I've been playing around with Multistore on one of our new NetApps and am currently trying to view/create/edit CIFS shares for a vFiler through the computer management Window in Active Directory. The underlying security is multi protocol. I can open up the computer management window, but whenever I try to click to list shared folders or add new one, I get an "Error 5: Access is denied." message. I can view the users/groups on the filer but I can't make any edits. I am using a named account (not 'administrator') in AD that I have added to the usermap.cfg file on the vFiler, and when I turn on cifs.trace_login, I can see my user authenticate and successfully map to root.
I'm not sure what exactly is going wrong since we currently have two older physical filers that are set up in the same way and are working as desired. Any insight as to what could be going wrong or where I might find additional logs would be greatly appreciated.
Actually, I think I might have found the answer. On the vfiler, I added the user account with the command 'useradmin domainuser add username -g administrators' and that gave me the permissions I needed to manage the vfiler from AD. Although it make more sense to do it that way (kind of like addiing a user to the local administrators group on a Windows box) I'm still confused as to why simply adding the user to map to root in the usermap.cfg would work on our old filers and not the vfiler. What are the differences behind the scenes between the two methods? If that is the proper way to do it, should I consider changing our old filers as well?