Subscribe

unable to add domainuser(s) to netapp filer

Hi

i am receiving an error message of  "error: user does not exist" when trying to add a user (snapdriveservice) to the domain users group on a filer

using the following command "useradmin domainuser add DOMAIN.com\snapdriveservice -g administrators"

i have successfully added the domain admin account (DOMAIN\administrator) account to the group administrators on the filer already !

i created a second account called "test" and had the same issue as above

i tried the cifs lookup command on the snapdriveservice account and it replies 'lookup failed" - however it provides the SID for the administrator account

however, when testing i was able to add the filer to the domain using the snapdriveservice account so the filer can clearly communicate with it !

any ideas what needs to be done to the snapdriveservice account before my filer will recognise it ?

thanks

Re: unable to add domainuser(s) to netapp filer

Is that service account on the domain or a local NetApp user?  If a local netapp user then if you created it with -g administrators it already is in the administrator group if you look at useradmin user list and it shows as an administrator.

Re: unable to add domainuser(s) to netapp filer

hi

its a domain account

the only account i can successfully add (and do the CIFS lookup command on) is the domain\administrator account

Re: unable to add domainuser(s) to netapp filer

What is the output of “cifs domaininfo” ?

Re: unable to add domainuser(s) to netapp filer

this is a demo system BTW

cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

Re: unable to add domainuser(s) to netapp filer

Not connected to any DCs… does “cifs resetdc” fix that? It sees the LDAP server but no AD..not sure why.

Re: unable to add domainuser(s) to netapp filer

hi

so if i do that i get the below

interesting about the TCP connection

cnetappDR>
cnetappDR> cifs resetdc
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.
Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.

THEN ANOTHER CIFS DOMAININFO


cnetappDR>
cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

Re: unable to add domainuser(s) to netapp filer

Looks like it fixed it… does cifs lookup work now? Could also be the 5 minute time difference but wouldn’t authenticate at all if more than a 5 min skew

Re: unable to add domainuser(s) to netapp filer

hi

not sure - it still says not connected to any DCs and the lookup doesnt work

its this bit highlighed in bold that interests me - as this is the end of the DC connection section and it states that it could not make TCP connection

this is a brand new DC - i created earlier today - no firewalls etc

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.

Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.


Re: unable to add domainuser(s) to netapp filer

What is the value of options wafl.nt_admin_priv_map_to_root and wafl.default_unix_user and content of /etc/passwd?