Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-75-1007150.1
Update Date:2016-10-03
Keywords:
Solution Type  Troubleshooting Sure

Solution  1007150.1 :   Sun StorageTek[TM] 5000 Series NAS: Troubleshooting Issues with File Sharing Between CIFS and NFS clients (Credential Mapping)  

Related Items 
    

  • Sun Storage 5310 NAS Gateway System
    •  
  • Sun Storage 5220 NAS Appliance
    •  
  • Sun Storage 5210 NAS Appliance
    •  
  • Sun Storage 5310 NAS Appliance
    •  
  • Sun Storage 5320 NAS Appliance
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: SE5xxx NAS
    •  
  • _Old GCS Categories>Sun Microsystems>Storage - Disk>Network Attached Storage
    •  

PreviouslyPublishedAs
209853 


Applies to:  

Sun Storage 5310 NAS Gateway System - Version All Versions and later
Sun Storage 5220 NAS Appliance - Version All Versions and later
Sun Storage 5310 NAS Appliance - Version All Versions and later
Sun Storage 5320 NAS Appliance - Version All Versions and later
Sun Storage 5210 NAS Appliance - Version All Versions and later
All Platforms



Purpose


This document defines a step-by-step procedure for configuring, and troubleshooting problems with, CIFS to NFS user credential mapping.


Credential mapping allows files to be shared between CIFS and NFS clients using existing user and group identities


Troubleshooting Steps


Symptoms: 


    

  • UNIX users cannot access Windows data
    • 

  • Windows users cannot access Windows data
    • 

  • User (or group) mapping is not working
    • 

  • UNIX root user cannot change security on Windows-created files
    • 




Steps to Follow



Please validate that each troubleshooting step below is true for your environment. The steps will provide instructions or a link to a document, for validating the step and taking corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Please do not skip a step.


    

  1.  Document: 1017673.1  Verify that mapping policies are understood and correctly configured. There are several ways to map CIFS (Windows) users and groups to NFS users and groups, and they all require some preparation.
    2. 

  2.  Document: 1008486.1  If desired, create all user and group credential maps in advance. If creating user and group mappings on the fly is insufficient or not working for a particular environment, a utility is provided to pull users and groups from a domain controller to create StorageTek[TM] 5000 Series compatible map files that can be edited with the desired NFS mappings and copied to the NAS.
    3. 

  3.  Document: 1013072.1 Determine whether Windows primary groups are in use and come up with a group mapping plan. Frequently, Windows environments do not make use of the primary group setting. The linked document explains how to deal with the various possibilities.
    4. 

  4.  Document: 1017576.1  Ensure that the affected user is not logged in with an administrative account. Credential mapping of the UNIX root user and members of the CIFS "Domain Admins" group are handled as special cases.
    5. 

  5.  Document: 1013073.1  Understand how UIDs/GIDs are handled in workgroup mode. Credential mapping does not apply to NAS servers configured in Workgroup (non-Domain) mode, as no credentials are used. However, CIFS users are assigned UID/GID, so it is still possible to share files between platforms.
    6. 

  6.  Document: 1011360.1  If necessary, change the configuration to allow UNIX users to modify security on CIFS(Windows)-created files. By default, UNIX users cannot change ownership or security on files created or last modified by domain-mode CIFS clients.
    7. 

  7.  Document: 1011364.1 Troubleshoot individual file and directory access issues with cals utility. This command line utility shows CIFS permissions, NFS permissions and extended attributes for files and directories. For issues with CIFS access to NFS-created objects, it may be useful in some cases to Document: 1005474.1  view the CIFS access token to determine the NFS and CIFS credentials of the user attempting to access the object.
    8. 

  8.  Document: 1005474.1  Collect the NAS extractor and diagnostic to prepare for a support case or escalation. The diagnostic collection should be done as soon as possible after the attempt to join the domain.
    9. 

  9.  Document: 1004130.1  Collect a network trace. Follow the instructions to set up a trace, set the filter to capture only traffic between the client attempting access, the NAS and Domain Controller(s). Start the trace, repeat the attempt to access the object, then stop the trace.
    10. 

  10. At this point, if you not been able to resolve the issue with the troubleshooting steps above, further troubleshooting is required. Contact Sun Support and be prepared to provide the data collected in the above steps.
    11. 





Product
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5320
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Sun StorageTek 5220
Sun StorageTek 5210 NAS Appliance


 




Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains.

NAS, normalized, CIFS, NFS, mapping, credential mapping
Previously Published As
90530

Change History
Date: 2010-03-21
User Name: 79977
Action: Currency check
Comment: Verified with Will Harper, still current
Date: 2007-10-03
User Name: 31620
Action: Approved
Comment: Verified Metadata - ok
Verified Keywords - ok (normalized)
Checked status of dependent articles:
90648 - published
90647- published
90738 - published
90649 - published
90644 - published
90701 - published
90700 - published
90737 - published
Verified still correct for audience - currently set to contract
Checked review date - currently set to 2008-09-13
Checked for TM - added appropriate for STK product


Checked for currency - 01-OCT-2014


Checked for Currency - 03-OCT-2016




 


References
<NOTE:1017673.1> - Sun StorageTek[TM] 5000 Series NAS: Configuring and Verifying CIFS/NFS User and Group Credential Mapping Rules
<NOTE:1008486.1> - Sun StorageTek[TM] 5000 Series NAS: Offline Creation of CIFS/NFS (Windows/UNIX) User Credential Maps for an Entire Windows Domain
<NOTE:1013072.1> - Sun StorageTek[TM] 5000 Series NAS: Limitations of CIFS/NFS Group Credential Mapping
<NOTE:1017576.1> - Sun StorageTek[TM] 5000 Series NAS: Credential Mapping for Windows and UNIX(R) Administrative Accounts
<NOTE:1013073.1> - Sun StorageTek[TM] 5000 Series NAS: How to configure CIFS Security in Workgroup Mode
<NOTE:1011360.1> - Sun StorageTek[TM] 5000 Series NAS: UNIX root user cannot change ownership or permissions on Windows created files
<NOTE:1011364.1> - Sun StorageTek[TM] 5000 Series NAS: Using the cacls CLI Command to Troubleshoot File and Directory Security
<NOTE:1005474.1> - Sun StorageTek[TM] 5000 Series NAS: How to Collect data for troubleshooting
<NOTE:1004130.1> - Sun StorageTek[TM] 5000 Series NAS: How to configure for network packet capture



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback