<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-text-flowed" style="font-family: -moz-fixed;
font-size: 14px;" lang="x-western">Netatalk and Solaris CIFS are
incompatible regarding permissions in an AD environment or
regarding groups.
<br>
<br>
One problem hides in the + of
<br>
-rwx------+ 1 olaf olaf 469 Aug 2 17:12
scaletta2.txt
<br>
<br>
This means that there are ACLs defined.
<br>
While netatalk uses classic Unix permissions
(owner/group/everyone), Solaris CIFS works like Windows what
means: It uses ACL only, uses Windows SID in AD environments and
Windows SMB groups instead of Unix groups.
<br>
<br>
The group:2147483648 is an SMB group that is unknown to netatalk
while the group olaf is a Unix group that is unknown to Solaris
CIFS.
<br>
<br>
Your options are:
<br>
1.
<br>
Avoid netatalk as it is dead and always a source of problemws.
Apple switched to SMB so this is the future. (This is what I
did). Currently you have the Problem that Illumos lacks SMB2 and
OSX is slow with SMB1.
<br>
<br>
Hope that this will come in the near future to OmniOS as it is in
NexentaStor and Solaris 11.3.
<br>
First tests on Solaris show that smb is there as fast as AFP.
<br>
<br>
2.
<br>
Avoid AD, groups and set permissions on Windows only for users or
use id mapping
<br>
This is a workaround
<br>
<br>
3.
<br>
Use SAMBA as it rely on Unix permissions as well
<br>
(For what I use SMB, Solaris CIFS is superieur, so an option that
I would avoid)
<br>
<br>
my tip is 1.
<br>
<br>
<br>
Gea
<br>
<br>
<br>
<br>
Am 02.08.2015 17:39, schrieb Olaf Marzocchi:
<br>
<blockquote type="cite" style="color: #000000;">Hello,
<br>
in my server (latest stable release) I use netatalk to share
files with OS X and I use CIFS (kernel) for Windows.
<br>
I never noticed until now that the files made by the two
operating systems have mismatching and incompatible permissions.
This prevents me from modifying or deleting under an operating
system the files created with the other one.
<br>
<br>
For example:
<br>
<br>
-rw-r--r-- 1 olaf olaf 469 Aug 2 17:12
scaletta.txt
<br>
owner@:rw-p--aARWcCos:-------:allow
<br>
group@:r-----a-R-c--s:-------:allow
<br>
everyone@:r-----a-R-c--s:-------:allow
<br>
-rwx------+ 1 olaf olaf 469 Aug 2 17:12
scaletta2.txt
<br>
user:olaf:rwxpdDaARWcCos:-------:allow
<br>
group:2147483648:rwxpdDaARWcCos:-------:allow
<br>
<br>
The first one was generated by netatalk and correctly shows the
permissions according to the user/group I used to login, it also
inherited extended ACL according to the parent folder.
<br>
The second file was created by Windows 8.1, when connected to my
server using SERVER@username as login (to be sure I am logging
in with a user local to the server), and added strange ACL:
user:olaf/group:2147483648
<br>
<br>
The server is not connected to any AD and I am using a normal
workgroup setup.
<br>
<br>
Where can I find some info to understand the issue? is there
something obvious I missed? in my configuration?
<br>
<br>
Thanks!
<br>
Olaf Marzocchi
<br>
_______________________________________________
<br>
OmniOS-discuss mailing list
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:OmniOS-discuss@lists.omniti.com">OmniOS-discuss@lists.omniti.com</a>
<br>
<a class="moz-txt-link-freetext"
href="http://lists.omniti.com/mailman/listinfo/omnios-discuss">http://lists.omniti.com/mailman/listinfo/omnios-discuss</a>
<br>
</blockquote>
<br>
</div>
</body>
</html>