ONTAP Discussions

Problem with AD - group permissions not working unless "cifs setup" is invoked again




I have strange problem with FAS2240 running ONTAP 8.2.4P3 in 7-mode. I've recently added some additional uplinks for file services (was running iSCSI only) and confiured CIFS service with Active Directory. AD itself is pretty ancient: Win2003 servers running AD with Win2000 functional level, with 2-way trust with another domain (same servers and functional level).


And I have pretty strange problem: when I set up new volume and configure user-based permissions, everything works just fine. However when I try to build exactly same permissions using group management, I have "access denied" when trying to access share. Permissions are fine, FAS talks to AD without any issues.


But here's the best part: if i "cifs terminate" and then "cifs setup", configure everything again exatly the same as previously, group permissions automagically start working. If I try adding another group to acces the share - access denied. If I try add another user to already configured group, then sometimes it works, sometimes it doesn't.


Any ideas? I've tried everything permission-related I could find across the web, nothing helps so far. Domain communication works, users and groups are accesible from filer, wcc -x doesn't help.



try fsecurity cmd to check the issue... it might be helpful