Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I've have problems writing to the etc$ folder, with 'Access is denied' and 'You need permissions to perform this action'
- I have created a local account which is a member of the array's Administrator group
- The adminstrator group has full control on the etc$ share
- I've tried opening explorer on the Windows 2008 host as administrator and then connecting to etc$
- I've tried opening explorer on the Windows 2008 host with my personl account which is a local admin on the server and then connecting to etc$
- I've tried the above and then mapped a share using my array admin account
- I've tried the above on a different server
- On 1 out of 4 controllers I've had success by adding my domain account to the array's Administrator accounts, however as I said this only works on 1 out of 4
- On the array where I have maned to read/write to etc$ the create_ucode=off, on the 'broken' arrays create_ucode=on - could this be the issue?
- Below are the attributes of the broken array's vol0
> qtree status
Volume Tree Style Oplocks Status
-------- -------- ----- -------- ---------
vol0 unix enabled normal
>vol options vol0
root, diskroot, nosnap=off, nosnapdir=off, minra=off,
no_atime_update=off, nvfail=off, ignore_inconsistent=off,
snapmirrored=off, create_ucode=on, convert_ucode=off, maxdirsize=45875,
schedsnapname=ordinal, fs_size_fixed=off, guarantee=volume,
svo_enable=off, svo_checksum=off, svo_allow_rman=off,
svo_reject_errors=off, no_i2p=off, fractional_reserve=100, extent=off,
try_first=volume_grow, read_realloc=off, snapshot_clone_dependency=off,
dlog_hole_reserve=off, nbu_archival_snap=off
> cifs shares
Name Mount Point Description
---- ----------- -----------
HOME /vol/vol0/home Default Share
everyone / Full Control
C$ / Remote Administration
BUILTIN\Administrators / Full Control
etc$ /vol/vol0/etc
everyone / Full Control
BUILTIN\Administrators / Full Control
>exportfs
/vol/vol0 -sec=sys,rw=xxxxxx01:xxxxxx02,anon=0,nosuid
Thanks
Solved! See The Solution
1 ACCEPTED SOLUTION
tyrone_owen_1 has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the quick reply
3 out of 4 arrays sorted
The combination of wafl.nt_admin_priv_map_to_root on and given my AD account admin permissions worked, but only on 3 of the 4 controllers
The security style is also set to UNIX on all of the vol0 - good thought
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First, if you are more a windows guy than a *nix guy, I tend to have vol0 set to ntfs, therefore it will understand user permissions easier.
Also, check your builtin\administrators mapping to root.
This is our default setting for our 7-mode systems
options wafl.nt_admin_priv_map_to_root on
tyrone_owen_1 has accepted the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the quick reply
3 out of 4 arrays sorted
The combination of wafl.nt_admin_priv_map_to_root on and given my AD account admin permissions worked, but only on 3 of the 4 controllers
The security style is also set to UNIX on all of the vol0 - good thought
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, so let's see what's wrong with the last array...
Give us some more detail.
If the setting maps admin to root is set on the controller, just double check your account is there
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, my user account is there
> useradmin domainuser list -g Administrators
List of SIDS in Administrators
S-1-5-xxxxxxxxxxxxxx
> cifs lookup S-1-5-xxxxxxxxxxxxxx
name = xxx\xxxxxty [that's me]
> cifs shares etc$
Name Mount Point Description
---- ----------- -----------
etc$ /vol/vol0/etc
everyone / Full Control
BUILTIN\Administrators / Full Control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the broken share I'm able to write to the home share and then ndmpcopy files into the etc folder. I can subsequently edit and delete those files - strange
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We had this issue recently and I'd performed all the checks listed above. Eventually we used sectrace to help identify the cause and it turned out to be FPOLICY.
The fix was to add the disk firmware extensions (.FVF and .LOD) to the list of permitted extensions and all was well.