9 Replies Latest reply: May 19, 2013 9:34 AM by dave-linder RSS

Need help troubleshooting access to c-mode cifs share

doug.clendening Sprinter
Currently Being Moderated

This is my first attempt at creating CIFS shares in c-mode.  I followed the Cheat Sheet document (DOC-16964) for the basics, but I get error "Windows can not access \\<ip>\wdc_test$.

 

I don't know if this is relevant or not, but our DNS Domain and AD Domain don't have the same name.

 

Thanks in advance.

 

wdc

 

Below is configuration info:

 

chvpk-cmode-flab::> vserver show -vserver lab_dcr_cifs

 

                                    Vserver: lab_dcr_cifs

                               Vserver Type: cluster

                               Vserver UUID: 4347abc8-a394-11e2-aa7a-123478563412

                                Root Volume: root_cifs

                                  Aggregate: lab_c06_01

                        Name Service Switch: ldap, file

                        Name Mapping Switch: file

                                 NIS Domain: -

                 Root Volume Security Style: ntfs

                                LDAP Client: -

                                   Language: en_US

                            Snapshot Policy: default

                                    Comment:

                Anti-Virus On-Access Policy: default

                               Quota Policy: default

                List of Aggregates Assigned: -

Limit on Maximum Number of Volumes allowed: unlimited

                        Vserver Admin State: running

                          Allowed Protocols: nfs, cifs, fcp, iscsi

                       Disallowed Protocols: -

                      Is Repository Vserver: false

 

chvpk-cmode-flab::> vserver cifs show -vserver lab_dcr_cifs

 

                                          Vserver: lab_dcr_cifs

                         CIFS Server NetBIOS Name: CHVPKV3170-06

                    NetBIOS Domain/Workgroup Name: CT

                      Fully Qualified Domain Name: CT.CHEVRONTEXACO.NET

Default Site Used by LIFs Without Site Membership:

                             Authentication Style: domain

 

chvpk-cmode-flab::> vserver cifs share show -vserver lab_dcr_cifs

Vserver        Share         Path              Properties Comment  ACL

-------------- ------------- ----------------- ---------- -------- -----------

lab_dcr_cifs   admin$        /                 browsable  -        -

lab_dcr_cifs   ipc$          /                 browsable  -        -

lab_dcr_cifs   wdc_test$     /wdc_test         oplocks    -        Everyone / Full Control

                                               browsable

                                               showsnapshot

                                               changenotify

 

 

chvpk-cmode-flab::> vol show wdc_test

  (volume show)

Vserver   Volume       Aggregate    State      Type       Size  Available Used%

--------- ------------ ------------ ---------- ---- ---------- ---------- -----

lab_dcr_cifs

          wdc_test     lab_c06_01   online     RW          1GB    972.7MB    5%

  • Re: Need help troubleshooting access to c-mode cifs share
    parisi NetApp Employee Cyclist
    Currently Being Moderated

    I'd suggest opening a case up.

     

    Troubleshooting this will require cluster logs and packet traces. The errors Windows generally returns aren't very descriptive. Since you're using an IP instead of a hostname, DNS shouldn't factor in here. However, keep in mind you can add additional DNS domains to the vserver.

     

    I'd recommend checking the export policy rules for that export policy to ensure you're not restricting access to CIFS at all, as well as the allowed protocols on your data LIF.

    • Re: Need help troubleshooting access to c-mode cifs share
      doug.clendening Sprinter
      Currently Being Moderated

      The export policy is wide open.

       

      chvpk-cmode-flab::> vserver export-policy rule show -vserver lab_dcr_cifs -policyname cifs -fields rorule,rwrule,protocol

       

      vserver      policyname ruleindex protocol rorule rwrule

      ------------ ---------- --------- -------- ------ ------

      lab_dcr_cifs cifs       1         cifs     any    any

      • Re: Need help troubleshooting access to c-mode cifs share
        parisi NetApp Employee Cyclist
        Currently Being Moderated

        Let's see the following:

         

        ::> vserver export-policy rule show -vserver lab_dcr_cifs -policyname cifs -instance

        ::> vserver export-policy rule show -vserver lab_dcr_cifs -policyname default -instance

        ::> net int show -role data -vserver lab_dcr_cifs -instance

        ::> cifs options show -vserver lab_dcr_cifs -instance

        ::> unix-user show -vserver lab_dcr_cifs

        ::> vol show -vserver lab_dcr_cifs -fields policy,junction-path,unix-permissions,security-style,user,group

    • Re: Need help troubleshooting access to c-mode cifs share
      doug.clendening Sprinter
      Currently Being Moderated

      chvpk-cmode-flab::> vserver export-policy rule show -vserver lab_dcr_cifs -policyname cifs -instance

       

                                          Vserver: lab_dcr_cifs

                                      Policy Name: cifs

                                       Rule Index: 1

                                  Access Protocol: cifs

                                Client Match Spec: 0.0.0.0/0

                                   RO Access Rule: any

                                   RW Access Rule: any

      User ID To Which Anonymous Users Are Mapped: 65534

                       Superuser Security Flavors: never

                     Honor SetUID Bits In SETATTR: true

                        Allow Creation of Devices: true

       

      chvpk-cmode-flab::> vserver export-policy rule show -vserver lab_dcr_cifs -policyname default -instance

      There are no entries matching your query.

       

      chvpk-cmode-flab::> net int show -role data -vserver lab_dcr_cifs -instance

        (network interface show)

       

                          Vserver Name: lab_dcr_cifs

                Logical Interface Name: dcr_cifs

                                  Role: data

                         Data Protocol: cifs

                             Home Node: chvpkv3170-06

                             Home Port: e0a

                          Current Node: chvpkv3170-06

                          Current Port: e0a

                    Operational Status: up

                       Extended Status: -

                               Is Home: true

                       Network Address: 146.27.206.42

                               Netmask: 255.255.255.0

                       IPv4 Link Local: -

                   Bits in the Netmask: 24

                    Routing Group Name: d146.27.206.0/24

                 Administrative Status: up

                       Failover Policy: nextavail

                       Firewall Policy: data

                           Auto Revert: false

                    Use Failover Group: enabled

         Fully Qualified DNS Zone Name: none

                   Failover Group Name: failover_cluster_mgmt

                              FCP WWPN: -

                               Comment:

       

      chvpk-cmode-flab::> cifs options show -vserver lab_dcr_cifs -instance

       

                                             Vserver: lab_dcr_cifs

                                   Default UNIX User: -

                      Read Grants Exec for Mode Bits: disabled

      Windows Internet Name Service (WINS) Addresses: -

       

      chvpk-cmode-flab::> unix-user show -vserver lab_dcr_cifs

        (vserver services unix-user show)

      There are no entries matching your query.

       

      chvpk-cmode-flab::> vol show -vserver lab_dcr_cifs -fields policy,junction-path,unix-permissions,security-style,user,group

        (volume show)

      vserver      volume                        policy user group security-style unix-permissions junction-path

      ------------ ----------------------------- ------ ---- ----- -------------- ---------------- ------------------------------

      lab_dcr_cifs chvpk_fs04_data_bdo_kernriver cifs   -    -     ntfs           ------------     /chvpk_fs04_data_bdo_kernriver

      lab_dcr_cifs root_cifs                     cifs   -    -     ntfs           ------------     /

      lab_dcr_cifs wdc_test                      cifs   -    -     ntfs           ------------     /wdc_test

      3 entries were displayed.

  • Re: Need help troubleshooting access to c-mode cifs share
    dave-linder Novice
    Currently Being Moderated

    So I also ran into this and it took me a while to resolve.  When you run vserver setup from the CLI for a CIFS vServer, all works well.  When doing the same from System Manager (haven't tried 3.0 yet) it doesn't work.  Yes, you can manually create accounts to fix this.  However, try running through all of that for a customer demo... (too many steps to be cool).  Try this:

     

    1) Create a CIFS vServer through System Manager as usual.

         a.  Choose the default for LDAP and Local Users (Default)

              **This will auto create all the default accounts for your (not name mappings required).

    2) run the following command at the CLI once the CIFS vserver is up and running:

         a.  vserver modify  -vserver <name> -ns-switch file

              **The default switch is set to ldap so the default local users (root and daemon stuff for unix) are not referenced.

     

    This is faster and much easier than manually creating users.  :-)

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points