Subscribe

Problem with AD - group permissions not working unless "cifs setup" is invoked again

Hi!

 

I have strange problem with FAS2240 running ONTAP 8.2.4P3 in 7-mode. I've recently added some additional uplinks for file services (was running iSCSI only) and confiured CIFS service with Active Directory. AD itself is pretty ancient: Win2003 servers running AD with Win2000 functional level, with 2-way trust with another domain (same servers and functional level).

 

And I have pretty strange problem: when I set up new volume and configure user-based permissions, everything works just fine. However when I try to build exactly same permissions using group management, I have "access denied" when trying to access share. Permissions are fine, FAS talks to AD without any issues.

 

But here's the best part: if i "cifs terminate" and then "cifs setup", configure everything again exatly the same as previously, group permissions automagically start working. If I try adding another group to acces the share - access denied. If I try add another user to already configured group, then sometimes it works, sometimes it doesn't.

 

Any ideas? I've tried everything permission-related I could find across the web, nothing helps so far. Domain communication works, users and groups are accesible from filer, wcc -x doesn't help.

Re: Problem with AD - group permissions not working unless "cifs setup" is invoked again

try fsecurity cmd to check the issue... it might be helpful

Cannot find the answer you need?  No need to open a support case - just CHAT and we’ll handle it for you.