Isilon

Question

Community, This test cluster is giving me fits and trying to figure out why I cant seem to access this SMB share I created?  Could it be the directory permissions that stopping me? Directory Permissions: [MYCLUSTER]-2# ls -lzed ifs drwxrwx--x    7 root  wheel  136 Oct  3  2015 ifs OWNER: user:root GROUP: group:wheel SYNTHETIC ACL 0: user:root allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child 1: group:wheel allow dir_gen_read,dir_gen_write,dir_gen_execute,delete_child 2: everyone allow dir_gen_execute,dir_read_attr Share Permissions: [MYCLUSTER]-2# isi smb share view test$                                      Share Name: test$                                            Path: /ifs                                     Description:                      Client-side Caching Policy: manual Automatically expand user names or domain names: False Automatically create home directories for users: False                                       Browsable: True Permissions: Account                   Account Type  Run as Root  Permission Type  Permission -------------------------------------------------------------------------------------------------------------------- [DOMAINNAME]\Me user                False            allow                   full -------------------------------------------------------------------------------------------------------------------- Total: 1           Access Based Enumeration: No Access Based Enumeration Root Only: No              Allow Delete Readonly: No               Allow Execute Always: No                      Change Notify: norecurse                 Create Permissions: default acl              Directory Create Mask: 0775              Directory Create Mode: 0000                   File Create Mask: 0764                   File Create Mode: 0100                     Hide Dot Files: No                           Host ACL: -                  Impersonate Guest: never                   Impersonate User:                  Mangle Byte Start: 0XED00                         Mangle Map: 0x01-0x1F:-1, 0x22:-1, 0x2A:-1, 0x3A:-1, 0x3C:-1, 0x3E:-1, 0x3F:-1, 0x5C:-1                   Ntfs ACL Support: Yes                            Oplocks: Yes                       Strict Flush: Yes                     Strict Locking: No Everytime I try to access this from my windows workstation I get 'Windows cannot access [Server]' Thank you,

crklosterman · Answer

I mean at first glance of course naming it with a dollar sign $ will administratively hide it. But I'm guessing you know that. Are you trying to access it via \\smartconnectzonename.domain.xyz\test$ and it's not working? Then odds are pretty good that it's an NTFS permissions issue. That said your path is /ifs, and NEVER put NTFS ACLs on /ifs, you'll probably break the cluster. Are you just trying to allow yourself as an administrator to browse the tree? Then give just your admin account run-as-root rights to the share. Be extremely careful with how you use this because as the name implies it gives you effectively root access over SMB. While useful for administrative purposes or for data migrations, it can be a real mess if you ever put that on a user-facing share.

The other possible issue is an SPN issue.

'isi auth ads spn check --domain=domain.xyz"

will show you if you have any SPNs missing.

Hope it helps,

Chris Klosterman

Principal SE, Datadobi

chris.klosterman@datadobi.com

chjatwork · Answer

Yes, I am intensionally hiding the share. I am trying to access it via \\[SERVER.DOMAIN.xyz]\test$ and its not working. I have no plans to add NFTS permissions to /ifs and was hoping I wouldn't have to. Yes, per the instructions for the Isilon Search tool, I need to give it permissions to access the share for /ifs. Isilon Search don't require a run-as-root right to perform this task of scanning the entire filesystem.

I will verify the SPN isn't an issue and reply to this tomorrow morning.

Thank you,

chjatwork · Answer

Ok this is what I got:      SERVER-2# isi auth ads spn check --domain=DOMAIN.DOMAIN.xyz Missing Service Principal Names:     nfs/SERVER3     nfs/SERVER.DOMAIN.xyz     nfs/SERVER-nfs.DOMAIN.xyz     nfs/SERVER-mgmt.DOMAIN.xyz Additional Service Principal Names:     HOST/SERVER1     HOST/SERVER1.DOMAIN.xyz SERVER-2# isi auth ads spn list --domain=DOMAIN.DOMAIN.xyz SPNs registered for SERVER3$:         HOST/SERVER-mgmt.DOMAIN.org         HOST/SERVER-nfs.DOMAIN.org         HOST/SERVER-mgmt         HOST/SERVER-nfs         HOST/SERVER.DOMAIN.org         HOST/SERVER         HOST/SERVER1         HOST/SERVER1.DOMAIN.org         HOST/SERVER3         HOST/SERVER3.DOMAIN.DOMAIN.xyz

Was this post helpful?