ONTAP Discussions

CDOT 9.2 cifs missing Domain Users

gravasio
2,783 Views

Hi, 

we are going to migrate our old 7 mode to a new CDOT 9.2 and for the cifs service we are setting up a new AD domain with Samba (4.6.7).

The cifs svm, joins the domain and can see users and groups.

But when i create a share with "Domain Users" full control, no one is able to access.

If I create another domain group and give to this goupt tyhe full control the users are able to use the share.

 

It seems that cifs svm ignores the fact that the user is member of the "Domain Users" group.

In fact:

 

 

 

c21-filer::*> diag secd authentication show-creds -node c21-filer-node2 -vserver cifs-node1-sata -win-name testuser

UNIX UID: pcuser <> Windows User: MODIANOAD\testuser (Windows Domain User)

GID: pcuser
Supplementary GIDs:
pcuser

Windows Membership:
MODIANOAD\test_share (Windows Domain group)
MODIANOAD\noc (Windows Domain group)
User is also a member of Everyone, Authenticated Users, and Network Users

Privileges (0x2000):
SeChangeNotifyPrivilege

If I remove the user from "Domain Users" and assign him another primary group, this group disappears from "Windows Membership" section.

 

Anyone has similar problems?

Thanks

Giuseppe

 

2 REPLIES 2

suportnetapp
2,563 Views

Hi,

 

Have you solved? I have the same issue with ontap 9.1

 

With ontap 8.1.4  7 mode was working without issues

 

Thanks

gravasio
2,537 Views

wrote:

Hi,

 

Have you solved? I have the same issue with ontap 9.1

 

With ontap 8.1.4  7 mode was working without issues

 

Thanks


Hi, 

we didn't solve the issue, but I'm pretty sure that it's a samba bug!

 

Giuseppe

Public