Network Storage Protocols Discussions

Highlighted

cifs setup configuration

I am running "cifs setup" on a new filer A, and will be using the same cifs configurations as an exisiting one B. Now, when I type "cifs domaininfo" on filer B, I am getting the list of 3 different types of DC addresses.

My questoin is which one should I pick to answer the questions that I encountered when I run "cifs setup": IPv4 address(es) of your WINS name server(s) ?

the following is the output:

filerB>cifs domaininfo

NetBios Domain:           abcdomain
Windows 2003 Domain Name: abcdomain.abc.com
Type:                     Windows 2003
Filer AD Site:            xyz

Current Connected DCs:    \\xDC02 and \\xDC01
Total DC addresses found: 20
Preferred Addresses:
                          IP1     xDC01    PDC
                          IP2                      PDC
                          IP3                      PDC
Favored Addresses:
                          IP4                     PDC
Other Addresses:
                          IP5                     PDC

                         ...                         ...

                         IP20                    PDC

Also, should I use abcdomain.abc.com to answer the question of What is the name of the Active Directory domain?

36 REPLIES 36
Highlighted

Re: cifs setup configuration

Also, should I use abcdomain.abc.com to answer the question of What is the name of the Active Directory domain?

Give : abc.com


If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Highlighted

Re: cifs setup configuration

It looks like abcdomain is a child domain in the same tree as abc.com.

If that is where the filer will live, I'd use that one.

Then the resulting FQDN of your filer would be filera.abcdomain.abc.com

You should be able to leave WINS servers blank unless you really need them.

Highlighted

Re: cifs setup configuration

I honestly don't really understand what WINS servers are? Some answer "y" on the question of "Do you want to make the system visible via WINS?', then IP's..

If I answer "y", then should I use one, or two IP's in Preferred Addresses?

Highlighted

Re: cifs setup configuration

WINS (as I understand it) was/is basically windows pre-DNS name resolution.  It's sort of legacy, but still in use.  (Disclaimer: I'm a unix guy - this is just my understanding, I'm not selling it as hard fact!)  If your existing controller has it set, I would set it on the new one.  It won't hurt anything.

You can see what WINS addresses were used on the existing controller by looking in filerB:/vol/vol0/etc/cifsconfig_setup.cfg (or the appropriate root CIFS share of vol0.  I would use those same addresses.  Once you join to the domain, I would also set the same preferred addresses, unless you know of a reason in your environment that you shouldn't do this.

And bingen is right - use abcdomain.abc.com as the domain name.

Bill

Highlighted

Re: cifs setup configuration

Hi, Guys,

Thank you all for your inputs.

Bill, I checked the file filerB:/vol/vol0/etc/cifsconfig_setup.cfg, there is only one line in it:
cifs setup -security unix  -cp 437  -NTFSonly

Does that mean we did not specify any IP's for WINS server? if this is the case, then I should anser "n" to the question of  "Do you want to make the system visible via WINS?", and without giving it any IP's?

Highlighted

Re: cifs setup configuration

Yes, I would take that to mean that filerB is not using WINS - though I'm curious why filerA lists a NetBIOS domain.  Try answering no, then check out the domaininfo afterwards, and see if it lists a netbios domain.

Bill

Highlighted

Re: cifs setup configuration

No, filerA is a new filer, and lists nothing. It is filerB(existing one) lists a NetBIOS domain. I will let you know. Thanks!

Re: cifs setup configuration

Sorry - filerA is what I meant!

Highlighted

Re: cifs setup configuration

ONTAP will always show the domain netbios name, and every domain has a netbios name.

WINS was used by, and required by, NT4 domains. You generally don't use WINS anymore as Active Directory domains don't require it and it basically is just inferior to DNS in pretty much every way possible.

When you run CIFS setup, just say "no" to WINS. Unless your environment needs it for something odd or you actually have an NT4 domain. Which I assume you don't since the old filer says "Windows 2003" for the domain type.

Highlighted

Re: cifs setup configuration

Hi guys,

I am getting another issue now.

I have been prompted for root password. I have tried the root password for the filer 4 times now, and pretty sure I entered the right one. Is it possible it is not asking the root passowrd for the filers? What root password is OnTap asking,other than the filer's root password?

CIFS requires local /etc/passwd and /etc/group files and default files

        will be created.  The default passwd file contains entries for 'root',

        'pcuser', and 'nobody'.

Enter the password for the root user []:

Password validation failed. Password has been used sometime in the last 6 change

Highlighted

Re: cifs setup configuration

Hmm, I have not seen this, but I did find something on it.  From the software setup guide:

 

During CIFS setup, you are prompted for the root password. When you enter the current password, it is not accepted. If you want to continue using the same password, you can enter Ctrl-C to stop the setup script and set the password history to 0. If you want to use a different root password, you can change the password at the prompt. If you modify the password history to 0 to use the existing password, you need to reset it to the old value after completing CIFS setup.

Check "option security".  security.passwd.rules.history looks like it started defaulting to 6 in 8.0, and is enforced if security.passwd.rules.enable is on, which is also the default in 8.0.  Try disabling the rules or setting the history to 0, then try again.

Bill

 

Highlighted

Re: cifs setup configuration

Hi Bill,

I followed what you said, and it went through! it is really a big through.

Now, I am getting the follwoing error, I believe it is due to I don't have the priviledge on AD. What does people usually do from here? Should I ask AD admin (belong to different group) to come here, and enter the name and password on the prompt, then I can continue? or are there any other ways to do it?

Password for myid@abcdomain.abc.COM:
CIFS - Logged in as myid@abcdomain.abc.COM.
***     The user you specified, myid@abcdomain.abc.COM, does not have
***     permission to create a machine account for this server in Active
***     Directory. To continue, you must specify a user with the appropriate
***     privileges.

Enter the name of the Windows user []:

Highlighted

Re: cifs setup configuration

"Should I ask AD admin (belong to different group) to come here, and enter the name and password on the prompt, then I can continue?"

Yes, that's pretty much what most people do that I talk to. Unless the AD admin will create an account for you that has the right to create machine accounts.

Highlighted

Re: cifs setup configuration

Agreed.  Having the Windows admin come and type credentials is what I've always done.

Bill

Highlighted

Re: cifs setup configuration

Nice to hear you all, I'd have to stop here.

I will leave the thread open, until any further action.

Thanks you all again.

NetApp Insights To Action
All Community Forums