OneFS v7 SID not resolving active directory name

Are you on onefs 7?

Sent from my Android mobile

Andrew Chung

EMC²| Isilon Storage Division

Practice Architect

Mobile: +1 (562) 248-6401

E-Mail: andrew.chung@isilon.com

Twitter | Blog | Web | YouTube

It sounds like something is incorrect in how the cluster is communicating with AD.  I would make certain all nodes are very close to AD time (use # isi_for_array -s 'date' to get node times), then rejoin AD and test results.  If you are still getting the same results, open a case with support.

Yes, OneFS Version: 7.0.1.1

Andrew,

Last week I installed 2 cluster for a customer in the Netherlands, and I saw the same issue. We created 2 access zones for them. In the first access zone we connected to the ADS environment because that was available. The second access zone does not have the ADS connection yet because that ADS is not yet available.

This does sound like the same issue, do you agree?

Jan Hugo Prins

Better.be

Are you using the new Access Zone feature?  The reason I ask is that there is a bug right now where if you have multiple ADs in multiple access zones that do not route to each other, (essentially the ADs are on 2 separate subnets that cannot talk to each other) the system will not resolve the SID to a human readable name because we send the SID to name request to the wrong AD server.

Which access zone did you connect to for the WebUI?  The system access zone or a zone that you created?  If you log into an access zone other than system, this can show up.

Under Cluster Management > Access Management > Access Zones we have System, Admin and the two Active Directory we added.

The two active directories we have added are on different subnets.

If this is a known bug is there a workaround or time frame for a fix?

This is kind of a show stopper for us, as it will share management a nightmare.

Hello dddenson,

If this is a show stopper for you, I urge you to get a support case going. Lets see what they find!

Regards.

I have opened a case.

Thanks

We used the system zone to access to cluster management interface.

The funny thing is that after we created the share, all groups were resolved, and then after some time one by one they were just a bunch of numbers.

Jan Hugo Prins

Same here, having the same issue, have resorted to (as a hopefully very temporary workaround created an interna wiki listing all sid suffixes allowing me to see what the user/group is that i am dealing

have  ticket open with support, still awaiting feedback from them

I put in a SR for this, it's a known bug. Supposedly this is fixed in v7.0.1.4 (currently under test), expected to be released on 3/20/13.

If you have the Active Directory module for PowerShell installed you can run the following command (copy/paste all lines at once and run):

- Drew

v7.0.1.4 fixed the AD/SID issue for our environment.

I am seeing this issue in v7.1.0.2

Just like ddenson,  when i originally enter the share permissions, they show up properly, but if i navigate away from SMB share settings and come back to it. only the SID appears. When I view the share permissions via MMC, only the SID is displayed.

I have the same issue for OneFS 8.x. May I know what is the resolution for this ?

Thanks in advance.