ONTAP Discussions

CIFS local group issue with 9.1

sraudonis

Hi,

 

i upgraded a 2240 from 7mode to cdot, with 8.3.2p11 i made a complete init and after a minimal config i upgraded to 9.1p3. Here i have a strange issue with CIFS.

 

At the SystemManager i created a new CIFS SVM, on the first screen i entered all infos, the second screen with the AD join i skipped and on the third screen i enterd a password for the vsadmin and then i completed the wizard.

 

On the shell i entered:

 

vserver cifs create -vserver cifs-test  -cifs-server cifs-test -workgroup test

So i created a minimal CIFS configuration. Now i entered this command to see the rights of the local Administrator user:

 

diag secd authentication show-creds -node san-cl01-02 -vserver cifs-test  -win-name administrator

UNIX UID: pcuser <> Windows User: CIFS-TEST\Administrator (Windows Local User)

GID: pcuser
Supplementary GIDs:
  pcuser

Windows Membership:
User is also a member of Everyone, Authenticated Users, and Network Users

Privileges (0x2000):
  SeChangeNotifyPrivilege

My problems:

 

- Why is the mapping to "pcuser", not "root"?

- Why isn't there listed the "BUILTIN\Administrators" group at Windows membership?

 

 

On a other 2240 with 9.1p3 i got with a new SVM with a workgroup this result:

 

diag secd authentication show-creds -node na-cl01-01 -vserver test-cifs -win-name administrator

UNIX UID: root <> Windows User: TEST-CIFS\Administrator (Windows Local User)

GID: daemon
Supplementary GIDs:
  daemon

Windows Membership:
  BUILTIN\Administrators (Windows Alias)
User is also a member of Everyone, Authenticated Users, and Network Users

Privileges (0x2237):
  SeBackupPrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege
  SeSecurityPrivilege
  SeChangeNotifyPrivilege

This happens on every CIFS SVM i create. Even when i add a different SVM to the AD, the local groups don't work.

 

This is the local Administrators group:

 

group.jpg

 

My user, the Administrator of the CIFS SVM and the Domain Administrators are member.

 

Enter i the command again, i got this result:

 

diag secd authentication show-creds -node san-cl01-02 -vserver svm-cifs1 -win-name xx\basys_raudonis

UNIX UID: pcuser <> Windows User: XX\basys_raudonis (Windows Domain User)

GID: pcuser
Supplementary GIDs:
  pcuser

Windows Membership:
  XX\User-Standard (Windows Domain group)
  XX\Domänen-Benutzer (Windows Domain group)
  XX\Domänen-Admins (Windows Domain group)
  XX\User-WorkerOffice (Windows Domain group)
  XX\Abgelehnte RODC-Kennwortreplikationsgruppe (Windows Alias)
  Vom Dienst bestätigte ID (Windows Well known group)
User is also a member of Everyone, Authenticated Users, and Network Users

Privileges (0x2000):
  SeChangeNotifyPrivilege

So i got all AD Groups, but no local Groups. But there must be "BUILTIN\Users" and "BUILTIN\Administrators".

 

The main problem with this is, i can't access directory's that only grant access to the local Administrators group.

 

What goes wrong here? Have i missed something?

 

Kind regards

 

Stefan

 

1 ACCEPTED SOLUTION

sraudonis

I took a very log telephone call with the support. There i a known issue whan upgrading from 7Mode to ONTAP 9, finaly after we made a configuration reload and a restart of the CIFS SVM all is working fine.

View solution in original post

2 REPLIES 2

sraudonis

I took a very log telephone call with the support. There i a known issue whan upgrading from 7Mode to ONTAP 9, finaly after we made a configuration reload and a restart of the CIFS SVM all is working fine.

View solution in original post

JacobV

Hello , Could you please provide us exactly what was done to fix this issue ?

 

Is this just by rebooting of CIFS services fixed this issue ?

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public