Accepted Solution

writing cifslog to adtlog.evt manually


How do I write the cifs audit log (cifsaudit.alf) to adtlog.evt.  I can't see anything in the ontap 73 sysadmin guides that say how to do this.

I found the below from another site, but it seems to be for ontap 6.x.

cifs audit save [ -f ]

I'm trying to troubleshoot some permission problems and would like a look at what netapp is saying for the reason I'm getting denied.  The troubling part is everything is set up like the share I'm migrating away from (security settings and cifs permissions), but it seems that only domain admins, and a single test account that I originally used seems to have access, even though users have access to their individual accounts (just not the root folder).  I believe I explicitly granted my test account access to the volume at one point but had since removed it so I'm not sure what's going on. 

Re: writing cifslog to adtlog.evt manually

I actually don't need to know this anymore because it ended up writing in a fairly timely manner.  I also think I discovered what the issue is. 

We have cifs.preserve_unix_security  on     on the particular filer I had issues with and I'm suspecting that this option requires user accounts to be able to be mapped from AD to whatever we are using for unix auth (in this case, ldap)... 

I suspect that because of this, the user accounts that I noticed were failing, were ones that only had an AD account.

Can anyone confirm this behavior?  I believe that my issue now lies with the wafl.default_unix_user being set to null instead of pcuser (or any other user). 

I've set this option on a test filer, and my test account seems to work on... but to be honest I forgot to check it against the test filer before setting the option.  I would like to clear this option now, but it seems that when I run the command to clear i, it comes back with it still set.  Netapp documentation says this is how to clear this option.  Any thoughts on why I can't clear it? 

[1032]#[dmurphy@dfm01:~]$ sudo /usr/bin/rsh 2050b options wafl.default_unix_user ""
wafl.default_unix_user       pcuser    
[1033]#[dmurphy@dfm01:~]$ sudo /usr/bin/rsh 2050b options wafl | grep unix
wafl.default_security_style  unix      
wafl.default_unix_user       pcuser    

Re: writing cifslog to adtlog.evt manually

I figured this out.  Apparently this option can not be set using rsh and must be done on the filer.  Is this something specific to wafl options in general?  How can I know what options can be remote executed vs requiring ssh access on the filer?

Re: writing cifslog to adtlog.evt manually

You have to quote quotes for local shell. E.g. using backslash. It is nothing NetApp specific, NetApp gets empty argument which was eaten by your local Unix shell.

rsh 2050b options wafl.default_unix_user \"\"

Re: writing cifslog to adtlog.evt manually

ahhh... that makes perfect sense.  Stupid hungry unix shells!