8 Krypton

Question on CIFS Usermapper configuration

All:

I am having a strange issue on one of my NSX systems running DART 5.5.38.1. I have been pointed to a document that talks about a setting in the usermapper configuration file called "_history_sid_range_ I guess that this is supposed to be for SID history entries but all of the documentation I can find on this is rather old (see primus emc54198). Does anyone know if this is outdated or if there is an equivalent in modern DART / Usermapper environments? I have two NSX systems with identical configuration and I get the error on one, and not on the other. The problem is related to a robocopy job that copies security attributes and the issue is that the owner can not be set on one of the systems while it can on the other. I have already compared usermapper databases and the systems where the issue occurs has entries for both the current domain and an old domain, while the working NAS only has the current. All CIFS and Usrmapper params are identical across environments.

0 Kudos
3 Replies
8 Krypton

Re: Question on CIFS Usermapper configuration

Are the two NSX's using the same usermapper DB.  Is one a secondary of the other primary?

BTW....long time no see

Sagle

0 Kudos
8 Krypton

Re: Question on CIFS Usermapper configuration

One is primary and the other secondary, the strange thing is that the job works on the NSX which has the secondary, it fails on the box that is primary.

But of course, you already knew that Sagle!

E

0 Kudos

Re: Question on CIFS Usermapper configuration

Interesting issue.

First off, you're right, the "_history_sid_range_" was used for old migrations.  Shouldn't need to be used any more, and if it is, Internal Usermapper will automatically add it.

I would use the server_cifssupport command on both boxes to ensure the user's resolved ACL is the same.  Use the server_cifssupport "accessright" function to test the user's access against the file or folder in question.  This will use the user's credentials and apply them to the object.  It will then display the resultant access rights for the user on the object.  If they are different, check things like DC usage and synchronization.  If you're still having trouble, please open a Service Request.

-bill

0 Kudos