I cant map the share and even I get a access denied error. But when am accessing the VNX shares, it does fine. So there is no firewall issue. It cant be a subnet issue as well.
I followed the knowledge base from Peter and tested this on a fresh ISILON OneFS 7.0 virtual node. But all I get is a Access Denied message when I try to map the drive.
Did anyone try a simple SMB share creation on a brand new ISILON ?
Hi Taz, I noticed that you have two zones, system and another user-defined zone. But, you have no authentication source other than 'local' on your user-defined zone. Additionally, your system zone (which has local & file but nothing external) has no SMB shares defined. I suspect your user authentication - guest or otherwise - is accessing the system zone and therefore cannot see any shares.
When I use virtual Isilon in my home lab I join it to an instance of AD. No problems whatsoever with either defined users or guest access.
Peter's advice is sound - look at the log for lsassd. I suspect your access is being sent to the system zone which is set for no visibility to any shares.
Peter_Sero
4 Operator
•
1.2K Posts
0
April 1st, 2014 02:00
Thanks Rob, of course access zones are not mentioned in the KB article ("6.5, or later").
Here is the catch, tested in 7.1 virtual nodes, no AD:
In the user-defined access zone, use "lsa-local-provider:System"
for the LOCAL provider. Looks a bit weird, but works (for me).
One would expect enabling Guest (like in the KB article)
within the user-defined access zone should do it, but no luck with that so far.
Cheers
-- Peter
dynamox
9 Legend
•
20.4K Posts
0
March 29th, 2014 05:00
you can't even map the share or you get access denied ?
taz_at_emc
54 Posts
0
March 29th, 2014 06:00
Hi Dynamox,
I thought you will reply me and you did !!
I cant map the share and even I get a access denied error. But when am accessing the VNX shares, it does fine. So there is no firewall issue. It cant be a subnet issue as well.
Any thoughts ?
Taz~
dynamox
9 Legend
•
20.4K Posts
0
March 29th, 2014 06:00
so from the screenshot i saw that you set share permissions to Everyone, how about permissions on the actual directory (oraprod001)
taz_at_emc
54 Posts
0
March 30th, 2014 01:00
No luck. Tried setting the directory permissions to all but still unable to access the share.
Peter_Sero
4 Operator
•
1.2K Posts
0
March 30th, 2014 05:00
Taz:
you said "access with no credentials", are you using "guest" access?
How to set up guest user access for SMB shares in OneFS 6.5 and later:
https://emc--c.na5.visual.force.com/apex/KB_HowTo?id=kA0700000004JrQ
Basically, two things: Enable the (LOCAL:)guest account, and set "always impersonate guest" in
the share's advanced SMB settings. The KB was written for 6.5 but you will find the
stuff in the 7.1 WebGUI, too.
The effective user will be "nobody"; the article also explains
all other possible combinations for activating and impersonating Guest.
If still out of luck, please check /var/log/lsassd.log for more detailed login error messages.
Cheers
-- Peter
taz_at_emc
54 Posts
0
March 30th, 2014 22:00
Thanks Peter.
Now as I have this KB, I will try to investigate where is the miss in my procedure. Besides, I installed OneFS 7.0 and testing this.
Thanks a ton!
Taz~
taz_at_emc
54 Posts
0
March 31st, 2014 05:00
I followed the knowledge base from Peter and tested this on a fresh ISILON OneFS 7.0 virtual node. But all I get is a Access Denied message when I try to map the drive.
Did anyone try a simple SMB share creation on a brand new ISILON ?
Regards
Taz~
peglarr
99 Posts
1
March 31st, 2014 06:00
Hi Taz, I noticed that you have two zones, system and another user-defined zone. But, you have no authentication source other than 'local' on your user-defined zone. Additionally, your system zone (which has local & file but nothing external) has no SMB shares defined. I suspect your user authentication - guest or otherwise - is accessing the system zone and therefore cannot see any shares.
When I use virtual Isilon in my home lab I join it to an instance of AD. No problems whatsoever with either defined users or guest access.
Peter's advice is sound - look at the log for lsassd. I suspect your access is being sent to the system zone which is set for no visibility to any shares.
Peter_Sero
4 Operator
•
1.2K Posts
0
March 31st, 2014 06:00
Can you send the relevant lines from /var/log/lsassd.log ?
P.
taz_at_emc
54 Posts
0
April 1st, 2014 10:00
Amazing - This worked like a charm. I created a test zone and used "lsa-local-provider:System"
for the LOCAL provider. The minute I did that - it started working !
Tested this on OneFS 7.0 and now have to test this on my production isilon OneFS 7.1
Appreciate your valuable suggestions gentlemen.
Regards
Taz~