AFF

Unable to access CIFS shares - New setup

Alex_Pandian
12,651 Views

Hello Everyone!!!

We have created a new CIFS setup  including creating CIFS network VIF, Vserver, CIFS server (workgroup), Volumes and shares however user is unable to access any shares we have created.

We tried some troubleshooting - Changed allowed protocol to only CIFS, added DNS server in the new Vserver however for our environment. DNS is not required as the user going to use only IP address for accessing the shares.

Would be great if you highlight where will be issue is from to narrow down in this new setup, here is the current configuration.

 

Model - AFF version - 9.9.1P6

p-slt-na01::> vserver show -vserver p-slt-ManageEngine-cifs

Vserver: p-slt-ManageEngine-cifs
Vserver Type: data
Vserver Subtype: default
Vserver UUID: 0257070d-e705-11ec-926d-d039ea03fb98
Root Volume: SLT_ManageEngine_CIFS_SVM_root
Aggregate: data02
NIS Domain: -
Root Volume Security Style: unix
LDAP Client: -
Default Volume Language Code: C.UTF-8
Snapshot Policy: default
Data Services: -
Comment:
Quota Policy: default
List of Aggregates Assigned: -
Limit on Maximum Number of Volumes allowed: unlimited
Vserver Admin State: running
Vserver Operational State: running
Vserver Operational State Stopped Reason: -
Allowed Protocols: cifs
Disallowed Protocols: nfs, fcp, iscsi, ndmp
Is Vserver with Infinite Volume: false
QoS Policy Group: -
Caching Policy Name: -
Config Lock: false
IPspace Name: Default
Foreground Process: -
Logical Space Reporting: false
Logical Space Enforcement: false

 

p-slt-na01::> cifs show -vserver p-slt-ManageEngine-cifs

Vserver: p-slt-ManageEngine-cifs
CIFS Server NetBIOS Name: P-SLT-ME-CIFS
NetBIOS Domain/Workgroup Name: WORKGROUP
Fully Qualified Domain Name: -
Organizational Unit: -
Default Site Used by LIFs Without Site Membership: -
Workgroup Name: WORKGROUP
Authentication Style: workgroup
CIFS Server Administrative Status: up
CIFS Server Description:
List of NetBIOS Aliases: -

p-slt-na01::> vserver cifs share show
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
p-slt-ManageEngine-cifs oplocks BUILTIN\Administrators / Full Control
c$ / browsable -
changenotify
show-previous-versions
p-slt-ManageEngine-cifs browsable
ipc$ / - -
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSCentra /TCSCIFSCentral browsable -
l changenotify
access-based-enumeration
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSProbeO /TCSCIFSProbeOne browsable -
ne changenotify
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
test / browsable -
changenotify
access-based-enumeration
show-previous-versions
5 entries were displayed.

12 REPLIES 12

NetApp_SR
12,574 Views

Are you seeing any error message when attempting to open a share? Have you tried to ping the storage from the host and the host from the storage to confirm communication? I also  noticed that the security style of the root volume is unix so any volume created will also be unix by default.

 

CIFS client unable to access a CIFS share mapped to a directory below a UNIX volume with error Access Denied

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/CIFS_client_unable_to_access_a_CIFS_share_mapped_to_a_directory_below_...

 

Alex_Pandian
12,559 Views

Thanks for taking time to reply on this issue.

You are correct, I have checked the volumes created under this vserver, some volume are ntfs and some are unix.

We tried to access the share that volume ntfs style though still user not able to access, when i attempted to open the share, "Windows cannot access \\10.219.240.77\c$, error is network path not found."

 

Also noticed the SVM root volume is unix style, is it by default?? do you recommend to change the vol security style?

p-slt-na01::> volume show -vserver p-slt-ManageEngine-cifs -fields security-style,unix-permissions
vserver volume security-style unix-permissions
----------------------- ------------------------------ -------------- ----------------
p-slt-ManageEngine-cifs SLT_ManageEngine_CIFS_SVM_root unix ---rwxr-xr-x
p-slt-ManageEngine-cifs TCSCIFSCentral ntfs ------------
p-slt-ManageEngine-cifs TCSCIFSProbeOne ntfs ------------
p-slt-ManageEngine-cifs TCSCIFSProbeTwo unix ---rwxr-xr-x
p-slt-ManageEngine-cifs tosoevolume unix ---rwxr-xr-x
5 entries were displayed.

 

p-slt-na01::> cifs share show
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
p-slt-ManageEngine-cifs oplocks BUILTIN\Administrators / Full Control
c$ / browsable -
changenotify
show-previous-versions
p-slt-ManageEngine-cifs browsable
ipc$ / - -
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSCentra /TCSCIFSCentral browsable -
l changenotify
access-based-enumeration
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSProbeO /TCSCIFSProbeOne browsable -
ne changenotify
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TOSOESHARE /tosoevolume browsable -
changenotify
show-previous-versions
5 entries were displayed.

DarrenJ
12,557 Views

Start basic, can you even ping the LIF (IP) from the client? 

 

 

Alex_Pandian
12,543 Views

Hello Darren,

Yes, LIF IP is pinging from the client.

NetApp_SR
12,543 Views

Please try to ping from the host to the filer and from the filer to the host. The message "Windows cannot access" makes me think network issue. I would expect "permission denied" if the issue was related to security style.  Does the host have a firewall enabled or is there a firewall in the path? Just because ping (ICMP) works does not mean that CIFS (SMB) will pass but ping is a good first step.

Alex_Pandian
12,539 Views

Agreed, we have checked already Client, LIF and storage are part of same subnet, network team confirmed but there is no firewall block.

DarrenJ
12,533 Views

You event log would probably have some clues as well. The secd daemon controls authentication and might give us a better idea what's going on. 

 

>> event log show -message-name *secd*

 

This KB is probably worth a read through as well. Since you're in Workgroup mode, some of this won't apply, namely anything to do with Active Directory or LDAP. It also has a section discussing firewall and how to check into that, which could be part of the problem. 

 

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Troubleshooting_CIFS_or_SMB_access_denied

 

 

NetApp_SR
12,312 Views

I suggest a packet capture. It should reveal what the conversation is and why it is unable to connect.

 

How to capture packet traces (tcpdump) on ONTAP 9.2+ systems
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_capture_packet_traces_tcpdump_on_ONTAP_9.2__systems

 

Alex_Pandian
12,237 Views

Hello Darren,

 

Thanks for your response so far.

We have deleted all the CIFS setup and recreated it,  now the error is showing " The specified network password is notcorrect" from the client side is when they they try to access the share.

 

C:\Users\a*****>net use x: \\10.219.240.77\TCSCISCenral
Enter the user name for '10.219.240.77': P-SLT-ME-CIFS\Administrator
Enter the password for 10.219.240.77:
System error86 has occured.

 

The specified network password is not correct.

 

we tried reseting the password for several time just to ensure we are typingthe correct password still getting the same error, any advise from your end would be great.

 

Mjizzini
12,220 Views

Alex_Pandian
12,200 Views

I reviewed this document, my setup just had user local user account, can you tell me is the local group is mandatory to create? 

beo
11,263 Views

main reason I experience with cifs shares: time from client and server are different. have you checked your ontap date und timezone? If they differ about some minutes, cifs will not connect

Public