ONTAP Discussions

Add CIFS vserver to Active Directory domain

angelshark
6,726 Views

Hello,

 

I've just installed a FAS2520 and I'm in the process of activating the CIFS service and adding the vserver to the Active Directory domain.

 

However, when I run the "vserver cifs create" command, I have DNS related errors and it end with "cannot find an appropriate domain controller".

 

Has anyone had a similar problem? I have already checked and the time between the domain controllers and the Filer are in sync. The user account that I'm using to add the machine to the domain also has the appropriate permissions.

 

 

 

CLUSTER::> vserver cifs create -cifs-server NETAPPFS01 -domain oilcorp.corp.local
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the "OILCORP.CORP.LOCAL" domain.
Enter the user name: administrateur
Enter the password:
Error: Machine account creation procedure failed
[ 0 ms] Trying to create machine account 'NETAPPFS01' in domain
'OILCORP.CORP.LOCAL' for Vserver 'NETAPPFS01'
[ 5] Entry for host-name: oilcorp-c001.oilcorp.corp.local not
found in the current source: FILES. Ignoring and trying
next available source
[ 2006] Failed to connect to 10.113.180.1 for DNS: Operation
timed out
[ 2009] Entry found for host-name:
oilcorp-c001.oilcorp.corp.local using source: DNS
[ 2010] Entry for host-name: oilcorp-c002.oilcorp.corp.local not
found in the current source: FILES. Ignoring and trying
next available source
[ 4011] Failed to connect to 10.113.180.1 for DNS: Operation
timed out
[ 5012] Failed to connect to 10.113.180.4 for DNS: Operation
timed out
[ 5012] Entry for host-name: oilcorp-c002.oilcorp.corp.local not
found in the current source: DNS. Entry for host-name:
oilcorp-c002.oilcorp.corp.local not found in any of the
available sources
**[ 5013] FAILURE: getaddrinfo failed with error : hostname nor
** servname provided, or not known
[ 5013] Found 1 domain controllers through DNS
[ 5013] Connecting to LDAP (Active Directory) server
oilcorp-c001.oilcorp.corp.local (10.113.180.1) as
administrateur@OILCORP.CORP.LOCAL
[ 5015] Failed to initiate Kerberos authentication. Trying NTLM.
[ 7017] No servers available for MS_LDAP_AD, vserver: 2, domain:
OILCORP.CORP.LOCAL.
Error: command failed: Failed to create the Active Directory machine account "NETAPPFS01". Reason: SecD Error: Cannot find an appropriate domain controller.
CLUSTER::>

 

 

 

3 REPLIES 3

asulliva
6,713 Views

It appears that the connectivity to the DCs is failing for both DNS and AD (LDAP) traffic types.  Are you sure that the IPs are correct, there is no firewall, and that it is able to route to the DCs?  Try using the "net ping" command to test for connectivity.  Is there a LIF with the CIFS protocol enabled for the SVM?

 

Andrew

If this post resolved your issue, please help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

angelshark
6,665 Views

Hello,

 

Thanks for the answer. I've just tried the net ping for both DCs and it works, both DCs are alive.

 

What else can I try?

 

How can I check if the LIF is active on the CIFS protocol as you suggest checking?

 

Thanks.

eduard
6,630 Views

Hi, 

 

set up the DNS on the filer, then can you try this when promted with ther username and passowrd:

 

CLUSTER::> vserver cifs create -cifs-server NETAPPFS01 -domain oilcorp.corp.local
In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the "OILCORP.CORP.LOCAL" domain.
Enter the user name: administrateur@oilcorp.corp.local
Enter the password:

 

 

 

Public