ONTAP Discussions

ETC$ Access is denied error

tyrone_owen_1
7,807 Views

Hi

 

I've have problems writing to the etc$ folder, with 'Access is denied' and 'You need permissions to perform this action'

 

  1. I have created a local account which is a member of the array's Administrator group
  2. The adminstrator group has full control on the etc$ share
  3. I've tried opening explorer on the Windows 2008 host as administrator and then connecting to etc$
  4. I've tried opening explorer on the Windows 2008 host with my personl account which is a local admin on the server and then connecting to etc$
  5. I've tried the above and then mapped a share using my array admin account
  6. I've tried the above on a different server
  7. On 1 out of 4 controllers I've had success by adding my domain account to the array's Administrator accounts, however as I said this only works on 1 out of 4
  8. On the array where I have maned to read/write to etc$ the create_ucode=off, on the 'broken' arrays create_ucode=on - could this be the issue?
  9. Below are the attributes of the broken array's vol0

 

> qtree status
Volume   Tree     Style Oplocks  Status
-------- -------- ----- -------- ---------
vol0              unix  enabled  normal

 

>vol options vol0

root, diskroot, nosnap=off, nosnapdir=off, minra=off,
no_atime_update=off, nvfail=off, ignore_inconsistent=off,
snapmirrored=off, create_ucode=on, convert_ucode=off, maxdirsize=45875,
schedsnapname=ordinal, fs_size_fixed=off, guarantee=volume,
svo_enable=off, svo_checksum=off, svo_allow_rman=off,
svo_reject_errors=off, no_i2p=off, fractional_reserve=100, extent=off,
try_first=volume_grow, read_realloc=off, snapshot_clone_dependency=off,
dlog_hole_reserve=off, nbu_archival_snap=off

 

> cifs shares
Name         Mount Point                       Description
----         -----------                       -----------
HOME         /vol/vol0/home                    Default Share
                        everyone / Full Control
C$           /                                 Remote Administration
                        BUILTIN\Administrators / Full Control

etc$         /vol/vol0/etc
                        everyone / Full Control
                        BUILTIN\Administrators / Full Control

 

>exportfs

/vol/vol0       -sec=sys,rw=xxxxxx01:xxxxxx02,anon=0,nosuid

 

Thanks

1 ACCEPTED SOLUTION

tyrone_owen_1
7,781 Views

Thanks for the quick reply

 

3 out of 4 arrays sorted

 

The combination of wafl.nt_admin_priv_map_to_root on and given my AD account admin permissions worked, but only on 3 of the 4 controllers

 

The security style is also set to UNIX on all of the vol0 - good thought

View solution in original post

6 REPLIES 6

JGPSHNTAP
7,796 Views

First, if you are more a windows guy than a *nix guy, I tend to have vol0 set to ntfs, therefore it will understand user permissions easier.

 

Also, check your builtin\administrators mapping to root.

 

This is our default setting for our 7-mode systems

options wafl.nt_admin_priv_map_to_root on

 

 

tyrone_owen_1
7,782 Views

Thanks for the quick reply

 

3 out of 4 arrays sorted

 

The combination of wafl.nt_admin_priv_map_to_root on and given my AD account admin permissions worked, but only on 3 of the 4 controllers

 

The security style is also set to UNIX on all of the vol0 - good thought

JGPSHNTAP
7,777 Views

Ok, so let's see what's wrong with the last array... 

 

Give us some more detail.

 

If the setting maps admin to root is set on the controller, just double check your account is there

 

tyrone_owen_1
7,776 Views

Yes, my user account is there

 

>  useradmin domainuser list -g Administrators
List of SIDS in Administrators
S-1-5-xxxxxxxxxxxxxx


> cifs lookup S-1-5-xxxxxxxxxxxxxx
name = xxx\xxxxxty [that's me]

> cifs shares etc$
Name         Mount Point                       Description
----         -----------                       -----------
etc$         /vol/vol0/etc
                        everyone / Full Control
                        BUILTIN\Administrators / Full Control

tyrone_owen_1
7,769 Views

On the broken share I'm able to write to the home share and then ndmpcopy files into the etc folder. I can subsequently edit and delete those files - strange

nick_cig
5,784 Views

We had this issue recently and I'd performed all the checks listed above. Eventually we used sectrace to help identify the cause and it turned out to be FPOLICY.

The fix was to add the disk firmware extensions (.FVF and .LOD) to the list of permitted extensions and all was well.

Public