CDOT 9.2 cifs missing Domain Users

gravasio · ‎2017-10-19

Hi,

we are going to migrate our old 7 mode to a new CDOT 9.2 and for the cifs service we are setting up a new AD domain with Samba (4.6.7).

The cifs svm, joins the domain and can see users and groups.

But when i create a share with "Domain Users" full control, no one is able to access.

If I create another domain group and give to this goupt tyhe full control the users are able to use the share.

It seems that cifs svm ignores the fact that the user is member of the "Domain Users" group.

In fact:

c21-filer::*> diag secd authentication show-creds -node c21-filer-node2 -vserver cifs-node1-sata -win-name testuser

 UNIX UID: pcuser <> Windows User: MODIANOAD\testuser (Windows Domain User)

 GID: pcuser
 Supplementary GIDs: 
 pcuser

 Windows Membership:
 MODIANOAD\test_share (Windows Domain group)
 MODIANOAD\noc (Windows Domain group)
 User is also a member of Everyone, Authenticated Users, and Network Users

 Privileges (0x2000):
 SeChangeNotifyPrivilege

If I remove the user from "Domain Users" and assign him another primary group, this group disappears from "Windows Membership" section.

Anyone has similar problems?

Thanks

Giuseppe

suportnetapp · ‎2018-02-12

Hi,

Have you solved? I have the same issue with ontap 9.1

With ontap 8.1.4 7 mode was working without issues

Thanks

gravasio · ‎2018-02-12

wrote:

Hi,

Have you solved? I have the same issue with ontap 9.1

With ontap 8.1.4 7 mode was working without issues

Thanks

Hi,

we didn't solve the issue, but I'm pretty sure that it's a samba bug!

Giuseppe