ONTAP Discussions

Problem with AD - group permissions not working unless "cifs setup" is invoked again




I have strange problem with FAS2240 running ONTAP 8.2.4P3 in 7-mode. I've recently added some additional uplinks for file services (was running iSCSI only) and confiured CIFS service with Active Directory. AD itself is pretty ancient: Win2003 servers running AD with Win2000 functional level, with 2-way trust with another domain (same servers and functional level).


And I have pretty strange problem: when I set up new volume and configure user-based permissions, everything works just fine. However when I try to build exactly same permissions using group management, I have "access denied" when trying to access share. Permissions are fine, FAS talks to AD without any issues.


But here's the best part: if i "cifs terminate" and then "cifs setup", configure everything again exatly the same as previously, group permissions automagically start working. If I try adding another group to acces the share - access denied. If I try add another user to already configured group, then sometimes it works, sometimes it doesn't.


Any ideas? I've tried everything permission-related I could find across the web, nothing helps so far. Domain communication works, users and groups are accesible from filer, wcc -x doesn't help.



try fsecurity cmd to check the issue... it might be helpful

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.