Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1347897.1
Update Date:2012-06-28
Keywords:

Solution Type  Problem Resolution Sure

Solution  1347897.1 :   Sun Storage 7000 Unified Storage System: Active Directory Users with IDMU identities unable to list or access SMB shares  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
Symptoms
Cause
Solution
References


Created from <SR 3-3740498461>

Applies to:

Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Symptoms

To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances

When attempting to access the appliance via SMB (from a Windows client in this case), the user is denied access, unable to view any shares.
This issue will occur when IDMU (Identity Mapping for UNIX) is enabled on the Windows Server, and will only affect those Windows users for whom a UID has been specified in the Domain Users applet.
These messages may be seen in the system log:

Jun  1 19:01:08 7310 smbd[18136]: [ID 160719 auth.alert] adt_set_user: Invalid argument
Jun  1 19:02:53 7310 smbd[18136]: [ID 160719 auth.alert] adt_set_user: Invalid argument
Jun  1 19:11:13 7310 smbd[18136]: [ID 160719 auth.alert] adt_set_user: Invalid argument

However, they may only be in the debug log, /var/ak/logs/debug<.X>, which is only accessible at the shell or in the support bundle.

Cause

The configuration of the UIDs in IDMU creates a requirement that the name be resolved by a UNIX name resolution service.
In this case, there was no name resolution service configured. However, the same problem could occur if the name service was not functioning.

Solution

Almost always, one of the primary purposes of installing IDMU is to replace UNIX naming servers. Therefore the solution is to configure the appliance to use it for this purpose.
The two supported name services on the appliance are NIS and LDAP, The configuration for NIS ,which is considerably easier, will be covered in this document. It is possible to use LDAP, but that is beyond the scope of this document.

Confirm that Services for NIS is configured on the customer Domain Controller. This is normally installed with IDMU, and is available from the same Microsoft source.
See: Microsoft Article: Installing Identity Management for Unix
Note that it's the customer's responsibility to install and configure the Microsoft side of this, including IDMU and services for NIS. The customer may need to be referred to Microsoft Support if they need in-depth assistance with this piece.
Once this has been confirmed, determine the NIS domain name. In Windows Server 2008, this can be found in the Server Manager MMC application, under Roles/Active Directory Domain Services/Microsoft Identity Management for UNIX/Server for NIS.

Example:



Note that Microsoft NIS domain names are frequently not fully qualified, and therefore may not match the Active Directory or DNS Domain names. In the above example, the NIS Domain name is "naslab2k8".

Once the NIS Domain name is known, use that information and the Domain Controller IP address to configure NIS services on the appliance:

  • Navigate in the BUI to
    Configuration - Services - NIS
  • Configure the NIS domain name
  • Select the "use listed servers" radio button
  • Add the Domain Controller IP address.
  • Accept the prompt to enable or restart the NIS service.
  • Navigate to Configuration/Services/Identity Mapping
  • Click the "Flush" button

With a functioning name service, users with UIDs should now be able to connect to the appliance.

 

Back to <Document 1428753.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues.

References

MS - INSTALLING NIS SERVER: HTTP://TECHNET.MICROSOFT.COM/EN-US/LIBRARY/CC737796%28WS.10%29.ASPX
<NOTE:1428753.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback