IT from r151014 Oct 23, 2018
Solaris, Nexenta, OpenIndiana, and napp-it OmniOS/napp-it self-sign certificate Oct 4, 2018
Solaris, Nexenta, OpenIndiana, and napp-it Solaris (OmniOS) w/ Napp-It ZPool Share Permissions for CIFS [Solved] Sep 17, 2018
Solaris, Nexenta, OpenIndiana, and napp-it napp-it/omniosce change smb volume name Aug 6, 2018
Solaris, Nexenta, OpenIndiana, and napp-it FreeBSD/FreeNAS vs OmniOS/Napp-it write speeds when used as ESXi NFS VM datastore? Jul 29, 2018

Share This Page