How do I write the cifs audit log (cifsaudit.alf) to adtlog.evt. I can't see anything in the ontap 73 sysadmin guides that say how to do this.
I found the below from another site, but it seems to be for ontap 6.x.
cifs audit save [ -f ]
I'm trying to troubleshoot some permission problems and would like a look at what netapp is saying for the reason I'm getting denied. The troubling part is everything is set up like the share I'm migrating away from (security settings and cifs permissions), but it seems that only domain admins, and a single test account that I originally used seems to have access, even though users have access to their individual accounts (just not the root folder). I believe I explicitly granted my test account access to the volume at one point but had since removed it so I'm not sure what's going on.
I actually don't need to know this anymore because it ended up writing in a fairly timely manner. I also think I discovered what the issue is.
We have cifs.preserve_unix_security on on the particular filer I had issues with and I'm suspecting that this option requires user accounts to be able to be mapped from AD to whatever we are using for unix auth (in this case, ldap)...
I suspect that because of this, the user accounts that I noticed were failing, were ones that only had an AD account.
Can anyone confirm this behavior? I believe that my issue now lies with the wafl.default_unix_user being set to null instead of pcuser (or any other user).
I've set this option on a test filer, and my test account seems to work on... but to be honest I forgot to check it against the test filer before setting the option. I would like to clear this option now, but it seems that when I run the command to clear i, it comes back with it still set. Netapp documentation says this is how to clear this option. Any thoughts on why I can't clear it?
I figured this out. Apparently this option can not be set using rsh and must be done on the filer. Is this something specific to wafl options in general? How can I know what options can be remote executed vs requiring ssh access on the filer?