Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1464691.1
Update Date:2017-02-06
Keywords:
Solution Type  Problem Resolution Sure

Solution  1464691.1 :   Sun Storage 7000 Unified Storage System: Changing a share quota generates "Unknown user"-error.  

Related Items 
    

  • Sun ZFS Storage 7420
    •  
  • Oracle ZFS Storage ZS5-2
    •  
  • Sun Storage 7110 Unified Storage System
    •  
  • Oracle ZFS Storage ZS3-2
    •  
  • Oracle ZFS Storage ZS4-4
    •  
  • Sun Storage 7210 Unified Storage System
    •  
  • Sun Storage 7410 Unified Storage System
    •  
  • Oracle ZFS Storage ZS5-4
    •  
  • Sun Storage 7310 Unified Storage System
    •  
  • Sun ZFS Storage 7120
    •  
  • Oracle ZFS Storage ZS3-4
    •  
  • Oracle ZFS Storage Appliance Racked System ZS4-4
    •  
  • Sun ZFS Storage 7320
    •  
  • Oracle ZFS Storage ZS3-BA
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: 7xxx NAS
    •  




Changing quota on a share with root-ACL's set may give an "Unknown user" in the Browser UI, or 
"error: invalid property value "undefined" for "com.sun.ak:acl": Unknown or invalid user" in CLI.

In this Document
Symptoms
Cause
Solution

Created from <SR 3-5496486261>

Applies to:

Sun Storage 7310 Unified Storage System - Version All Versions and later
Sun Storage 7410 Unified Storage System - Version All Versions and later
Sun ZFS Storage 7420 - Version All Versions and later
Sun ZFS Storage 7120 - Version All Versions and later
Sun ZFS Storage 7320 - Version All Versions and later
7000 Appliance OS (Fishworks)

Symptoms

When trying to change the share quota the browser UI gets the error "Unknown user", and CLI will get the error "error: invalid property value "undefined" for "com.sun.ak:acl": Unknown or invalid user"

Cause

The appliance could not properly map the UID for the one named user in the root ACL so it could not be removed from the BUI.

Commonly the ACL will contain an entry set from one of the clients for a client local user, and not an AD/NIS/LDAP user.
 
 

Solution

To find out the ACL entry causing this you will need to check each named user entry in the root ACL of the share in the idmap cache.

The root ACL can be found under Shares -> <affected share> -> Access in the browser UI.

Looking at the idmap-cache the named user that could not properly be mapped had a SID that was very much shorter than a proper SID.

The SID's for the users in the ACL can bee looked up under Configuration -> Services -> Identity Mapping -> Mappings, where you can lookup each individual user to see if the mapped SID looks strange.

For reference an example of a normal SID is: S-1-5-21-3265591825-2404522831-4215850146-46613

If the SID is considerably shorter than the example, it is most likely causing this issue as it is normally a local user in one of the attached clients, thus it cannot be mapped properly by the appliance.

Currently the only way to properly remove the invalid ACE is by deleting it from a client system, for windows systems this can take a little while as the ACL will be removed for all directory and file entries in the share.

Once the ACE is removed, changing the quota is again possible.
 


Attachments 
This solution has no attachment
  Copyright © 2018 Oracle, Inc.  All rights reserved.
 Feedback