2009-03-07 01:22 PM
I have a filer which is not part of a Active Directory domain. It's running 18.104.22.168. There is no CIFS license installed on the filer (and none forthcoming). Snapdrive 6.0.1 is installed on a Windows 2008X64 server. I'm attempting to configure pass-through authentication as described in the docs.
I've created a local snapdrive user and add it to the Windows local administrators group. I've created a local user on the filer called snapdrive and added it to the BUILTIN\Administrators group on the filer. The passwords I've created for the Windows snapdrive user is identical to the filer snapdrive user.
I've installed snapdrive as the local snapdrive user. Everything looks fine when I open up the Snapdrive MMC. When I attempt to create a disk via snapdrive I get the following error:
Access is denied
I've configured pass through authentication successfully in the past on Windows 2000/2003. Not sure if this is a Windows 2008 problem. Firewall has been completely turned off the Windows server.
2009-03-08 09:28 AM
So, I decided to join the filer to AD to see if the pass through authentication was the problem. This way I could follow the regular method of using a domain account to install snapdrive. After installing snapdrive with the filer part of the domain I'm still getting the same error - Access denied, when I try and create a disk via snapdrive.
I checked the syslog and found the following:
Sun Mar 8 12:17:05 EDT useradmin.unauthorized.user: User 'eone\snapdrive' denied access - missing required capability: 'login-http-admin'
Sun Mar 8 12:17:05 EDT [Ripley: HTTPPool04:warning]: HTTP Authentication from 10.10.0.53 to realm Administration failed
eone\snapdrive is the snapdrive service account. It's been added to the filer's BUILTIN\Administrators group and the Windows server's local administrators group. As additional information - The Windows server is running Exchange 2007 if that is useful information.
Hoping someone can help resolve.
2009-03-08 12:01 PM
I was using the default RPC transport. Do you have to specifically configure RPC transport from within the snapdrive mmc properties, or is that default during setup? If I changed it to HTTP does that mean that snapdrive is making calls to the filer via http and would that make a difference as to me getting what seems to be a permissions issue? At this point I'm wondering if it's some sort of DCOM issue. All firewalls are turned off.
The odd thing is that I've got this working on a lab setup (Windows 2008 X64, snapdrive 6.0.2, ONTAP simulator)
2009-03-09 04:15 PM
Any takers?? I'm stuck on this and could really use some advice . There must be someone who has configured snapdrive pass through authentication successfully before. I'm thinking it's a Windows 2008 issue - possibly a bug, but dunno for sure.
Any help would be most appreciated.
2009-03-09 05:10 PM
Have you tried to reset the password on the snapdrive account on the filer. Just finished a customer install 6 Windows 2008 servers configured the same way. Had the same error pop up on the fist server and I used the passwd command to rest password on the user account ( I believe I fat fingered it the first time)
2009-03-09 07:19 PM
I assume you looked at the installation guide: http://now.netapp.com/NOW/knowledge/docs/snapdrive/relsnap602/pdfs/admin.pdf and also made sure the SnapDrive account on the controller (local Administation group) and server (run as a service and local admin rights to server) have the correct rights (check pg. 44 of the guide).
Also in the guide you can look to use the http or https protocols as well (new in Snap Drive 6.0).
But from your previous e-mails it looks like you have it right, you might just want to check the groups the accounts are in against the Admin guide.
Technical Partner Manager
Got questions? Get answers in the Partner Network.
2009-03-09 07:27 PM
I just reset the snapdrive account on the filer and still get the same access denied on the Snapdrive console when I try and create a disk. Could you please step through your steps that you did to get this to work? I'd really appreciate it.
2009-03-09 07:40 PM
Thanks for the reply. Yes, I think I've read that guide many time now . The snapdrive account I created on the Windows host is a local account that I added to the local administrators group on the windows host.
The snapdrive account I created on the filer is the same name (snapdrive) as the windows host account. I used the following command to create it:
useradmin user add snapdrive -g Administrators
I have chosen to use RPC transport. Something I noticed:
You might need to use pass-through authentication for one of the following reasons:
You do not have a domain controller available.
You want to install your Windows host as a stand-alone server in a workgroup environment without
any dependency on another system for authentication, even if there is a domain controller available.
Your Windows host and the storage system are in two different domains.
Your Windows host is in a domain and you want to keep the storage system in a workgroup with
Now, my windows host is in a domain. The filer doesn't have CIFS so I've never run CIFS setup. Is the filer automatically in a workgroup if I don't run CIFS setup? Would pass through authentication still be vaild for my situation?
Lastly, would I have to log into the Windows host as the local snapdrive service account I created in order to install snapdrive, or would logging into the windows host with a domain account and later specifying the local snapdrive account during install be sufficient?