Microsoft Virtualization Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Virtualization Discussions

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Start a New Post

Problems with PowerShell Toolkit and VFilers

mrettl
NetApp
‎2011-07-30 07:04 AM

Hi!

I am trying to automate the creation of AD integrated CIFS Servers with VFilers (Multistore) via the PowerShell Toolkit, but I an having some problems with that.

This is my script, so far everything works fine:

$nahost = "netapp01"

$navfiler = "myvfiler1"

$navfiler_root = $navfiler + "_root"

Connect-NaController $nahost

New-NaVol $navfiler_root aggr_data 500m -SpaceReserve none

New-NaVfiler $navfiler -Addresses 10.68.33.251 -Storage $navfiler_root

$b = New-Object NetApp.Ontapi.Filer.Vfiler73.IpbindingInfo

    $b.Interface = "e0a"

    $b.Ipaddress = "10.68.33.251"

    $b.Netmask = "255.255.255.0"

Set-NaVfilerAddress $navfiler -IpBindingInfo $b

Set-NaVfilerDns $navfiler vie.demo 10.68.33.10 10.68.33.9

Set-NaVfilerPassword $navfiler p@ssw0rd

Connect-NaController $nahost -Vfiler $navfiler

When I then try to add the vfiler to the domain, I am getting errors:

Set-NaCifs -CifsServer $navfiler -AuthType ad -SecurityStyle ntfs -Domain mydomain.net -User Administrator -Password p@ssw0rd

Set-NaCifs : Unable to continue with cifs setup, as the /etc/passwd and/or /etc/group files are missing and none of the

alternative authentication methods are enabled.

At line:1 char:11

+ Set-NaCifs <<<<  -CifsServer $navfiler -AuthType ad -SecurityStyle ntfs -Domain mydomain.net -User Administrator -Passwor

d p@ssw0rd

    + CategoryInfo          : InvalidOperation: (netapp01:NaController) [Set-NaCifs], ECIFS_PASSWD_AND_GROUP_REQUIRED

    + FullyQualifiedErrorId : ApiException,DataONTAP.PowerShell.SDK.Cmdlets.Cifs.SetNaCifs

Then I have tried, for example, to add a local User to the vfiler, but it also fails:

New-NaUser Administrator p@ssw0rd Administrators

New-NaUser : Could not add user <Administrator>. Error: User cannot access group(s)

At line:1 char:11

+ New-NaUser <<<<  Administrator p@ssw0rd Administrators

    + CategoryInfo          : InvalidOperation: (netapp01:NaController) [New-NaUser], EINTERNALERROR

    + FullyQualifiedErrorId : ApiException,DataONTAP.PowerShell.SDK.Cmdlets.Useradmin.NewNaUser

When I add a user to the hosting-filer, everything works fine.

But I can list the groups of the vfiler...

Get-NaGroup

Name                 Comment                                  Roles

----                 -------                                  -----

Administrators       Members can fully administer the filer   {admin}

Backup Operators     Members can bypass file security to b... {backup}

Compliance Admini... Members can perform compliance operat... {compliance}

Guests               Users granted Guest Access               {none}

Power Users          Members that can share directories       {power}

Replicators          not supported                            {none}

Users                Ordinary Users                           {audit}

Any ideas what can be wrong?

Kind regards,

Matthias

0 Kudos
View By:
1 ACCEPTED SOLUTION

timothyn
NetApp Alumni
‎2011-08-01 05:58 AM

Hi Matthias,

The /etc/passwd & /etc/group files do not exist on new filers/vfilers, so you may have to create them.  You can use the "New-NaCifsPasswordFile" and "New-NaCifsGroupFile" commandlets without any arguments to create them.  After that "Set-NaCifs" should work.

I've run into the error where I could not create users through a vfiler context in PowerShell/ZAPI but I could through the commandline, but I don't recall what the problem is/was.  Anybody else want to chime in with the answer to that one?

View solution in original post

0 Kudos
8 REPLIES 8

mrettl
NetApp
‎2011-08-02 03:17 AM

Fine, works!

I have made comments to the script and published it.

http://communities.netapp.com/docs/DOC-11999

Thanks for your help!

Regards,

Matthias

0 Kudos

timothyn
NetApp Alumni
‎2011-08-01 05:58 AM

Hi Matthias,

The /etc/passwd & /etc/group files do not exist on new filers/vfilers, so you may have to create them.  You can use the "New-NaCifsPasswordFile" and "New-NaCifsGroupFile" commandlets without any arguments to create them.  After that "Set-NaCifs" should work.

I've run into the error where I could not create users through a vfiler context in PowerShell/ZAPI but I could through the commandline, but I don't recall what the problem is/was.  Anybody else want to chime in with the answer to that one?

View solution in original post

0 Kudos

mrettl
NetApp
‎2011-08-01 07:11 AM
In response to timothyn

Hi Eric,

great, thank you, Set-NaCifs works now.

With New-NaUser I receive the same error. Probably there's anotherone out there who knows about the problem with vfilers and local users?

Kind regards,

Matthias

0 Kudos

beam
NetApp
‎2011-08-01 07:44 AM
In response to mrettl

Matthias,

Which version of the Toolkit are you using?  If you issue a Get-NaUser command to the vfiler, is there a root user in the output?  I am able to reproduce the issue on my side if I try New-NaUser before a root user exists on the vfiler.  If you are using a pre-1.5 version of the toolkit (toolkit 1.5 was just released at the end of last week), then the Set-NaVfilerPassword cmdlet will fail to create the root user on the vfiler if it does not already exist.  See this thread for more information:  http://communities.netapp.com/thread/14445

In my test, once the root user was created, New-NaUser worked as expected.

Hope that helps,

Steven

0 Kudos

mrettl
NetApp
‎2011-08-01 07:50 AM
In response to beam

Hi Beam!

I am using v1.5 of the toolkit. The root user exists:

PS C:\Users\Administrator> Get-NaUser

Name                 Comment                                  Groups

----                 -------                                  ------

root                                                          {Administrators}

Regards,

Matthias

0 Kudos

beam
NetApp
‎2011-08-01 08:41 AM
In response to mrettl

Interesting... does the same issue occur if you use Connect-NaController to connect to the vfiler directly?

$vfiler_ip = "10.68.33.251"

$vfiler_password = ConvertTo-SecureString "p@ssw0rd" -AsPlainText -Force

$ps_cred = New-Object System.Management.Automation.PSCredential @("root", $vfiler_password)

Connect-NaController $vfiler_ip -HTTP -Credential $ps_cred

-Steven

mrettl
NetApp
‎2011-08-02 01:16 AM
In response to beam

Hy Steven!

This works!

But I guess it should work running it with "Connect-NaController $nahost -Vfiler $navfiler" either?

Cheers,

Matthias

0 Kudos

beam
NetApp
‎2011-08-02 05:29 AM
In response to mrettl

I think the problem is the useradmin-* ZAPIs expect the user of the pfiler to exist on the vfiler when called using vfiler tunneling.  In my case, I was logged into the pfiler as root, so everything worked for me once the root account was created on the vfiler.  Connecting directly to the vfiler avoids this.  Once you create the necessary users on the vfiler you should be able to go back to using vfiler tunneling.

-Steven

0 Kudos
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2022 NetApp
Let us know
Public