Network and Storage Protocols

people dosn't got all their group while browsing a unix atree on windows

grocanar
2,521 Views

Hi

 

I have some people but not all who have problem when browsing a directory in an unix volume from windows 

 

The configuration is based on an active directory.

when i run 

 

diag secd authentication show-creds -win-name PC\gsamson -node cns_n03 -vserver cns_svm_01

 UNIX UID: gsamson <> Windows User: PC\gsamson (Windows Domain User)

 GID: g_gsamson
 Supplementary GIDs (partial):
  g_gsamson

 Windows Membership:
  PC\g_smb (Windows Domain group)
  PC\g_metabo (Windows Domain group)
  PC\g_wanda (Windows Domain group)
  PC\g_info (Windows Domain group)
  PC\g_lisdev (Windows Domain group)
  PC\g_vigne (Windows Domain group)
  PC\g_tara (Windows Domain group)
  PC\g_principal_cns (Windows Domain group)
  PC\g_extprj (Windows Domain group)
  PC\g_dosage (Windows Domain group)
  PC\g_sybase (Windows Domain group)
  PC\g_submit (Windows Domain group)
  PC\g_cloacadata (Windows Domain group)
  PC\g_cns (Windows Domain group)
  PC\g_atelier (Windows Domain group)
  PC\g_urza (Windows Domain group)
  PC\g_cnsnglapps (Windows Domain group)
  PC\g_gsamson (Windows Domain group)
  PC\g_lims_adm (Windows Domain group)
  PC\Utilisa. du domaine (Windows Domain group)
  BUILTIN\Users (Windows Alias)
 User is also a member of Everyone, Authenticated Users, and Network Users

 Privileges (0x2080):
  SeChangeNotifyPrivilege

we can see that the used gsamson doesn't receive all her groups from the AD. 

in a unix machine based on the AD we got all the groups 

 

uid=1202(gsamson) gid=1202(g_gsamson) groupes=1202(g_gsamson),502(g_cns),106(g_sybase),507(g_wanda),529(g_cloacadata),128(g_extprj),545(g_tara),127(g_vigne),501(g_info),522(g_metabo),544(g_smb),102(g_atelier),2665(g_principal_cns),1357(g_lims_adm),1477(g_urza),1970(g_cnsnglapps),539(g_submit),542(g_dosage),556(g_lisdev)

the stange things is trhat thet netapp has the fallowing messages

 

 Supplementary GIDs (partial):

and that s true the list is partial.

how can i get all the gid list? 

 

 

1 REPLY 1

Storagerix
2,038 Views

Greetings!

 

I had an identical issue with AFF running 9.5. One day everything OK, the next some users lost their Supplementary GIDs listings and consequently access to their shares. I had to reboot the node in question.

Any idea why this happens, how to fix it non-disruptively,  and how to avoid it alltogether?

 

Sincerely,

Storagerix

Public