[OpenIndiana-discuss] OI_151a4, ZFS, CIFS - Managaging ACLs from Windows

ths.mailaddr at yahoo.com ths.mailaddr at yahoo.com
Tue May 22 13:13:33 UTC 2012 

Hello,

i try to get OI running as a replacement for an ageing netware server. Therefor i am 

interested in ZFS and CIFS. The setup was straight forward and didt cause any problems. 

But now im stuck. I am not able to manage the ACLs from WinXP Pro SP3 nor Win7 Pro.

I have added 'other password required pam_smb_passwd.so.1 nowarn' to /etc/pam.conf
and reset the root password.


First, I am running the CIFS service in workgroup mode and i have created 2 additional
users called 'admin' and 'user1'. 'admin' is supposed to be the windows administrator,
'user1' an ordinary user.  The share is setup like this:

# zfs create -o casesensitivity=mixed -o nbmand=on datapool/test
# zfs set "sharesmb=name=test" datapool/test

# chown -R admin /datapool/test


# zfs set aclinherit=passthrough datapool/test
# zfs set aclmode=passthrough datapool/test


/usr/bin/chmod A=\
owner@:rwxpdDaARWcCos:fd-----:allow,\
group@:rwxpdDaARWcCos:fd-----:allow,\
everyone@:rwxpdDaARWcCos:fd-----:allow \
/datapool/test


The ACLs on the share are:

 ls -V /datapool/test/.zfs/shares/test
-rwxrwxrwx+  1 root     root           0 Mai 16 11:41 /datapool/test/.zfs/shares/test
              everyone@:rwxpdDaARWcCos:-------:allow


I can connect to the share either using root, admin or user1, but i cannot manage the ACLs from 

Explorer->Properties->Security tab, regardless if i connect as root or admin. The tab shows 

full rights for 'Current Ower', 'Current Group' and 'Everyone'

If i connect the Windows Computer Management Console to the OI host, i see 3 SMB groups 
'administrators', 'backup operators' and 'power users' and 3 users 'admin', 'root' and 'user1'. 
Windows let me access the details for the groups, showing an empty membership list, but
didnt let me add any users. Error is always "Object not found". The same happens if i try to
add an explicit ACL for one of these users from Explorer->Properties->Security tab.

Btw - if i add the users via smbadm add-member, they show up on windows. 

Could someone point me in the right direction please?

Thanks in advance
Thomas

More information about the OpenIndiana-discuss mailing list