NAS group file and password file

What do the CIFS permissions look like?  Even with UNIX mode, CIFS access is checked against the ACL (there are tables in the server_mount man page and the multiprotocol manual showing what permissions are checked, in which cases)

You'll have to have made changes on the FS at some point for the CIFS permissions to be something other than Everyone->Full Control, but make sure you double-check that.

Also, make sure you verify that your mappings are set up and working properly.  Do server_cifssupport -cred against your user and make sure you see correct UID and GIDs assigned for the user and the groups it is a member of.  If not, then something is wrong in the configuration somewhere.

Hi,

could you please use http://celerra.emc.com ?

thanks

Rainer

because its a complex topic and not that easy to diagnose from just "... cannot access ..." without saying what the setup is, security modes, CIFS server config ....

its not a matter of confidential or not - its a matter of efficiency

some things can be faster solved in a couple of EMails or a phone call than a forum ping-pong

also once it gets into more advanced debugging its difficult to post log files here (technically as well as them potentially containing customer names / IP / config /...)

Rainer

why not have this discussion here ? it's beneficial to customers, we are not sharing any confidential data.

ironically you are asking him to post to internal forum

ok,

then please discribe your setup and exact problem.

anything different from a standard install like changed params ?

CIFS server created ?

CIFS service running ?

standalone or domain-joined CIFS server ?

usermapper disabled ?

security mode for the data mover ?

are the mappings effective (see secmap through server_cifssupport) ?

did you either set cifs.resolver or use username.domain in the passwd file ?

Rainer

anything different from a standard install like changed params ?

parmeters changed

acl.mappingErroraction - 3

acl.unixcheckacl  - 0

comment_filtered  1

resolver - 1

acl.failonsdrestore - 0

CIFS server created ?

Yes CIFS server created on a VDM and the service is runnning and it is joined to the domain.

usermapper disabled ?

Yes Usermapper is disabled

are the mappings effective (see secmap through server_cifssupport) ?

The user mapping seems to be the issue here - if the windows users are not mapped properly, the CIFS access will be denied. Are you getting the "Extended Error Occured" message while trying to access the CIFS share?

I suspect, the user names mentioned in the local password file does not match with the AD user name and thus the mapping is not working - please check the AD user name and the local password file entries.

Also - the password file should not contain any password for each user - since you uploaded the file from an UNIX machine - the password entries may still be there, which is not needed for the Data mover User Mapping. However, this should not cause the problem.

NFS access is not an issue as it does not check the local passwd or group files - and user mapping also does not come into play.

The critical part is the CIFS access on a multi-protocol access. On top of that you have accesspolicy set as UNIX - which means the CIFS access will also check the UNIX permission on each file/folder - is it really needed to use UNIX accesspolicy? You need to assess the customer environment and requirement carefully and then choose the accesspolicy.

My 2 cents

Sandip

alwaysonline wrote: CIFS server created ? Yes CIFS server created on a VDM and the service is runnning and it is joined to the domain. are the mappings effective (see secmap through server_cifssupport) ? No Mapping is available for DM

well, since your are using a CIFS sever on a VDM - the VDM has its own rootfs and secmap - so you need to use server_cifssupport

Rainer

yes I used for the VDM only.

It gave me error 0: vdm_1 : invalid error code [0 mapping is available for .]

not trying to be a pill, just want to learn .  I realize it's a complicated matter but as you ask somebody for basic pre-requisites , we can learn how to approach this issue so when it does get to the point where we have to engage support ..we don't start with very very basic stuff and save support folks time.

No Sandip,

It is not giving an extended error.

It is giving an error

windows cannot find \\ \

Check the spelling and try again.

also check for the correct syntax in the passwd file - the data mover is quite picky there

on another thread someone mentioned that it needs to have only CR on the end of the line an wont work with Windows style CR-LF

you might need to use dos2unix to convert it

Rainer

when you try a connect - are there any errors in the data mover log (server_log) ?

another option would be to temp. enable usermapper to see if CIFS itself is ok

Rainer

should read ".. if we cannot make a mapping for that Windows user ..."

Sent from my mobile

Rainer

Am 09.06.2010 um 21:17 Rainer wrote

I think you might have got some of the concepts wrong

In normal NT security mode we always use Windows auth (AD passwords or from local user accounts not int passwd file)

the passwd file is only used for user mapping

the fact that its now working with usermapper enabled show that your passwd file isnt correc to get a mapping

since we really need a mapping when you connect to CIFS server we will refuse the connect if we make a mapping through any of the configured sources

if you truly need multi-protol with explicit mapping you should disable usermapper again, clear the secmap and fix your mapping

Rainer