we purchased a new Netapp 8020 AFF with Clustered Data Ontap 8.3.1 installed. It's our first cDot System so I'm pretty new to this stuff.
I've created some CIFS shares for Users on our Windows 2008 R2 Domain.
Accessing the CIFS share with Domain Admin User worked well, but the share isn't accessible as a simple User with Domain User privileges.
After typing the login credentials of the User in the Win Explorer it takes about 15 Second then i get the User/PW promt again.
Adding the User to the Domain Admin Group in Active Directory makes the share accessible immediately.
The Volume is set so Security Style "NTFS".
The User is added to Share Permissions of the CIFS Share (Full Control)
Following Share Options set via OnCommand:
Enable as read/write
Disabling the SMB3 Protocol does not change the issue so i turn it back on because of our Windows 2012 Servers.
The vserver cifs options show command delivers following configuration:
Client Session Timeout: 900 Copy Offload Enabled: true Default Unix Group: - Default Unix User: - Guest Unix User: - Are Administrators mapped to 'root': true Is Advanced Sparse File Support Enabled: true Direct-Copy Copy Offload Enabled: false Export Policies Enabled: false Is Advertise DFS Enabled: false Is DAC Enabled: false Is Fake Open Support Enabled: true Is Local Auth Enabled: true Is Local Users and Groups Enabled: true Is Referral Enabled: false Is Search Short Names Support Enabled: false Is Trusted Domain Enumeration And Search Enabled: true Is UNIX Extensions Enabled: false Is Use Junction as Reparse Point Enabled: true Maximum Length of Data Zeroed by One Operation: 32MB Max Multiplex Count: 255 Max Same User Session Per Connection: 2050 Max Same Tree Connect Per Session: 50 Max Opens Same File Per Tree: 800 Max Watches Set Per Tree: 100 NT ACLs on UNIX Security Style Volumes Enabled: true Read Grants Exec: disabled Read Only Delete: disabled Reported File System Sector Size: 4096 Restrict Anonymous: no-restriction Shadowcopy Dir Depth: 5 Shadowcopy Enabled: true Max Buffer Size for SMB1 Message: 65535 SMB2 Enabled: true SMB3 Enabled: true WINS Servers: -
PS: i used the search function it delivers me this:
Got the same Issue. Domain Admins have access, all other domain user do not.
I thougth about Admin<>root mapping...
Just tried setting the option vserver cifs options modify -vserver vserver_cifs -is-admin-users-mapped-to-root-enabled false... and the same behaviour occurs with the domain admin user at accessing the cifs share.
something is wrong with access credentials ntfs/unix
For CIFS access user mapping from Windows to Unix MUST succeed, even for access to folders with ntfs security style. In Windows-only environment it means, default Unix user MUST be defined as fallback. Which is pretty much confirmed by your disabling of Administrator-to-Unix mapping.
Set default Unix user in properties, make sure this user is also defined in SVM.