I tried the multiuser mount using domain-creds.
Surprises:
* Files owned by local accounts appeared to be owned
by 'root:root'.
* Files in well-known-groups, seemed to
resolve ok, but didn't recognize my domain login as
being in one of those groups.
* Files with group ownership of Administrators allowed access
regardless of permission bits (though I am in Administrators group).
-However, files owned (showing in UID) field AdministratorsGroup
showed up as being owned by 'root' from the linux machine and
didn't enable access (though some other rule might).
=== Interesting direction.
I have some disappointment in that the remote Windows machine doesn't
recognize membership in domain groups (or local groups) when
mount options use a domain account (and cifscreds contain a domain
account).
Ex.: (w/Bliss or BLISS being my local NT4-style domain
hosted on the linux box).
local group "lawgroup" on Win machine, contains
BLISS\Domain Admins
Bliss\law
BLISS\lawgroup
law (local account)
yet to 'Bliss/law' on linux, it appears to be
owned by 'root' and doesn't enable access.
Shouldn't the smb server on the win-machine be
able to enable access via domain group membership?
Maybe I just don't have it configured correctly...?
Also noting that unix extensions don't seem to be getting
negotiated. From mount, listed options are:
//Athenae/C/ on /athenae type cifs
(rw,nosuid,nodev,noexec,relatime,vers=2.1,cache=strict,username=law,
domain=BLISS,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.3.12,
file_mode=0755,dir_mode=0755,nocase,soft,resilienthandles,nounix,
setuids,serverino,mapchars,cifsacl,rsize=1048576,wsize=1048576,
bsize=1048576,echo_interval=60,max_credits=60000,actimeo=1,user)
Q: Is it possible to get the Win server to recognize group memberships?
I note that Privileges in the domain aren't acknowledged on
the win-file-system, though the win-user using a samba-mount
will have privs recognized.
Thanks!
