Hi all!
I've been trying to get SmartOS with Napp-It to work with my Active Directory domain. Joining wasn't a problem. It is the sharing of folders that is driving me crazy. I've been trying to set this up for weeks now. Any help / insight would be greatly appreciated.
This is what my network contains:
Initially I was using my Windows Server as a file server. The performance on it is terrible and I've been reading up on ZFS and really want to use it's benefits. Prior to deploying my SAN/NAS VM i was reading on several websites that AD integration is no problem with Solaris-based operating systems. It took me some days of reading when I finally decided to go with OmniOS and Napp-It.
For testing purposes I am using Gea's Napp-In-One solution (v14a): napp-it // webbased ZFS NAS/SAN appliance for OmniOS, OpenIndiana and Solaris downloads
Like I said, joining my AD domain was no problem. I've created a ZFS pool and created a folder called "public" with guest access enabled. All permissions are set to default. Meaning I have not set any permissions. The permissions that are set are the ones that were created when the shared folder was created by me. Same thing goes for the share ACLs.
Actually the only thing a did was add some user mappings:
Your current mappings: idmap list
If I try to access the NAS/SAN server (Start > Run > \\napp-iy-14a) from my physical workstation that is NOT domain joined I can access the shares without a logon prompt. I can even edit file and folder permissions.
If I try to access the NAS/SAN server (Start > Run > \\napp-iy-14a) from any of my domain joined Windows servers I get a logon prompt. Trying to authenticate with any of my AD accounts do not work, it only results in a locked out account. If I do however authenticate with the root user and password on the SAN/NAS VM I can access it but then receive the following error message:
"\\napp-it-14a is not accessible. You might not have permissions to use this network resource. Contact sysadmin.... The remote procedure call failed and did not execute"
After some searching I found this guide: http://info.nexenta.com/rs/nexenta/images/doc_3.0_win7cifs.pdf
OK, so it might be GPO related. So I moved my test server running Windows Server 2012 R2 to an OU that has no GPOs applied to (blocked inheritance). I then once again tried to access the NAS/SAN server. Please note that the Windows Server 2012 R2 machine is still domain joined. This thime I also received a logon prompt and no domain account works, only root. But if I authenticate with the root user I do not receive the error message above, I can see the shares on the server and edit permissions. So my question/problem, how do I get rid of the logon prompt? If both the Windows Server and OmniOS servers are joined in the domain and user mappings have been setup, no authentication should be required, no?
I've been trying to get SmartOS with Napp-It to work with my Active Directory domain. Joining wasn't a problem. It is the sharing of folders that is driving me crazy. I've been trying to set this up for weeks now. Any help / insight would be greatly appreciated.
This is what my network contains:
- ESXi 5.5 hosting all my virtual servers.
- AD Domain with domain and forest function level of "Windows Server 2012 R2".
- 2 x Domain Controllers running Windows Server 2012 R2
- 1 x File server running Windows Server 2012 R2
- 1 x Plex Media Server running Windows Server 2012 R2
- 1 x Test server running Windows Server 2012 R2
- 1 x NAS/SAN running OmniOS with Napp-It
- 1 x Physical workstation running Windows 8
Initially I was using my Windows Server as a file server. The performance on it is terrible and I've been reading up on ZFS and really want to use it's benefits. Prior to deploying my SAN/NAS VM i was reading on several websites that AD integration is no problem with Solaris-based operating systems. It took me some days of reading when I finally decided to go with OmniOS and Napp-It.
For testing purposes I am using Gea's Napp-In-One solution (v14a): napp-it // webbased ZFS NAS/SAN appliance for OmniOS, OpenIndiana and Solaris downloads
Like I said, joining my AD domain was no problem. I've created a ZFS pool and created a folder called "public" with guest access enabled. All permissions are set to default. Meaning I have not set any permissions. The permissions that are set are the ones that were created when the shared folder was created by me. Same thing goes for the share ACLs.
Actually the only thing a did was add some user mappings:
Your current mappings: idmap list
Code:
add winuser:oden@domain.local unixuser:root
add wingroup:administrators@domain.local unixgroup:root
add -d "wingroup:domain [email]admins@domain.local[/email]" unixgroup:root
add -d "wingroup:SG-Domain [email]Administrators@domain.local[/email]" unixgroup:root
add -d winuser:snerran@domain.local unixuser:root
add winuser:*@domain.local unixuser:*
add "wingroup:Domain [email]Users@domain.local[/email]" unixgroup:users
add "wingroup:Domain [email]Admis@domain.local[/email]" unixgroup:staff
If I try to access the NAS/SAN server (Start > Run > \\napp-iy-14a) from any of my domain joined Windows servers I get a logon prompt. Trying to authenticate with any of my AD accounts do not work, it only results in a locked out account. If I do however authenticate with the root user and password on the SAN/NAS VM I can access it but then receive the following error message:
"\\napp-it-14a is not accessible. You might not have permissions to use this network resource. Contact sysadmin.... The remote procedure call failed and did not execute"
After some searching I found this guide: http://info.nexenta.com/rs/nexenta/images/doc_3.0_win7cifs.pdf
OK, so it might be GPO related. So I moved my test server running Windows Server 2012 R2 to an OU that has no GPOs applied to (blocked inheritance). I then once again tried to access the NAS/SAN server. Please note that the Windows Server 2012 R2 machine is still domain joined. This thime I also received a logon prompt and no domain account works, only root. But if I authenticate with the root user I do not receive the error message above, I can see the shares on the server and edit permissions. So my question/problem, how do I get rid of the logon prompt? If both the Windows Server and OmniOS servers are joined in the domain and user mappings have been setup, no authentication should be required, no?