Loading...
Loading...
Inserting Windows ACEs for users and groups defined locally on an Access Zone and not defined on System Zone When accessing the cluster through root account and trying to lookup users and groups defined in the local provider of an Access Zone and not in the local provider of the System zone, you cannot lookup the users or groups or add them Windows ACEs for them. Below is an example for the scenario where the difficulty is seen for looking up the user: The user "UserZone2" is only seen in the zone Zone2 not the System zone: Users listed in System Zone: T70213-1# isi auth users list Name --------- root admin compadmin ftp www nobody insightiq Guest --------- Total: 8 Users list in Zone2: T70213-1# isi auth users list --zone=Zone2 Name --------- Guest UserZone2 root nobody --------- Total: 4 When trying to lookup the user, you are advised that there is no such user. T70213-1# id UserZone2 id: UserZone2: no such user When trying to add a permission, you cannot find the user as well: T70213-1# chmod +a user UserZone2 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child /ifs/data chmod: UserZone2: illegal user name: Invalid argument Although the user is still seen in Zone2: T70213-1# isi auth users view --zone=Zone2 --user=UserZone2 Name: UserZone2 DN: CN=UserZone2,CN=Users,DC=T70213 DNS Domain: - Domain: T70213 Provider: lsa-local-provider:Zone2 Sam Account Name: UserZone2 UID: 2000 SID: S-1-5-21-1017101696-1263414793-4266719627-1000 Enabled: Yes Expired: No Expiry: - Locked: No Email: - GECOS: - Generated GID: No Generated UID: No Generated UPN: Yes Primary Group ID : GID:1800 Name : Isilon Users Home Directory: /ifs/home/userzone2 Max Password Age: 4W Password Expired: No Password Expiry: 2015-04-14T23:41:59 Password Last Set: 2015-04-14T23:17:32 Password Expires: No Shell: /bin/zsh UPN: UserZone2@T70213 User Can Change Password: Yes T70213-1#
The root of the System zone can only lookup local users and groups defined in the local provider of the System zone only.
To lookup the user and add the permissions for that user, you must run as the root user of Zone2. First, locate the zone id of Zone2: T70213-1# isi zone zones view --zone=Zone2 Name: Zone2 Cache Size: 9.54M Map Untrusted: SMB Shares: - Auth Providers: lsa-local-provider:Zone2 Local Provider: Yes NetBIOS Name: All SMB Shares: No All Auth Providers: No User Mapping Rules: - Home Directory Umask: 0077 Skeleton Directory: /usr/share/skel Zone ID: 2 T70213-1# Run as the root user of Zone2: T70213-1# isi_run -z 2 -l root [Please note that the number stated beside the -z option is the zone id] You can successfully lookup the user: T70213-1# id UserZone2 uid=2000(UserZone2) gid=1800(Isilon Users) groups=1800(Isilon Users),2000(GroupZone2) Also, you can add permissions for this user. T70213-1# chmod +a user UserZone2 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child /ifs/data T70213-1# ls -led /ifs/data drwxrwxrwx + 2 root wheel 27 Apr 14 23:28 /ifs/data OWNER: user:root GROUP: group:wheel 0: user:UserZone2 allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child 1: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child 2: group:wheel allow dir_gen_read,dir_gen_write,dir_gen_execute,delete_child 3: everyone allow dir_gen_read,dir_gen_write,dir_gen_execute,delete_child T70213-1#
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.