Data Backup and Recovery Discussions

unable to add domainuser(s) to netapp filer

Hi

i am receiving an error message of  "error: user does not exist" when trying to add a user (snapdriveservice) to the domain users group on a filer

using the following command "useradmin domainuser add DOMAIN.com\snapdriveservice -g administrators"

i have successfully added the domain admin account (DOMAIN\administrator) account to the group administrators on the filer already !

i created a second account called "test" and had the same issue as above

i tried the cifs lookup command on the snapdriveservice account and it replies 'lookup failed" - however it provides the SID for the administrator account

however, when testing i was able to add the filer to the domain using the snapdriveservice account so the filer can clearly communicate with it !

any ideas what needs to be done to the snapdriveservice account before my filer will recognise it ?

thanks

19 REPLIES 19

Re: unable to add domainuser(s) to netapp filer

Is that service account on the domain or a local NetApp user?  If a local netapp user then if you created it with -g administrators it already is in the administrator group if you look at useradmin user list and it shows as an administrator.

Re: unable to add domainuser(s) to netapp filer

hi

its a domain account

the only account i can successfully add (and do the CIFS lookup command on) is the domain\administrator account

Re: unable to add domainuser(s) to netapp filer

What is the output of “cifs domaininfo” ?

Re: unable to add domainuser(s) to netapp filer

this is a demo system BTW

cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

Re: unable to add domainuser(s) to netapp filer

Not connected to any DCs… does “cifs resetdc” fix that? It sees the LDAP server but no AD..not sure why.

Re: unable to add domainuser(s) to netapp filer

hi

so if i do that i get the below

interesting about the TCP connection

cnetappDR>
cnetappDR> cifs resetdc
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.
Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.

THEN ANOTHER CIFS DOMAININFO


cnetappDR>
cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

Re: unable to add domainuser(s) to netapp filer

Looks like it fixed it… does cifs lookup work now? Could also be the 5 minute time difference but wouldn’t authenticate at all if more than a 5 min skew

Re: unable to add domainuser(s) to netapp filer

hi

not sure - it still says not connected to any DCs and the lookup doesnt work

its this bit highlighed in bold that interests me - as this is the end of the DC connection section and it states that it could not make TCP connection

this is a brand new DC - i created earlier today - no firewalls etc

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.

Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.


Re: unable to add domainuser(s) to netapp filer

What is the value of options wafl.nt_admin_priv_map_to_root and wafl.default_unix_user and content of /etc/passwd?

Re: unable to add domainuser(s) to netapp filer

It does not really look good. And "cifs testdc"?

Re: unable to add domainuser(s) to netapp filer

see below

cnetappDR>

cnetappDR> options wafl.nt_admin_priv_map_to_root

wafl.nt_admin_priv_map_to_root off

cnetappDR> options wafl.default_unix_user

wafl.default_unix_user       pcuser

cnetappDR> rdfile /etc/passwd

root:_J9..15uY/vxcJsT398Y:0:1::/:

pcuser::65534:65534::/:

nobody::65535:65535::/:

ftp::65533:65533:FTP Anonymous:/home/ftp:

cnetappDR>

Re: unable to add domainuser(s) to netapp filer

OK, so it is not the problem I suspected (lack of NT-to-Unix mapping for non-admin users).

Re: unable to add domainuser(s) to netapp filer

If you cifs terminate, can you rejoin the domain with cifs setup?  It shouldn't work and might give some errors that help troubleshoot... although it did join before so worth trying.

Re: unable to add domainuser(s) to netapp filer

hi yes

and i CAN join the domain using the domain\snapdriveservice user !! or the domain\administrator

just can't add the snapdriveservice user to the domain group or do the cifs lookup with it (or any other user other than the domain\administrator)

Re: unable to add domainuser(s) to netapp filer

the cifs testdc output is

cnetappDR> cifs testdc
Using Established configuration
Current Mode of NBT is B Mode

Netbios scope ""
Registered names...
        CLADEMO        < 0> Broadcast

Testing all Primary Domain Controllers
found 1 unique addresses

..Not able to communicate with PDC 192.168.10.1
trying 192.168.10.1...192.168.10.1 is alive

Testing all Domain Controllers
found 1 unique addresses

..Not able to communicate with DC 192.168.10.1
trying 192.168.10.1...192.168.10.1 is alive

Review Banner
All Community Forums
Public