ONTAP Discussions

snapdrive, windows 2008 X64, pass through authentication

ianaforbes

I have a filer which is not part of a Active Directory domain. It's running 7.2.5.1. There is no CIFS license installed on the filer (and none forthcoming). Snapdrive 6.0.1 is installed on a Windows 2008X64 server. I'm attempting to configure pass-through authentication as described in the docs.

I've created a local snapdrive user and add it to the Windows local administrators group. I've created a local user on the filer called snapdrive and added it to the BUILTIN\Administrators group on the filer. The passwords I've created for the Windows snapdrive user is identical to the filer snapdrive user.

I've installed snapdrive as the local snapdrive user. Everything looks fine when I open up the Snapdrive MMC. When I attempt to create a disk via snapdrive I get the following error:

SnapDrive Error

Access is denied

I've configured pass through authentication successfully in the past on Windows 2000/2003. Not sure if this is a Windows 2008 problem. Firewall has been completely turned off the Windows server.

Any suggestions?

30 REPLIES 30

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

So, I decided to join the filer to AD to see if the pass through authentication was the problem. This way I could follow the regular method of using a domain account to install snapdrive. After installing snapdrive with the filer part of the domain I'm still getting the same error - Access denied, when I try and create a disk via snapdrive.

I checked the syslog and found the following:

Sun Mar  8 12:17:05 EDT useradmin.unauthorized.user: User 'eone\snapdrive' denied access - missing required capability: 'login-http-admin'
Sun Mar  8 12:17:05 EDT [Ripley: HTTPPool04:warning]: HTTP Authentication from 10.10.0.53 to realm Administration failed

eone\snapdrive is the snapdrive service account. It's been added to the filer's BUILTIN\Administrators group and the Windows server's local administrators group. As additional information - The Windows server is running Exchange 2007 if that is useful information.

Hoping someone can help resolve.

Re: snapdrive, windows 2008 X64, pass through authentication

sourav

Hi Ian,

Which transport protocol are you using?


Regards,

Sourav.

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Hi Sourav

I was using the default RPC transport. Do you have to specifically configure RPC transport from within the snapdrive mmc properties, or is that default during setup? If I changed it to HTTP does that mean that snapdrive is making calls to the filer via http and would that make a difference as to me getting what seems to be a permissions issue? At this point I'm wondering if it's some sort of DCOM issue. All firewalls are turned off.

The odd thing is that I've got this working on a lab setup (Windows 2008 X64, snapdrive 6.0.2, ONTAP simulator)

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Any takers?? I'm stuck on this and could really use some advice . There must be someone who has configured snapdrive pass through authentication successfully before. I'm thinking it's a Windows 2008 issue - possibly a bug, but dunno for sure.

Any help would be most appreciated.

Thanks

Re: snapdrive, windows 2008 X64, pass through authentication

arqureshi

Have you tried to reset the password on the snapdrive account on the filer. Just finished a customer install 6 Windows 2008 servers configured the same way. Had the same error pop up on the fist server and I used the passwd command to rest password on the user account ( I believe I fat fingered it the first time)





Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Hi Asif

I'll try and reset the password on the filer and see what happens. Does anything else about what I explained seem incorrect?

Thanks

Re: snapdrive, windows 2008 X64, pass through authentication

lamarca

Ian,

I assume you looked at the installation guide: http://now.netapp.com/NOW/knowledge/docs/snapdrive/relsnap602/pdfs/admin.pdf and also made sure the SnapDrive account on the controller (local Administation group) and server (run as a service and local admin rights to server) have the correct rights (check pg. 44 of the guide).

Also in the guide you can look to use the http or https protocols as well (new in Snap Drive 6.0).

But from your previous e-mails it looks like you have it right, you might just want to check the groups the accounts are in against the Admin guide.

Ray LaMarca

Technical Partner Manager

 

Raymond.Lamarca@netapp.com

http://www.netapp.com

W: 847-430-6547

C:847-529-8931

 

Got questions? Get answers in the Partner Network.

http://communities.netapp.com/community/netapp_partners_network

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Hi Asif

I just reset the snapdrive account on the filer and still get the same access denied on the Snapdrive console when I try and create a disk. Could you please step through your steps that you did to get this to work? I'd really appreciate it.

Thanks

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Hi Raymond

Thanks for the reply. Yes, I think I've read that guide many time now . The snapdrive account I created on the Windows host is a local account that I added to the local administrators group on the windows host.

The snapdrive account I created on the filer is the same name (snapdrive) as the windows host account. I used the following command to create it:

useradmin user add snapdrive -g Administrators

I have chosen to use RPC transport. Something I noticed:

Considerations

You might need to use pass-through authentication for one of the following reasons:

You do not have a domain controller available.

You want to install your Windows host as a stand-alone server in a workgroup environment without

any dependency on another system for authentication, even if there is a domain controller available.



Your Windows host and the storage system are in two different domains.

Your Windows host is in a domain and you want to keep the storage system in a workgroup with

Now, my windows host is in a domain. The filer doesn't have CIFS so I've never run CIFS setup. Is the filer automatically in a workgroup if I don't run CIFS setup? Would pass through authentication still be vaild for my situation?

Lastly, would I have to log into the Windows host as the local snapdrive service account I created in order to install snapdrive, or would logging into the windows host with a domain account and later specifying the local snapdrive account during install be sufficient?





Re: snapdrive, windows 2008 X64, pass through authentication

arqureshi

Hi Ian,

Here are the steps I completed

On Windows server

Disabled the windows firewall service

Enabled the ssdp and upnp servive

added web server role and IIS

created a domain account called "snapdrive" and add it to the local admins group

ran snapdrive setup and add the snapdrive account during the setup

On storage controller

ran cifs setup and joined to workgroup

created a local account called snapdrive and added it to the administrators group (your syntax is correct)

set the password for snapdrive same as the domain\snapdrive account

I'll confirm to make sure that we did end up using that domain account and post my reply tomorrow.

if you issue useradmin user list command, do you see the user account

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

I'm officially defeated. I've tried EVERYTHING to get what's supposed to be a simple process to work and keep getting access denied when trying to create a disk via snapdrive. I've tried all different transports and the same thing. I've no idea what could be the problem at this point. Incredibly disappointing to say the least. Even the Windows event logs just say access denied...very informative.

Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Hi Asif

You created a domain account? I thought the docs stated to create a local snapdrive account:



On each Windows host that needs access to the storage system, create a local user account with

administrative rights on the host, using the same user name and password that you speci

fied in Step

1 and Step 2.



Tip:

Set up the local user account so that the password for the account never expires.

I'll try a domain user account instead and see if that makes a difference.

I don't have a CIFS license at all. Therefore, is the filer automatically in a workgroup or does the filer NEED a CIFS license in order to be part of a workgroup? The bigger question would be, does pass through authentication work without a CIFS license on the filer AND therefore never having run CIFS setup?

Where in 2008 do you enable ssdp and upnp?

Thanks





Re: snapdrive, windows 2008 X64, pass through authentication

ianaforbes

Asif

You are a genious my friend! Netapp needs to change their documentation on pass through authentication immediatly. It specifically states to create a local user acount on the Windows host and add it to the local administrators group on the host. That is 100% incorrect.

What worked was when I created a domain account and added that domain account to the local administrators group. I then changed the snapdrive service to log on with this domain account and voila...no more access denied.

It'd be great if Netapp refreshed their documenation once in awhile, especially when dealing with a new OS. What might have worked in Windows 2000/2003 doesn't necessarily mean it'll work with 2008.

Thanks again Asif and Raymond for the help.

Cheers

Re: snapdrive, windows 2008 X64, pass through authentication

arqureshi

Hey Ian,

I'm glad it is working for you. You are welcome

Re: snapdrive, windows 2008 X64, pass through authentication

jjakowski

Hi Ian -

Would you mind detailing your entire setup?  We are running into the same issue, although it's on a SQL cluster, not on Exchange.

Thanks

Justin

2021 NetApp Partner Experience Survey
PES Banner
All Community Forums
Public