Is that service account on the domain or a local NetApp user?  If a local netapp user then if you created it with -g administrators it already is in the administrator group if you look at useradmin user list and it shows as an administrator.

hi

its a domain account

the only account i can successfully add (and do the CIFS lookup command on) is the domain\administrator account

What is the output of “cifs domaininfo” ?

this is a demo system BTW

cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

Not connected to any DCs… does “cifs resetdc” fix that? It sees the LDAP server but no AD..not sure why.

hi

so if i do that i get the below

interesting about the TCP connection

cnetappDR>
cnetappDR> cifs resetdc
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.
Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.
Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.

THEN ANOTHER CIFS DOMAININFO

cnetappDR>
cnetappDR> cifs domaininfo
NetBios Domain:           CLADEMO
Windows 2003 Domain Name: clademo.com
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Not currently connected to any DCs
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1    CLADC            PDCBROKEN
Other Addresses:
                          None

Connected AD LDAP Server: \\cladc.clademo.com
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.10.1
                           cladc.clademo.com
Other Addresses:
                          None
cnetappDR>

Looks like it fixed it… does cifs lookup work now? Could also be the 5 minute time difference but wouldn’t authenticate at all if more than a 5 min skew

hi

not sure - it still says not connected to any DCs and the lookup doesnt work

its this bit highlighed in bold that interests me - as this is the end of the DC connection section and it states that it could not make TCP connection

this is a brand new DC - i created earlier today - no firewalls etc

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for CLADEMO.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name)..

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for CLADEMO complete. 1 unique addresses found.

Thu Apr 12 16:34:07 BST [cifs.server.infoMsg:info]: CIFS: Warning for server \\CLADC: Could not make TCP connection.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for CLADEMO.COM.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.

Thu Apr 12 16:34:07 BST [auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for CLADEMO.COM complete. 1 unique addresses found.

What is the value of options wafl.nt_admin_priv_map_to_root and wafl.default_unix_user and content of /etc/passwd?