Hi,
i upgraded a 2240 from 7mode to cdot, with 8.3.2p11 i made a complete init and after a minimal config i upgraded to 9.1p3. Here i have a strange issue with CIFS.
At the SystemManager i created a new CIFS SVM, on the first screen i entered all infos, the second screen with the AD join i skipped and on the third screen i enterd a password for the vsadmin and then i completed the wizard.
On the shell i entered:
vserver cifs create -vserver cifs-test -cifs-server cifs-test -workgroup test
So i created a minimal CIFS configuration. Now i entered this command to see the rights of the local Administrator user:
diag secd authentication show-creds -node san-cl01-02 -vserver cifs-test -win-name administrator
UNIX UID: pcuser <> Windows User: CIFS-TEST\Administrator (Windows Local User)
GID: pcuser
Supplementary GIDs:
pcuser
Windows Membership:
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2000):
SeChangeNotifyPrivilege
My problems:
- Why is the mapping to "pcuser", not "root"?
- Why isn't there listed the "BUILTIN\Administrators" group at Windows membership?
On a other 2240 with 9.1p3 i got with a new SVM with a workgroup this result:
diag secd authentication show-creds -node na-cl01-01 -vserver test-cifs -win-name administrator
UNIX UID: root <> Windows User: TEST-CIFS\Administrator (Windows Local User)
GID: daemon
Supplementary GIDs:
daemon
Windows Membership:
BUILTIN\Administrators (Windows Alias)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2237):
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeSecurityPrivilege
SeChangeNotifyPrivilege
This happens on every CIFS SVM i create. Even when i add a different SVM to the AD, the local groups don't work.
This is the local Administrators group:

My user, the Administrator of the CIFS SVM and the Domain Administrators are member.
Enter i the command again, i got this result:
diag secd authentication show-creds -node san-cl01-02 -vserver svm-cifs1 -win-name xx\basys_raudonis
UNIX UID: pcuser <> Windows User: XX\basys_raudonis (Windows Domain User)
GID: pcuser
Supplementary GIDs:
pcuser
Windows Membership:
XX\User-Standard (Windows Domain group)
XX\Domänen-Benutzer (Windows Domain group)
XX\Domänen-Admins (Windows Domain group)
XX\User-WorkerOffice (Windows Domain group)
XX\Abgelehnte RODC-Kennwortreplikationsgruppe (Windows Alias)
Vom Dienst bestätigte ID (Windows Well known group)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2000):
SeChangeNotifyPrivilege
So i got all AD Groups, but no local Groups. But there must be "BUILTIN\Users" and "BUILTIN\Administrators".
The main problem with this is, i can't access directory's that only grant access to the local Administrators group.
What goes wrong here? Have i missed something?
Kind regards
Stefan