This content has been marked as final. Show 4 replies
Which ls command is this? I would use this one:
# which ls
Can you redisplay your output with /usr/bin/ls like this, for example:
# ls -dv dir1
drwxr-xr-x 3 root root 3 Jan 4 07:05 dir1
here's the output i get from the command...
I read up on it a bit more and, if I'm not mistaken, the 10 digit number is the ephemeral id that is dynamically generated by Solaris. Is this number persistent across reboots? Just don't want the permissions to change if we ever have to reboot the server. I created a mapping rule using the following "idmap add winuser:'*@example.com' unixuser:'*'" but that means that I would have to create a local Solaris user for each windows user right? is there a better way to handle this? Ideally I would chmod a directory or file using the active directory's username i.e. chmod Aemail@example.com:list_directory/read_data......:allow. But right now I have to add the user locally first then chmod the directory using "chmod A+localuser:list_directory.....:allow" and because of the mapping rule the correct user would be added to the ACL. Do I have to right grasp on this issue or am I approaching it incorrectly? Thanks!
Yes, there is a way to map the Windows users to a Solaris system. You shouldn't have to add them individually.
I haven't done this myself but I would check this doc, if you haven't already:
This doc explains how to create mapping rules and also that you need to configure the Solaris name service
to access the Active Directory user and group sources, which is described here:
Hi there.. That number is the Ephemeral mapping that Solaris does for windows SIDs to UID/GID.
you can do an
to see how its mapped.
root@husker:~# idmap dump -n winuser:ENSURfirstname.lastname@example.org == uid:2147508226 winuser:email@example.com == uid:2147508227 wingroup:Norchem_IT@ms.anon.com == gid:2147508228 winuser:JUSTINP0firstname.lastname@example.org == uid:2147508228 winuser:IT-MGR-SANDYemail@example.com == uid:2147508225 wingroup:ITComputers@ms.anon.com == gid:2147508227 wingroup:Domain Computers@ms.anon.com == gid:2147508226 wingroup:firstname.lastname@example.org == gid:2147483651 wingroup:JabberUsers@ms.anon.com == gid:2147483652 wingroup:email@example.com == gid:2147483653 wingroup:UnixAdmins@ms.anon.com == gid:2147483655
Here is the doc on how idmap works.
Default mode is Ephemeral mapping where it assumes windows SIDs do not have corresponding Solaris accounts (uid/gid) so it creates and arbitrary uid/gid for it.
You can change the mode to Identity Management for UNIX (IDMU) which uses the UID/GID assigned by AD unix tools. Or rule based mapping or directory mapping.
It does survive reboots just fine having tested that a few times now I can say it seems to do ok. I don't know if it uses an algorithm or what to figure out the gid such that the same SID generates the same gid each time.
Edited by: TomS on Feb 20, 2013 2:47 PM