ONTAP Discussions

Access and rights issues on vFiler.

TOBIAS1979
16,170 Views

Hi

I have access problem to my vFiler. When I open a new mmc and connect to my vFiler i got the following error " You do not have permission to see the list of shares for Windows Clients". I do not allways get this error it is intermittent?!

The other strange thing thats happens when i am trying to change owner ship or change permission on the share is this error " Unable to set new owner on "share$" (folder path xx.xx.xx) Access denied.

Rgds

Tobias

1 ACCEPTED SOLUTION

TOBIAS1979
9,385 Views

Hi again

I called the NetApp supprt and they gave me the following KB articles which explain the problem.

https://kb.netapp.com/support/index?page=content&id=2011796

http://support.microsoft.com/KB/972299

Rgds

Tobias

View solution in original post

12 REPLIES 12

scottgelb
15,989 Views

It should be the same if not a vFiler.  Is your windows account in the administrator group on the netapp?  You can use useradmin to check....usually the account is not included.

TOBIAS1979
15,989 Views

Where colud i see how is member of local administrator on NetApp. Should I add domain admin to administrators?

useradmin ?

scottgelb
15,989 Views

useradmin user list will show local admin users.  useradmin domainusers list -g administrators will show all domain user accounts that are admins  You can use "cifs lookup" to get the username on the sids listed.  If you are not listed with your username then add your domain account with "useradmin domainuser add username -g administrators" if not there.

TOBIAS1979
15,989 Views

Thanks for your fast replay and the command . Our Domian Admin group is member of local admin on the NetApp vfiler, but I still get the no access message when iám changing permission on the share. But if i click continue one the "access denied" message and then cancel the permission has changed?

TOBIAS1979
15,989 Views

When I change permission on the share I get following error.

ERIC_TSYS
15,989 Views

Why dont you turn on access tracking logging and see what the error message is?

options cifs.trace_login on             (hopefully I remembered the correct syntax).

Then recreate the issue and go looking for more info in /etc/messages file. dont forget to turn the option OFF once done.

Also, do basic checks and see if the qtree is UNIX or NTFS security style etc.

TOBIAS1979
15,989 Views

I have performed "options cifs.loin on" on the vFiler, but how do I read the file in / etc / message directory?

To summarize the problem:

We have two vFilers with CIFS share which we will use for home directories.

What happens is the following. I can take ownership over the share and it works with my domain admin account. But when I try to put "permission" on the shared directory, eg. CREATOR OWNER, I get  the access denied message.

The home directories will be used in a windows environment so security style is NTFS.

Rgds

Tobias

scottgelb
15,989 Views

with trace_login on you will see the login on the console...so keep the console open when you connect and it will show the login and the usermapping as well. 

qtree status shows the volume is ntfs security style?  Do you have a vfileroot/etc/passwd file with root and pcuser in it, then options wafl.default_unix_user is pcuser (all the defaults if not changed)?

TOBIAS1979
15,989 Views

Hi

Here´s the output for cifs trace. I can see there is a problem with one of domain controllers is that related to the access problem? We have four AD server in our environment. Can there be a problem with that pcuser is UNIX. Security style is for the qtree is NTFS

Rgds

Tobias

TOBIAS1979
9,386 Views

Hi again

I called the NetApp supprt and they gave me the following KB articles which explain the problem.

https://kb.netapp.com/support/index?page=content&id=2011796

http://support.microsoft.com/KB/972299

Rgds

Tobias

scottgelb
9,313 Views

So all is working ok and the error is only from an empty mount?  Very good... so you can manage shares and users and groups from the mmc.

TOBIAS1979
9,313 Views

Ýes, if I just put one simpel *.txt file in the share the error message is gone. 😃

Public