Accessing vFiler via CIFS on Simulator with LDAP/passwd

MEGSKYWALKER · ‎2015-02-13

Hello,

I've got the problem that I can't access my vFilers on simulators via cifs. Problem occured on 7.3.6 sim and on 8.2.1 sim.

Error Samba:

Server requested LM password but 'client plaintext auth = no' or 'client ntlmv2 auth = yes'

Error Windows:

The account is not authorized to log in from this station.

(I'm not able to enter any credentials)

CIFS options:

cifs.LMCompatibilityLevel    1
cifs.W2K_password_change     off
cifs.W2K_password_change_interval 4w
cifs.W2K_password_change_within 1h
cifs.audit.account_mgmt_events.enable off
cifs.audit.autosave.file.extension
cifs.audit.autosave.file.limit 0
cifs.audit.autosave.onsize.enable off
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable off
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable            off
cifs.audit.file_access_events.enable on
cifs.audit.liveview.allowed_users
cifs.audit.liveview.enable   off
cifs.audit.logon_events.enable on
cifs.audit.logsize           524288
cifs.audit.nfs.enable        off
cifs.audit.nfs.filter.filename
cifs.audit.saveas            /etc/log/adtlog.evt
cifs.bypass_traverse_checking on
cifs.comment
cifs.gpo.enable              off
cifs.gpo.trace.enable        off
cifs.grant_implicit_exe_perms off
cifs.guest_account
cifs.home_dir_namestyle
cifs.idle_timeout            1800
cifs.ipv6.enable             off
cifs.max_mpx                 50
cifs.ms_snapshot_mode        xp
cifs.netbios_aliases
cifs.netbios_over_tcp.enable on
cifs.nfs_root_ignore_acl     off
cifs.oplocks.enable          on
cifs.oplocks.opendelta       0
cifs.per_client_stats.enable off
cifs.perfmon.allowed_users
cifs.perm_check_ro_del_ok    off
cifs.perm_check_use_gid      on
cifs.preserve_unix_security  off
cifs.restrict_anonymous      0
cifs.restrict_anonymous.enable off
cifs.rpcfd_timeout           0
cifs.save_case               on
cifs.scopeid
cifs.search_domains
cifs.show_snapshot           off
cifs.shutdown_msg_level      2
cifs.sidcache.enable         on
cifs.sidcache.lifetime       1440
cifs.signing.enable          off
cifs.smb2.enable             on
cifs.smb2.signing.required   off
cifs.smb2_1.branch_cache.enable off
cifs.snapshot_file_folding.enable off
cifs.symlinks.cycleguard     on
cifs.symlinks.enable         on
cifs.trace_dc_connection     off
cifs.trace_login             off
cifs.universal_nested_groups.enable on
cifs.widelink.ttl            10m

Anything missing?

THX for help,

meg

shatfield · ‎2015-02-14

ipspace list

vfiler status -r

Is the vfiler running?

Can you Ping its ip address?

Is cifs running in the vfiler?

vfiler run <vfiler> cifs restart

Is anything shared?

vfiler run <vfiler> cifs shares

Is it a member of a domain?

vfiler run <vfiler> cifs domaininfo

If so, can it talk to the DC?

vfiler run <vfiler> cifs testdc

were those options from the vfiler?

vfiler run <vfiler> options cifs

MEGSKYWALKER · ‎2015-02-16

ipspace list
vfiler status -r
Not possible within a vfiler.

Is the vfiler running?
Can you Ping its ip address?
Sure, I'm on it. Everything work (ssh, sftp etc.) except cifs.

Is cifs running in the vfiler?
vfiler run <vfiler> cifs restart
test@rz-vm210> cifs restart
CIFS is already running.

Is anything shared?
vfiler run <vfiler> cifs shares
cifs shares
Name Mount Point Description
---- ----------- -----------
ETC$ /vol/test/etc Remote Administration
** priv access only **
HOME /vol/test/home Default Share
everyone / Full Control
C$ / Remote Administration
meg / Full Control

Is it a member of a domain?
vfiler run <vfiler> cifs domaininfo
Nope. LDAP.

If so, can it talk to the DC?
vfiler run <vfiler> cifs testdc
see above.

were those options from the vfiler?
vfiler run <vfiler> options cifs

see first post

shatfield · ‎2015-02-16

does it work if you run cifs in workgroup mode?

Guessing the problem is ldap related.

MEGSKYWALKER · ‎2015-02-17

@shatfield wrote:
does it work if you run cifs in workgroup mode?

Guessing the problem is ldap related.

You guest right. So I have to change the topic.

Why it didn't work with /etc/passwd and/or ldap?