Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please advise how to lookup SID in clsuter data ontap 8.3
CIFS Lookup is not working.
Thanks.
Tony
Solved! See The Solution
1 ACCEPTED SOLUTION
TonyWu has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tony,
This works on 8.2.1, not sure if it's changed in 8.3
cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1
S-1-5-21-3150332139-2813398079-754052488-1110
However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:
C:\>dsquery user forestroot -samid user1 | dsget user -sid
sid
S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded
/matt
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
8 REPLIES 8
TonyWu has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tony,
This works on 8.2.1, not sure if it's changed in 8.3
cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1
S-1-5-21-3150332139-2813398079-754052488-1110
However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:
C:\>dsquery user forestroot -samid user1 | dsget user -sid
sid
S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded
/matt
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I looks not able to resolve.
Please see the attachment
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please advise - The error SecD Error: User not found"
Is there anyway to query the bulit-in user account
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tony,
The SID is not resolved to a user (or group) because the object has been deleted in Active Directory (hence any lookup on that SID will fail). You need to restore the group or user in able to resolve it. See
https://technet.microsoft.com/en-us/library/dd379509%28v=ws.10%29.aspx
/matt
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Matt,
I guess it is a built-in administrator of Netapp CIFS account.
How can I convert the bulit in administrator account to SID?
thanks.
Tony
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tony,
You can view the SID for a local vserver user by using the same method...for example:
cluster1::> vserver cifs users-and-groups local-user show -vserver vserver1
Vserver User Name Full Name Description
------------ --------------------------- -------------------- -------------
vserver1 VSERVER1\Administrator Built-in administrator account
nclaunsw01::> set diag
Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y
cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name Administrator
S-1-5-21-3601454379-3612699275-2053566262-500
I recommend reading the following article as this will help to understand the Syntax of a SID:
https://technet.microsoft.com/en-us/library/cc962011.aspx
Knowing this you can easily determin if the SID represents a local user or group verses a domain user or group by comparing the domain identifer in the SID. For example the domain identifer for the local administrator account in the above example is "21-3601454379-3612699275-2053566262" as compared to an AD user account with a domain identifier of "21-3150332139-2813398079-754052488". EG
cluster1::*> diag secd authentication translate -node local -vserver nvserver1 -win-name user1
S-1-5-21-3150332139-2813398079-754052488-1110
/matt
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I am having the same issue as mentioned above, however the groups are in AD and still SID translation is not happening.
I have checked almost everything, and still unable to find the issue.
diag secd command doesnt work for me on 8.3.2
Appreciate any help...
Thank you and Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
toaster> cifs lookup mday SID = S-1-5-21-39724982-1647982808-1376457959-1221 toaster> cifs lookup NT-DOMAIN\mday SID = S-1-5-21-39724982-1647982808-1376457959-1221 toaster> cifs lookup BUILTIN\Administrators SID = S-1-5-32-544 toaster> cifs lookup S-1-5-32-544 name = BUILTIN\Administrators toaster> cifs lookup nonexistentuser lookup failed