2014-12-04 05:57 AM - last edited on 2014-12-04 06:37 AM by alissa
I am having an issue connecting to a CIFS share thats running inside a vfiler. The vFiler has successfully joined the domain, and the CIFS share has been created relating back to a volume. NTFS permissions have been set. See details below:
vFiler - 10.25.10.100/24
DC - 10.25.10.45/24
Windows 2008 R2
Source Machine - 10.25.10.39/24
Windows 2008 R2
I have enabled options.cifs_login and this is the output when trying to connect:
Thu Dec 4 13:51:38 GMT [vfiler:auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\domaincontroller.
Thu Dec 4 13:51:38 GMT [vfiler:auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: User from client machine authenticated by DC.
Thu Dec 4 13:51:38 GMT [vfiler:auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user domain user to Unix user user.
Thu Dec 4 13:51:38 GMT [vfiler:auth.trace.mapNTToUnix:info]: AUTH: Mapping Windows user domain user to Unix user pcuser.
Thu Dec 4 13:51:38 GMT [vfiler:auth.trace.authenticateUser.loginAccepted:info]: AUTH: Login by domain user from client machine accepted.
This is the first CIFS share that has been created on this vfiler, so no other shares are available. As the vfiler correctly joined the domain, and created an ad object, that would suggest that DNS and communications between host and vfiler is working as expected.
I have tried the share over IP and Hostname
I cannot access the C$ or ETC share on the vfiler, but i can managed from computer management
Any ideas would be greatly appreciated
Solved! SEE THE SOLUTION
2014-12-04 06:10 AM
This probably should have been posted in the data ontap sectoin... But I will see if i can help..
First, are you ad administrator on the vfiler? If so, you should be able to browse C$ and etc$ without an issue.
What are your share level permissions when you created
log into filer - run
vfiler run vfilername cifs shares - Check the share access -
Not sure what your standard out of the gate is, but my guess is everyone full control.
And you confirmed you are part of the domain - vfiler run vfilername cifs domaininfo.
2014-12-04 06:28 AM
Hello, thanks for coming back to me so quick
You are correct, cifs shares comes back everyone - full control but i have added a specific security group on the domain which is also in the list
cifs domaininfo comes back ok with the favored addresses for domain controllersin use
I am an administrator of the domain, and i can manage the vfiler through computer management. When i try browsing the etc or C$ share i get an error detailing Network path not found.
I receive the audit log on the vfiler which matches my client machine and user id
2014-12-04 07:17 AM
Ok, I think i might have an idea of whats going on.
What's your walf default security style?
hopefully it's NTFS - Check to see your vol status
qtree (make sure volume is NTFS)
Let me know what that comes back with
2014-12-04 09:32 AM
THank you very much it seems this is working now in a development environment, i will replicate this into prod tonight.
How do i buy you a beer??
2014-12-04 10:08 AM
Well - was it the wrong security style on the volume? If it was, you want to change the default security style to ntfs, that will make your life easier..
Also, just mark answer as correct, that will help. ty