2015-02-18 04:36 PM
We are having an issue with users authentication on CIFS shared folders.
The workflow is as follows:
We have many CIFS shares that has permissions set as everyone "full access".
We create a new user in AD.
User login into domain using this AD account.
We add this user to a group in AD that has full rights to the CIFS shares.
The user cannot access the shares. It gets access denied.
If the user logs off and log back on into Windows, it can access the share succesfully.
This happens to every CIFS share in the environment. Customer is running 8.2.2P2.
Thank you for your time!
2015-02-19 12:22 AM
Hope the below KB article helps, which describes about how to troubleshoot Microsoft Client permission issues on a NetApp 7-Mode storage system
2015-03-03 01:56 AM
You mentioned your process is:
Have you considered changing this process? I would advise:
The reason why i suggest adding the AD user to the AD group BEFORE the user logs on to the domain is to ensure the SID of AD group that is used to control access to the CIFS share is included in the users kerberos ticket which is granted to user at logon by a domain controller. If the user logs on and they are NOT a member of the AD group that controlls access to the CIFS share then the group SID will not be in the users kerberos ticket... hence when the user requests to access the resource they will recieve "access denied" but when they log off\logon (and recieve a new kerberos ticket containing the SID of the AD groups that controlls access to the share) they can access the share.
Hope that helps