You can try running through CIFS setup again and select 'etc/passwd and/or NIS/LDAP authentication' to do a non-windows workgroup authentication.

I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff
ekashp@kashpureff.org
NetApp Instructor and Independent Consultant
http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

Chris -

I agree - I think that it is the problem here.

It should be a 'useradmin' RBAC user for this authentication.

I hope this response has been helpful to you.

At your service,

Eugene E. Kashpureff
ekashp@kashpureff.org
NetApp Instructor and Independent Consultant
http://www.linkedin.com/in/eugenekashpureff

(P.S. I appreciate points for helpful or correct answers.)

I have tried with root user which seems to be a admin user definetly and i am getting the same results. This is really painfull as I expected it to work straight away, not sure what I am doing absolutely wrong...

The root user isn't the admin user and often doesn't work for CIFS access. If you're using /etc/passwd you may be in the situation where you're mixing NTFS and UNIX permisssions on the file system and this may cause you other issues.

I'd recommend using workgroup mode, and create a local admin user to test with. If you get this working, you can start troubleshooting other methods.

Ok I had some advances. I managed to create a user with useradmin add and then adding a new user. Now I can login in the auth group but it still doesn't work as I want

1.- I already had the users in /etc/passwd they worked properly with the AD authentication so when using CIFS it authenticated agasinst AD checked the users existed in /etc/passwd and I had unix permissions applied to users and groups in /etc/group that worked also in unix using NFS

2.- I can see workgroup permissions which is something I dont want to, I want the permissions to work in Unix mode like with using AD+unix permissions.

So I think that useradmin user and /etc/passwd users are a totally independent world and whats more I cannot access to them using CIFS+workgroups but ironically I can using CIFS+AD.

Sorry you've lost me now.

useradmin will use /etc/passwd, at least it'll populate it for you, so long as you're using "useradmin user add" and not "useradmin domainuser add". Then local users, whether UNIX type of Workgroup type will be read from /etc/passwd. You can't easily manually edit this file as it creates a shadow record to store password information (I think an adaptation of standard *NIX techniques).

AD I would expect to work fine, as the filer is simply asking the domain what auth details are correct and does the authentication.

So do you not just need access from 2 different domains, but also access from UNIX hosts also? Not impossible, but there's a lot of caveats to doing this. A bit more detail than is worth describing here, and I usually get it wrong. There's a couple of good docs on NOW and on the libraries that will help you on what you need to do to get this co-existence working properly.

Mh if I type useradmin user list I get a very different result of what there is in /etc/passwd

Yes we are actually accessing the files using unix permissions. The authentication is done via AD but everything else is controlled via /etc/groups unix permissions and /etc/passwd. This is a temp scenario until we migrate to NTFS only.

That may complicate things a little

If we disregard the UNIX piece for a little bit. If you create a new volume, set the qtree permission to NTFS, can you access this without issue from a Windows host? I think it'll be useful to get an understanding of this is an issue with the share permissions or with the file permissions.

I have both a NTFS and a Unix qtree. I am almost sure it has to be at share level because if I change to AD authentication it works (I can access both) but if I unjoin the domain I cannot access any, except when I created the independent users with useradmin and then I could access to them... still very confusing and frustrating.

Try to enable SMB on the CIFS vfiler:

options cifs.smb2.enable on