Data Backup and Recovery Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Data Backup and Recovery Discussions

Start a New Post

unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 07:21 AM

Hi

i am receiving an error message of  "error: user does not exist" when trying to add a user (snapdriveservice) to the domain users group on a filer

using the following command "useradmin domainuser add DOMAIN.com\snapdriveservice -g administrators"

i have successfully added the domain admin account (DOMAIN\administrator) account to the group administrators on the filer already !

i created a second account called "test" and had the same issue as above

i tried the cifs lookup command on the snapdriveservice account and it replies 'lookup failed" - however it provides the SID for the administrator account

however, when testing i was able to add the filer to the domain using the snapdriveservice account so the filer can clearly communicate with it !

any ideas what needs to be done to the snapdriveservice account before my filer will recognise it ?

thanks

0 Likes
View By:
19 Replies
19 REPLIES 19

Re: unable to add domainuser(s) to netapp filer

scottgelb
NetApp A-Team
‎2012-04-12 08:07 AM

Is that service account on the domain or a local NetApp user?  If a local netapp user then if you created it with -g administrators it already is in the administrator group if you look at useradmin user list and it shows as an administrator.

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 08:20 AM

hi

its a domain account

the only account i can successfully add (and do the CIFS lookup command on) is the domain\administrator account

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

scottgelb
NetApp A-Team
‎2012-04-12 08:22 AM

What is the output of “cifs domaininfo” ?

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 08:26 AM

this is a demo system BTW

cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

scottgelb
NetApp A-Team
‎2012-04-12 08:31 AM

Not connected to any DCs… does “cifs resetdc” fix that? It sees the LDAP server but no AD..not sure why.

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 08:36 AM

hi

so if i do that i get the below

interesting about the TCP connection

cnetappDR>
cnetappDR> cifs resetdc
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.
Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.

THEN ANOTHER CIFS DOMAININFO


cnetappDR>
cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

scottgelb
NetApp A-Team
‎2012-04-12 08:38 AM

Looks like it fixed it… does cifs lookup work now? Could also be the 5 minute time difference but wouldn’t authenticate at all if more than a 5 min skew

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 08:42 AM

hi

not sure - it still says not connected to any DCs and the lookup doesnt work

its this bit highlighed in bold that interests me - as this is the end of the DC connection section and it states that it could not make TCP connection

this is a brand new DC - i created earlier today - no firewalls etc

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.

Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.


0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

aborzenkov
‎2012-04-12 08:54 AM

What is the value of options wafl.nt_admin_priv_map_to_root and wafl.default_unix_user and content of /etc/passwd?

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

aborzenkov
‎2012-04-12 09:00 AM

It does not really look good. And "cifs testdc"?

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 10:21 AM

see below

cnetappDR>

cnetappDR> options wafl.nt_admin_priv_map_to_root

wafl.nt_admin_priv_map_to_root off

cnetappDR> options wafl.default_unix_user

wafl.default_unix_user       pcuser

cnetappDR> rdfile /etc/passwd

root:_J9..15uY/vxcJsT398Y:0:1::/:

pcuser::65534:65534::/:

nobody::65535:65535::/:

ftp::65533:65533:FTP Anonymous:/home/ftp:

cnetappDR>

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

aborzenkov
‎2012-04-12 10:26 AM

OK, so it is not the problem I suspected (lack of NT-to-Unix mapping for non-admin users).

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

scottgelb
NetApp A-Team
‎2012-04-12 10:28 AM

If you cifs terminate, can you rejoin the domain with cifs setup?  It shouldn't work and might give some errors that help troubleshoot... although it did join before so worth trying.

19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 10:34 AM

hi yes

and i CAN join the domain using the domain\snapdriveservice user !! or the domain\administrator

just can't add the snapdriveservice user to the domain group or do the cifs lookup with it (or any other user other than the domain\administrator)

0 Likes
19 Replies

Re: unable to add domainuser(s) to netapp filer

CHRISLAWLOR
‎2012-04-12 10:47 AM

the cifs testdc output is

cnetappDR> cifs testdc
Using Established configuration
Current Mode of NBT is B Mode

Netbios scope ""
Registered names...
        CLADEMO        < 0> Broadcast

Testing all Primary Domain Controllers
found 1 unique addresses

..Not able to communicate with PDC 192.168.10.1
trying 192.168.10.1...192.168.10.1 is alive

Testing all Domain Controllers
found 1 unique addresses

..Not able to communicate with DC 192.168.10.1
trying 192.168.10.1...192.168.10.1 is alive

0 Likes
19 Replies
Review Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public