Subscribe
Accepted Solution

Windows 2012 / 7 cifs access problems

Hello

we have migrated to windows 2012 based Active Directory clients are windows 7.

From this time we have one problem with several users, they doesn't have access to few shares:

f.e /vol/Group BUT ONLY by alias or FQDN - by ip it's working.

dcdiag - shows nothing special.

alias is set fileserver and added to filer

system ontap 8.1 Rc3

sectrace shows

[sectrace.filter.denied:info]: [sectrace index: 1] Access denied because 'Execute' permission (0x20) is not granted on file or directory (Access denied because the requested permissions are not granted by the access control entries) - Status: 1:239075332:32:75 - 10.92.11.11 - NT user name: MYDOMAIN\username - UNIX user name: pcuser(65534) - Qtree security style is NTFS and NT ACL is set on file/directory - Path: /vol/Group/

or

[sectrace index: 1] Access denied because 'Synchronize, Read Attributes' permission (0x100080) is not granted on file or directory (Access denied because the requested permissions are not granted by the access control entries) - Status: 1:60368617476:32:67 - 10.92.71.38 - NT user name: Mydomain\username - UNIX user name: pcuser(65534) - Qtree security style is NTFS and NT ACL is set on file/directory - Path: /vol/Group/

Re: Windows 2012 / 7 cifs access problems

I think this may be due to the new RID compression feature that Microsoft introduced with Win2k12 servers.

You may want to have a look at this link which provides more details and has workarounds as well as information related to ONTAP versions supporting the feature:

http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=648981