AFF
AFF
Hello Everyone!!!
We have created a new CIFS setup including creating CIFS network VIF, Vserver, CIFS server (workgroup), Volumes and shares however user is unable to access any shares we have created.
We tried some troubleshooting - Changed allowed protocol to only CIFS, added DNS server in the new Vserver however for our environment. DNS is not required as the user going to use only IP address for accessing the shares.
Would be great if you highlight where will be issue is from to narrow down in this new setup, here is the current configuration.
Model - AFF version - 9.9.1P6
p-slt-na01::> vserver show -vserver p-slt-ManageEngine-cifs
Vserver: p-slt-ManageEngine-cifs
Vserver Type: data
Vserver Subtype: default
Vserver UUID: 0257070d-e705-11ec-926d-d039ea03fb98
Root Volume: SLT_ManageEngine_CIFS_SVM_root
Aggregate: data02
NIS Domain: -
Root Volume Security Style: unix
LDAP Client: -
Default Volume Language Code: C.UTF-8
Snapshot Policy: default
Data Services: -
Comment:
Quota Policy: default
List of Aggregates Assigned: -
Limit on Maximum Number of Volumes allowed: unlimited
Vserver Admin State: running
Vserver Operational State: running
Vserver Operational State Stopped Reason: -
Allowed Protocols: cifs
Disallowed Protocols: nfs, fcp, iscsi, ndmp
Is Vserver with Infinite Volume: false
QoS Policy Group: -
Caching Policy Name: -
Config Lock: false
IPspace Name: Default
Foreground Process: -
Logical Space Reporting: false
Logical Space Enforcement: false
p-slt-na01::> cifs show -vserver p-slt-ManageEngine-cifs
Vserver: p-slt-ManageEngine-cifs
CIFS Server NetBIOS Name: P-SLT-ME-CIFS
NetBIOS Domain/Workgroup Name: WORKGROUP
Fully Qualified Domain Name: -
Organizational Unit: -
Default Site Used by LIFs Without Site Membership: -
Workgroup Name: WORKGROUP
Authentication Style: workgroup
CIFS Server Administrative Status: up
CIFS Server Description:
List of NetBIOS Aliases: -
p-slt-na01::> vserver cifs share show
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
p-slt-ManageEngine-cifs oplocks BUILTIN\Administrators / Full Control
c$ / browsable -
changenotify
show-previous-versions
p-slt-ManageEngine-cifs browsable
ipc$ / - -
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSCentra /TCSCIFSCentral browsable -
l changenotify
access-based-enumeration
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSProbeO /TCSCIFSProbeOne browsable -
ne changenotify
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
test / browsable -
changenotify
access-based-enumeration
show-previous-versions
5 entries were displayed.
Are you seeing any error message when attempting to open a share? Have you tried to ping the storage from the host and the host from the storage to confirm communication? I also noticed that the security style of the root volume is unix so any volume created will also be unix by default.
CIFS client unable to access a CIFS share mapped to a directory below a UNIX volume with error Access Denied
Thanks for taking time to reply on this issue.
You are correct, I have checked the volumes created under this vserver, some volume are ntfs and some are unix.
We tried to access the share that volume ntfs style though still user not able to access, when i attempted to open the share, "Windows cannot access \\10.219.240.77\c$, error is network path not found."
Also noticed the SVM root volume is unix style, is it by default?? do you recommend to change the vol security style?
p-slt-na01::> volume show -vserver p-slt-ManageEngine-cifs -fields security-style,unix-permissions
vserver volume security-style unix-permissions
----------------------- ------------------------------ -------------- ----------------
p-slt-ManageEngine-cifs SLT_ManageEngine_CIFS_SVM_root unix ---rwxr-xr-x
p-slt-ManageEngine-cifs TCSCIFSCentral ntfs ------------
p-slt-ManageEngine-cifs TCSCIFSProbeOne ntfs ------------
p-slt-ManageEngine-cifs TCSCIFSProbeTwo unix ---rwxr-xr-x
p-slt-ManageEngine-cifs tosoevolume unix ---rwxr-xr-x
5 entries were displayed.
p-slt-na01::> cifs share show
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
p-slt-ManageEngine-cifs oplocks BUILTIN\Administrators / Full Control
c$ / browsable -
changenotify
show-previous-versions
p-slt-ManageEngine-cifs browsable
ipc$ / - -
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSCentra /TCSCIFSCentral browsable -
l changenotify
access-based-enumeration
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TCSCIFSProbeO /TCSCIFSProbeOne browsable -
ne changenotify
show-previous-versions
p-slt-ManageEngine-cifs oplocks Everyone / Full Control
TOSOESHARE /tosoevolume browsable -
changenotify
show-previous-versions
5 entries were displayed.
Start basic, can you even ping the LIF (IP) from the client?
Hello Darren,
Yes, LIF IP is pinging from the client.
Please try to ping from the host to the filer and from the filer to the host. The message "Windows cannot access" makes me think network issue. I would expect "permission denied" if the issue was related to security style. Does the host have a firewall enabled or is there a firewall in the path? Just because ping (ICMP) works does not mean that CIFS (SMB) will pass but ping is a good first step.
Agreed, we have checked already Client, LIF and storage are part of same subnet, network team confirmed but there is no firewall block.
You event log would probably have some clues as well. The secd daemon controls authentication and might give us a better idea what's going on.
>> event log show -message-name *secd*
This KB is probably worth a read through as well. Since you're in Workgroup mode, some of this won't apply, namely anything to do with Active Directory or LDAP. It also has a section discussing firewall and how to check into that, which could be part of the problem.
I suggest a packet capture. It should reveal what the conversation is and why it is unable to connect.
How to capture packet traces (tcpdump) on ONTAP 9.2+ systems
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_capture_packet_traces_tcpdump_on_ONTAP_9.2__systems
Hello Darren,
Thanks for your response so far.
We have deleted all the CIFS setup and recreated it, now the error is showing " The specified network password is notcorrect" from the client side is when they they try to access the share.
C:\Users\a*****>net use x: \\10.219.240.77\TCSCISCenral
Enter the user name for '10.219.240.77': P-SLT-ME-CIFS\Administrator
Enter the password for 10.219.240.77:
System error86 has occured.
The specified network password is not correct.
we tried reseting the password for several time just to ensure we are typingthe correct password still getting the same error, any advise from your end would be great.
I reviewed this document, my setup just had user local user account, can you tell me is the local group is mandatory to create?
main reason I experience with cifs shares: time from client and server are different. have you checked your ontap date und timezone? If they differ about some minutes, cifs will not connect