Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1454356.1
Update Date:2012-08-29
Keywords:

Solution Type  Problem Resolution Sure

Solution  1454356.1 :   Pillar Axiom: Unable To Map CIFS Share in Active Directory Domain from WINS Client  


Related Items
  • Pillar Axiom 300 Storage System
  •  
  • Pillar Axiom 600 Storage System
  •  
  • Pillar Axiom 500 Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>Pillar Axiom>SN-DK: Ax600
  •  


A change in Axiom Release 4.3, 04.03.xx, may prevent CIFS Clients that use NTLM authentication from accessing shares in an Active Directory Domain where the AD Domain Name is not the same as the NETBIOS Domain Name

This issue affects all 4.3 and 4.5 releases.

In this Document
Symptoms
Cause
Solution
References


Created from <SR 3-5449535101>

Applies to:

Pillar Axiom 500 Storage System - Version Not Applicable to Not Applicable [Release N/A]
Pillar Axiom 600 Storage System - Version Not Applicable to Not Applicable [Release N/A]
Pillar Axiom 300 Storage System - Version Not Applicable to Not Applicable [Release N/A]
Information in this document applies to any platform.

Symptoms

After an upgrade of an Axiom to Release 4.3 or 4.5, any client using NTLM authentication may fail to map CIFS shares, indicating that there are no NETLOGON Servers available.  

Cause

A change was made in Axiom Release 4.3 to cache NETBIOS Names during Join Domain when the NETBIOS Name differs from the first field of the Fully Qualified Active Directory Domain Name.

As the Axiom File Server joins the Active Directory Domain, it queries the Domain Controller for the NETBIOS Name, and opens a connection to the privileged Name Pipe PIPE\NETLOGON for handling mount requests from clients that use NTLM authentication. 


If either the Preferred Server list or an account other than "anonymous" is configured for the "File Server Access to Domain Controllers", the File Server fails to make this query during the Join Domain, and will attempt to open the NETLOGON pipe to the Active Directory domain name, which will fail. 


As a result, clients using NTLM type authentication will be unable to map shares.    This includes most Samba Clients, as well as any client that attempts to map a share using the IP address of the file server rather than the Fully Qualified Server Name.    e.g. \\169.254.1.2  

Solution

Workaround

This issue can be avoided by leaving the list of Preferred Servers unpopulated and selecting the "Access Anonymous" option for joining the domain on the CIFS "File Server Access to Domain Controllers" option.
Then, the affected file server must re-join the domain to obtain the NETBIOS Name


The Join Domain is performed using the pull down Action Menu with a credential authorized to join member servers, not "anonymous"   


Resolution:  Apply the release or patch containing the fix for Bug 13862827 when available. 

References

<BUG:13862827> - UPGRADE TO 04.05.08 FROM 04.02.13 SAMBA CLIENTS NT_STATUS_PIPE_NOT_AVAILABLE
<BUG:13862827> - UPGRADE TO 04.05.08 FROM 04.02.13 SAMBA CLIENTS NT_STATUS_PIPE_NOT_AVAILABLE

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback