| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||||||
Solution Type Problem Resolution Sure Solution 2301627.1 : ZFS Appliance Unable to Communicate with AD Domain Controller in Environment Where SMBv1 is Disabled
In this Document
Created from <SR 3-15505644978> Applies to:Oracle ZFS Storage ZS3-2 - Version All Versions to All Versions [Release All Releases]Oracle ZFS Storage Appliance Racked System ZS5-2 - Version All Versions to All Versions [Release All Releases] Integrated Software for ZFS 7xx0 Arrays - Version All Versions to All Versions [Release All Releases] Oracle ZFS Storage ZS4-4 - Version All Versions to All Versions [Release All Releases] Oracle ZFS Storage ZS5-2 - Version All Versions to All Versions [Release All Releases] Information in this document applies to any platform. SymptomsFailure to authenticate SMB users, log messages, or alerts about failure to communicate with domain controller. Especially any such cases where the customer is known to have disabled SMB version 1 for security reasons. ChangesDisabling SMBv1 (SMB version 1) in a customer environment can cause this problem. This is normally done to improve security. CausePortions of the AD component (i.e., the SMB client software) of the current appliance software use SMBv1 to communicate. The settings under Configuration/Services/SMB apply exclusively to the SMB server software, and therefore do not affect this issue. SolutionUpgrade to Appliance Firmware Release OS 8.7.18 (or later).
OS 8.7.12 IDR 2.1 is the current software solution to this issue. It delivers the enhancement described in Bug:25677720. Note that no current software version contains a fix for this issue, and the fix provided in the IDR is inferior to the one that will be delivered in a released version. The released version of the fix is currently scheduled for 8.7.17. However, this is subject to change, should not be communicated externally, and has already changed more than once. You (Oracle Support) will need to add your customer to the bug, confirm (in the bug, not here) that this is still the latest solution, and send it to the customer. The preferred method for sending the IDR to the customer is via SFTP, see this document for details. Once you have access to the IDR, check sftp.oracle.com:/support/outgoing/IDR to see if the file is already posted. DO NOT under any circumstances send this to a customer who is not attached to the bug and approved for the IDR. Note that because this is 8.7.12, the customer will need the ASR fix, and the single pass resilver fix. If anything is out of date in this document, please comment the doc with at least a sev 2 priority. References<NOTE:1429544.1> - Sun Storage 7000 Unified Storage System: How to install an IDR<BUG:25677720> - APPLIANCE MUST BE ABLE TO JOIN AD DOMAIN AND AUTHENTICATE USERS W/O USING SMBV1 Attachments This solution has no attachment |
||||||||||||||||||||||
|
||||||||||||||||||||||