Unsolved
This post is more than 5 years old
22 Posts
0
1246
Succesfully join but still got error with server_checkup
I have join my celera to a windows 2003R2. I can create shares , i can use net use to get access on it
but when i execute server_checkup server_2 -test cifs i've got this error
Error 13160939577: server_2 : PingDC failure: The compname 'celera01' could not successfully contact the DC 'ORIONAFP' because of NT errors (INVALID_ID_AUTHORITY) at step LSA lookup mappings. Details of the issue: 'cannot map administrator's account to Unix UID' This issue may prevent user authentication to this domain.
--> Make sure the CIFS server is correctly joined in the Windows domain. Check the server configuration (especially naming services, usermapper) and/or DC policies according to reported error.
what am i doing wrong ?
but when i execute server_checkup server_2 -test cifs i've got this error
Error 13160939577: server_2 : PingDC failure: The compname 'celera01' could not successfully contact the DC 'ORIONAFP' because of NT errors (INVALID_ID_AUTHORITY) at step LSA lookup mappings. Details of the issue: 'cannot map administrator's account to Unix UID' This issue may prevent user authentication to this domain.
--> Make sure the CIFS server is correctly joined in the Windows domain. Check the server configuration (especially naming services, usermapper) and/or DC policies according to reported error.
what am i doing wrong ?
Rainer_EMC
8.6K Posts
0
October 28th, 2009 01:00
serge_sterck
22 Posts
0
October 28th, 2009 12:00
Error 13159432260: server_2 : Although the auto discovery of Usermapper servers is enabled, no server has been found, hence the Usermapper service is currently suspended. The logins of new users, not registered earlier, will be rejected.
--> It seems that the Usermapper server of Celerra is currently down. Make sure this server is up and running, and try again the 'server_checkup' command. Run the 'server_usermapper' command to start the service on the corresponding Data Mover. If the issue persists, make sure the Data Movers are well interconnected with the internal network. Run the 'server_cifs' command to output the result of the usermapper server's auto discovery.
So i suppose it must not just stop the service usermapper but also disabled the auto discovery i take
a look a the cmdref pdf to see how i can do that.
We support currently +- 900 linux machines without any problem and just for 5 shit windows machines
we must support cifs pffff SFU is not a solution because SFU 3.5 is the last and not support in vista and
the future 7
Message was edited by:
sergesterck
Message was edited by:
sergesterck
serge_sterck
22 Posts
0
October 28th, 2009 13:00
ACL : Checking the number of ACLs per file system....................*Pass
Connection: Checking the load of CIFS TCP connections...................... Pass
Credential: Checking the validity of credentials........................... Pass
DC : Checking the connectivity and configuration of Domain Controlle*Pass
i have enable usermapper after this i have disabled it
he has created a lot of entry in the sec cache
server_cifssupport server_2 -secmap -list
server_2 : done
SECMAP USER MAPPING TABLE
UID Origin Date of creation Name SID
1595 ldap Mon Oct 26 07:57:28 2009 FMSB\f595 S-1-5-15-ea8d0ccb-761f786-2acd1bce-707
1686 ldap Mon Oct 26 07:38:44 2009 FMSB\f686 S-1-5-15-ea8d0ccb-761f786-2acd1bce-708
1448 ldap Mon Oct 26 07:27:40 2009 FMSB\f448 S-1-5-15-ea8d0ccb-761f786-2acd1bce-709
1455 etc Mon Oct 26 08:51:50 2009 FMSB\f455 S-1-5-15-ea8d0ccb-761f786-2acd1bce-727
1731 ntxmap Tue Oct 27 15:57:43 2009 FMSB\f731 S-1-5-15-ea8d0ccb-761f786-2acd1bce-6f2
32768 usermapper Wed Oct 28 20:23:13 2009 FMSB\Administrator S-1-5-15-ea8d0ccb-761f786-2acd1bce-1f4
1438 ldap Mon Oct 26 07:32:23 2009 FMSB\f438 S-1-5-15-ea8d0ccb-761f786-2acd1bce-6f5
1857 ldap Mon Oct 26 08:49:43 2009 FMSB\f857 S-1-5-15-ea8d0ccb-761f786-2acd1bce-6f9
1945 ldap Mon Oct 26 07:34:29 2009 FMSB\f945 S-1-5-15-ea8d0ccb-761f786-2acd1bce-6fb
1750 ldap Mon Oct 26 07:23:51 2009 FMSB\f750 S-1-5-15-ea8d0ccb-761f786-2acd1bce-6fc
1713 ldap Mon Oct 26 08:56:05 2009 FMSB\f713 S-1-5-15-ea8d0ccb-761f786-2acd1bce-6fe
SECMAP GROUP MAPPING TABLE
GID Origin Date of creation Name SID
32772 usermapper Wed Oct 28 20:23:13 2009 FMSB\Domain Admins S-1-5-15-ea8d0ccb-761f786-2acd1bce-200
32770 usermapper Wed Oct 28 20:23:13 2009 FMSB\Domain Users S-1-5-15-ea8d0ccb-761f786-2acd1bce-201
32774 usermapper Wed Oct 28 20:23:13 2009 FMSB\Schema Admins S-1-5-15-ea8d0ccb-761f786-2acd1bce-206
32773 usermapper Wed Oct 28 20:23:13 2009 FMSB\Enterprise Admins S-1-5-15-ea8d0ccb-761f786-2acd1bce-207
32771 usermapper Wed Oct 28 20:23:13 2009 FMSB\Group Policy Creator OwnersS-1-5-15-ea8d0ccb-761f786-2acd1bce-208
32781 usermapper Wed Oct 28 20:23:13 2009 FMSB\CISCO_ICM_CONFIG S-1-5-15-ea8d0ccb-761f786-2acd1bce-454
32776 usermapper Wed Oct 28 20:23:13 2009 FMSB\CISCO_ICM_WEBVIEW S-1-5-15-ea8d0ccb-761f786-2acd1bce-455
32788 usermapper Wed Oct 28 20:23:13 2009 FMSB\CISCO_ICM_SETUP S-1-5-15-ea8d0ccb-761f786-2acd1bce-456
32783 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_CONFIG S-1-5-15-ea8d0ccb-761f786-2acd1bce-457
32784 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_WEBVIEW S-1-5-15-ea8d0ccb-761f786-2acd1bce-458
32786 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_SETUP S-1-5-15-ea8d0ccb-761f786-2acd1bce-459
32780 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_FMSB_CONFIG S-1-5-15-ea8d0ccb-761f786-2acd1bce-45a
32779 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_FMSB_WEBVIEW S-1-5-15-ea8d0ccb-761f786-2acd1bce-45b
32782 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_FMSB_SERVICE S-1-5-15-ea8d0ccb-761f786-2acd1bce-45c
32775 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_FMSB_SETUP S-1-5-15-ea8d0ccb-761f786-2acd1bce-45d
32787 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_DEV_CONFIG S-1-5-15-ea8d0ccb-761f786-2acd1bce-68b
32785 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_DEV_WEBVIEW S-1-5-15-ea8d0ccb-761f786-2acd1bce-68c
32777 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_DEV_SERVICE S-1-5-15-ea8d0ccb-761f786-2acd1bce-68d
32778 usermapper Wed Oct 28 20:23:13 2009 FMSB\IPCC_DEV_SETUP S-1-5-15-ea8d0ccb-761f786-2acd1bce-68e
so if i have understand the first time you must import the admin group into the celera trought the usermaper as you see i have a ldap configured.
If i don't want to use the usermapper can i just add to my ldap a administrator account and
and domain users and domain admins group to archive the same.
Rainer_EMC
8.6K Posts
0
October 28th, 2009 14:00
we need a CIFS SID to UID/GID mapping - if there isnt one a CIFS connect will be denied
normally that isnt a problem since usermapper will automatically create one - if you disable usermapper you need create one manually
that isnt a problem as long as you know what you are doing
Rainer_EMC
8.6K Posts
0
October 28th, 2009 14:00
and domain users and domain admins group to archive the same.
sure - I dont see why not
You probably dont need all these entries - it depends on which one you (or some internal Windows service) uses to connect to the Celerra or is used as the Windows owner (remember a Windows file can either have a user or a group as an owner)
Personally I wouldnt bother and just leave it like that. The entries are now in secmap which is always queried first.
Unless the SIDs change or you manually delete the complete secmap or use a different VDM they will stay there forever
doesnt looks as clean as putting them in ntxmap or LDAP but is less work
serge_sterck
22 Posts
0
October 29th, 2009 05:00