Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-75-1007150.1
Update Date:2010-03-21
Keywords:

Solution Type  Troubleshooting Sure

Solution  1007150.1 :   Sun StorageTek[TM] 5000 Series NAS: Troubleshooting Issues with File Sharing Between CIFS and NFS clients (Credential Mapping)  


Related Items
  • Sun Storage 5210 NAS Appliance
  •  
  • Sun Storage 5220 NAS Appliance
  •  
  • Sun Storage 5310 NAS Appliance
  •  
  • Sun Storage 5320 NAS Gateway/Cluster System
  •  
  • Sun Storage 5320 NAS Appliance
  •  
  • Sun Storage 5310 NAS Gateway System
  •  
Related Categories
  • GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
  •  

PreviouslyPublishedAs
209853


Description
Description

Symptoms:

  • UNIX users cannot access Windows data
  • Windows users cannot access Windows data
  • User (or group) mapping is not working
  • UNIX root user cannot change security on Windows-created files

Purpose/Scope:

This document defines a step-by-step procedure for configuring, and troubleshooting problems with, CIFS to NFS user credential mapping. Credential mapping allows files to be shared between CIFS and NFS clients using existing user and group identities



Steps to Follow
Please validate that each troubleshooting step below is true for your environment. The steps will provide instructions or a link to a document, for validating the step and taking corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Please do not skip a step.
  1.  <Document: 1017673.1> Verify that mapping policies are understood and correctly configured. There are several ways to map CIFS (Windows) users and groups to NFS users and groups, and they all require some preparation.
  2.  <Document: 1008486.1> If desired, create all user and group credential maps in advance. If creating user and group mappings on the fly is insufficient or not working for a particular environment, a utility is provided to pull users and groups from a domain controller to create StorageTek[TM] 5000 Series compatible map files that can be edited with the desired NFS mappings and copied to the NAS.
  3.  <Document: 1013072.1> Determine whether Windows primary groups are in use and come up with a group mapping plan. Frequently, Windows environments do not make use of the primary group setting. The linked document explains how to deal with the various possibilites.
  4.  <Document: 1017576.1> Ensure that the affected user is not logged in with an administrative account. Credential mapping of the UNIX root user and members of the CIFS "Domain Admins" group are handled as special cases.
  5.  <Document: 1013073.1> Understand how UIDs/GIDs are handled in workgroup mode. Credential mapping does not apply to NAS servers configured in Workgroup (non-Domain) mode, as no credentials are used. However, CIFS users are assigned UID/GID, so it is still possible to share files between platforms.
  6.  <Document: 1011360.1> If necessary, change the configuration to allow UNIX users to modify security on CIFS(Windows)-created files. By default, UNIX users cannot change ownership or security on files created or last modified by domain-mode CIFS clients.
  7.  <Document: 1011364.1> Troubleshoot individual file and diirectory access issues with cals utility. This command line utility shows CIFS permissions, NFS permissions and extended attributes for files and directories. For issues with CIFS access to NFS-created objects, it may be useful in some cases to <Document: 1005474.1> view the CIFS access token to determine the NFS and CIFS credentials of the user attempting to access the object.
  8.  <Document: 1005474.1> Collect the NAS extractor and diagnostic to prepare for a support case or escalation. The diagnostic collection should be done as soon as possible after the attempt to join the domain.
  9.  <Document: 1004130.1> Collect a network trace. Follow the instructions to set up a trace, set the filter to capture only traffic between the client attempting access, the NAS and Domain Controller(s). Start the trace, repeat the attempt to access the object, then stop the trace.
  10. At this point, if you not been able to resolve the issue with the troubleshooting steps above, further troubleshooting is required. Contact Sun Support and be prepared to provide the data collected in the above steps.


Product
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5320
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Sun StorageTek 5220
Sun StorageTek 5210 NAS Appliance

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

[email protected]

The Knowledge Work Queue for this article is KNO-STO-NAS.



NAS, normalized, CIFS, NFS, mapping, credential mapping
Previously Published As
90530

Change History
Date: 2010-03-21
User Name: 79977
Action: Currency check
Comment: Verified with Will Harper, still current
Date: 2007-10-03
User Name: 31620
Action: Approved
Comment: Verified Metadata - ok
Verified Keywords - ok (normalized)
Checked status of dependent articles:
90648 - published
90647- published
90738 - published
90649 - published
90644 - published
90701 - currently in my KE queue - will be published today
90700 - published
90737 - published
Verified still correct for audience - currently set to contract
Audience left at contract as per FvF at
http://kmo.central/howto/content/voyager-contributor-standards.html
Checked review date - currently set to 2008-09-13
Checked for TM - added appropriate for STK product
typo in title s/wtih/with


Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback